Checkpoint, fixing reset token handling broken in earlier edits.

passkey/fastapi/mainapp.py

@@ -3,9 +3,7 @@ from contextlib import asynccontextmanager
 from pathlib import Path
 
 from fastapi import Cookie, FastAPI, Request, Response
-from fastapi.responses import (
-    FileResponse,
-)
+from fastapi.responses import FileResponse
 from fastapi.staticfiles import StaticFiles
 
 from ..authsession import get_session
@@ -35,24 +33,21 @@ app = FastAPI(lifespan=lifespan)
 # Mount the WebSocket subapp
 app.mount("/auth/ws", ws.app)
 
-# Register API routes
-register_api_routes(app)
-register_reset_routes(app)
-
 
 @app.get("/auth/forward-auth")
 async def forward_authentication(request: Request, auth=Cookie(None)):
     """A validation endpoint to use with Caddy forward_auth or Nginx auth_request."""
-    with contextlib.suppress(ValueError):
-        s = await get_session(auth)
-        # If authenticated, return a success response
-        if s.info and s.info["type"] == "authenticated":
-            return Response(
-                status_code=204,
-                headers={
-                    "x-auth-user-uuid": str(s.user_uuid),
-                },
-            )
+    if auth:
+        with contextlib.suppress(ValueError):
+            s = await get_session(auth)
+            # If authenticated, return a success response
+            if s.info and s.info["type"] == "authenticated":
+                return Response(
+                    status_code=204,
+                    headers={
+                        "x-auth-user-uuid": str(s.user_uuid),
+                    },
+                )
 
     # Serve the index.html of the authentication app if not authenticated
     return FileResponse(
@@ -72,3 +67,8 @@ app.mount(
 async def redirect_to_index():
     """Serve the main authentication app."""
     return FileResponse(STATIC_DIR / "index.html")
+
+
+# Register API routes
+register_api_routes(app)
+register_reset_routes(app)