feat: add /api/auth/whoami endpoint for frontend auth state

Returns {authenticated: bool, username: string|null} based on X-Authentik-Username header presence. Used by Navi frontend to detect auth state without triggering SSO redirect.
2026-05-20 14:44:54 +02:00 · 2026-04-27 01:26:44 +00:00 · 2026-04-27 01:26:44 +00:00 · 121eb45b44
commit 121eb45b44
parent b5de9c6e39
1 changed files with 18 additions and 0 deletions
--- a/lib/api.py
+++ b/lib/api.py
@ -2704,3 +2704,21 @@ def api_metrics_history():
        return jsonify({'type': metric_type, 'hours': hours, 'points': points})
    except Exception as e:
        return jsonify({'type': metric_type, 'hours': hours, 'points': [], 'error': str(e)})
+
+
+# ── Auth state endpoint ─────────────────────────────────────────────────────
+# Returns current auth state for frontend consumption.
+# This endpoint must be behind Caddy forward_auth to receive X-Authentik-* headers.
+@app.route('/api/auth/whoami')
+def api_auth_whoami():
+    """Return auth state for frontend. Behind forward_auth, so headers are present when authenticated."""
+    username = request.headers.get('X-Authentik-Username')
+    if username:
+        return jsonify({
+            'authenticated': True,
+            'username': username,
+        })
+    return jsonify({
+        'authenticated': False,
+        'username': None,
+    })