Update app.py

app.py

@@ -1,4 +1,4 @@
-from fastapi import FastAPI, Request, Response, HTTPException
+from fastapi import FastAPI, Request, Response
 import httpx
 import os
 
@@ -23,13 +23,24 @@ async def is_session_valid(session_token: str) -> bool:
 async def proxy(full_path: str, request: Request):
     url = f"{BACKEND_URL}/{full_path}"
 
-    # Copia headers originais e adiciona Authorization
+    # Recebe o token de sessão no header 'token_session'
+    session_token = request.headers.get("token_session")
+
+    # Rotas públicas não exigem validação
+    public_routes = ["user/login", "user/register", "user/session", "session/create"]
+    if full_path not in public_routes:
+        if not session_token or not await is_session_valid(session_token):
+            return Response(content="Não autorizado", status_code=401)
+
+    # Copia headers originais e sobrescreve Authorization com AUTH_HEADER
     headers = dict(request.headers)
     headers["Authorization"] = AUTH_HEADER
 
     # Remove headers que podem causar conflito
     for h in ["host", "content-length", "accept-encoding", "connection"]:
         headers.pop(h, None)
+    # Remove o token_session do header antes de encaminhar ao backend
+    headers.pop("token_session", None)
 
     body = await request.body()
 
@@ -42,7 +53,6 @@ async def proxy(full_path: str, request: Request):
             params=dict(request.query_params)
         )
 
-    # Retorna resposta do backend
     return Response(
         content=resp.content,
         status_code=resp.status_code,