Implement forced first-login setup and dropzone UX fixes

#4 Forced First-Login Setup: - Add before_request hook to redirect to /setup if no users exist - Skip redirect for static files and setup routes #5 Dropzone UX Fixes: - Make preview images clickable to replace file - Make entire drop zone clickable - QR zone resets after 2s on error, allowing retry - Clear file input on error so same file can be re-selected 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-05 18:28:28 -05:00
parent b1ddfaa75b
commit 559dcd3dcf
3 changed files with 63 additions and 9 deletions
--- a/frontends/web/app.py
+++ b/frontends/web/app.py
@@ -192,6 +192,24 @@ app.config["HTTPS_ENABLED"] = os.environ.get("STEGASOO_HTTPS_ENABLED", "false").
 # Initialize auth module
 init_auth(app)

+
+@app.before_request
+def require_setup():
+    """Force redirect to setup if no users exist (first-run)."""
+    if not app.config.get("AUTH_ENABLED", True):
+        return None
+
+    # Skip for static files and setup-related routes
+    if request.endpoint in ("static", "setup", "setup_recovery", None):
+        return None
+
+    # If no users exist, redirect to setup
+    if not user_exists():
+        return redirect(url_for("setup"))
+
+    return None
+
+
 # Temporary file storage for sharing (file_id -> {data, timestamp, filename})
 TEMP_FILES: dict[str, dict] = {}
 THUMBNAIL_FILES: dict[str, bytes] = {}