Spaces:
Building
Building
Commit ·
7583b3e
1
Parent(s): 5c074ff
Fail closed when app password is missing
Browse files- README.md +1 -1
- src/config.py +5 -5
- ui_app.py +10 -0
README.md
CHANGED
|
@@ -10,7 +10,7 @@ For local development, copy `.env.example` to `.env` and fill only the values yo
|
|
| 10 |
Set production secrets in the Hugging Face Space settings, not in committed files.
|
| 11 |
|
| 12 |
- `GROQ_API_KEY`: required for Groq model calls.
|
| 13 |
-
- `APP_PASSWORD`:
|
| 14 |
- `APP_USERNAME`: optional, defaults to `mastermap` when `APP_PASSWORD` is set.
|
| 15 |
- `HF_TOKEN`: Hugging Face Space Secret only; optional, required only for the `Save Manual References` button.
|
| 16 |
|
|
|
|
| 10 |
Set production secrets in the Hugging Face Space settings, not in committed files.
|
| 11 |
|
| 12 |
- `GROQ_API_KEY`: required for Groq model calls.
|
| 13 |
+
- `APP_PASSWORD`: required to password-protect the deployed Space; set it as a Hugging Face Secret.
|
| 14 |
- `APP_USERNAME`: optional, defaults to `mastermap` when `APP_PASSWORD` is set.
|
| 15 |
- `HF_TOKEN`: Hugging Face Space Secret only; optional, required only for the `Save Manual References` button.
|
| 16 |
|
src/config.py
CHANGED
|
@@ -7,11 +7,11 @@ load_dotenv()
|
|
| 7 |
|
| 8 |
# --- ENVIRONMENT VARIABLES to be set up in .env ---
|
| 9 |
GROQ_API_KEY = os.getenv("GROQ_API_KEY")
|
| 10 |
-
RAW_MODELS = os.getenv("GROQ_MODEL"
|
| 11 |
-
APP_USERNAME = os.getenv("APP_USERNAME"
|
| 12 |
-
APP_PASSWORD = os.getenv("APP_PASSWORD"
|
| 13 |
-
SPACE_ID = os.getenv("SPACE_ID"
|
| 14 |
-
HF_TOKEN = os.getenv("HF_TOKEN"
|
| 15 |
|
| 16 |
# Parse models cleanly into a list
|
| 17 |
AVAILABLE_MODELS = [m.strip() for m in RAW_MODELS.split(",") if m.strip()]
|
|
|
|
| 7 |
|
| 8 |
# --- ENVIRONMENT VARIABLES to be set up in .env ---
|
| 9 |
GROQ_API_KEY = os.getenv("GROQ_API_KEY")
|
| 10 |
+
RAW_MODELS = os.getenv("GROQ_MODEL")
|
| 11 |
+
APP_USERNAME = os.getenv("APP_USERNAME")
|
| 12 |
+
APP_PASSWORD = os.getenv("APP_PASSWORD")
|
| 13 |
+
SPACE_ID = os.getenv("SPACE_ID")
|
| 14 |
+
HF_TOKEN = os.getenv("HF_TOKEN")
|
| 15 |
|
| 16 |
# Parse models cleanly into a list
|
| 17 |
AVAILABLE_MODELS = [m.strip() for m in RAW_MODELS.split(",") if m.strip()]
|
ui_app.py
CHANGED
|
@@ -12,6 +12,7 @@ from src.config import (
|
|
| 12 |
AVAILABLE_MODELS,
|
| 13 |
DATA_DIR,
|
| 14 |
DEFAULT_OUTPUT_SHEET_NAME,
|
|
|
|
| 15 |
)
|
| 16 |
from src.process_runner import stop_process, stream_process
|
| 17 |
from src.utils import reference_sync_status, save_manual_references_to_hub
|
|
@@ -54,9 +55,18 @@ def auth_required_response() -> Response:
|
|
| 54 |
)
|
| 55 |
|
| 56 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 57 |
@app.before_request
|
| 58 |
def require_basic_auth():
|
| 59 |
if not APP_PASSWORD:
|
|
|
|
|
|
|
| 60 |
return None
|
| 61 |
|
| 62 |
auth = request.authorization
|
|
|
|
| 12 |
AVAILABLE_MODELS,
|
| 13 |
DATA_DIR,
|
| 14 |
DEFAULT_OUTPUT_SHEET_NAME,
|
| 15 |
+
SPACE_ID,
|
| 16 |
)
|
| 17 |
from src.process_runner import stop_process, stream_process
|
| 18 |
from src.utils import reference_sync_status, save_manual_references_to_hub
|
|
|
|
| 55 |
)
|
| 56 |
|
| 57 |
|
| 58 |
+
def missing_auth_config_response() -> Response:
|
| 59 |
+
return Response(
|
| 60 |
+
"APP_PASSWORD Space Secret is not configured.",
|
| 61 |
+
503,
|
| 62 |
+
)
|
| 63 |
+
|
| 64 |
+
|
| 65 |
@app.before_request
|
| 66 |
def require_basic_auth():
|
| 67 |
if not APP_PASSWORD:
|
| 68 |
+
if SPACE_ID:
|
| 69 |
+
return missing_auth_config_response()
|
| 70 |
return None
|
| 71 |
|
| 72 |
auth = request.authorization
|