Hugging Face's logo

Spaces:
Memverge
/
MemMachine-Playground
Running

App Files Community
Anirudh Esthuri commited on
Commit
ad65183
Β·
1 Parent(s): 4a28790

Implement HF token authentication - prevent unauthorized memory access

Browse files
Files changed (1) hide show
  1. app.py +45 -17
app.py CHANGED
@@ -361,28 +361,56 @@ with st.sidebar:
361
  # Check if we're on Hugging Face Spaces (not local)
362
  is_hf_space = os.getenv("SPACE_ID") is not None or os.getenv("HF_ENDPOINT") is not None
363
 
 
 
 
 
 
 
 
 
 
 
 
 
 
364
  if is_hf_space:
365
- # On HF Spaces - require username input for security
366
- if "hf_username" not in st.session_state:
367
- st.warning("⚠️ Please enter your Hugging Face username to access your personalized memories.")
368
- username_input = st.text_input(
369
- "Enter your Hugging Face username",
370
- key="hf_username_input",
371
- placeholder="your-hf-username"
 
 
 
 
372
  )
373
- if st.button("Set Username", use_container_width=True):
374
- if username_input.strip():
375
- st.session_state.hf_username = username_input.strip()
376
- st.rerun()
 
 
 
 
 
 
 
377
  else:
378
- st.error("Please enter a valid username")
 
379
  st.stop()
380
  else:
381
- # Username is set - lock it
382
- persona_name = st.session_state.hf_username
383
- st.info(f"πŸ‘€ Using account: **{persona_name}**")
384
- if st.button("Change Username", use_container_width=True):
385
- del st.session_state.hf_username
 
 
 
386
  st.rerun()
387
  elif hf_user_id:
388
  # HF user ID detected automatically
 
361
  # Check if we're on Hugging Face Spaces (not local)
362
  is_hf_space = os.getenv("SPACE_ID") is not None or os.getenv("HF_ENDPOINT") is not None
363
 
364
+ def validate_hf_token(token: str) -> tuple[bool, str]:
365
+ """Validate HF token and return (is_valid, username)."""
366
+ try:
367
+ headers = {"Authorization": f"Bearer {token}"}
368
+ resp = requests.get("https://huggingface.co/api/whoami", headers=headers, timeout=5)
369
+ if resp.status_code == 200:
370
+ user_data = resp.json()
371
+ username = user_data.get("name", "")
372
+ return True, username
373
+ return False, ""
374
+ except Exception:
375
+ return False, ""
376
+
377
  if is_hf_space:
378
+ # On HF Spaces - require token authentication for security
379
+ if "hf_authenticated_user" not in st.session_state:
380
+ st.warning("πŸ” **Authentication Required**")
381
+ st.caption("To protect your memories, please authenticate with your Hugging Face account.")
382
+
383
+ token_input = st.text_input(
384
+ "Enter your Hugging Face Access Token",
385
+ key="hf_token_input",
386
+ type="password",
387
+ placeholder="hf_xxxxxxxxxxxxxxxxxxxxx",
388
+ help="Get your token from: https://huggingface.co/settings/tokens"
389
  )
390
+
391
+ if st.button("Authenticate", use_container_width=True, type="primary"):
392
+ if token_input.strip():
393
+ is_valid, username = validate_hf_token(token_input.strip())
394
+ if is_valid and username:
395
+ st.session_state.hf_authenticated_user = username
396
+ st.session_state.hf_token = token_input.strip() # Store for future use
397
+ st.success(f"βœ… Authenticated as **{username}**")
398
+ st.rerun()
399
+ else:
400
+ st.error("❌ Invalid token. Please check your Hugging Face access token.")
401
  else:
402
+ st.error("Please enter your access token")
403
+ st.info("πŸ’‘ **Privacy Note:** Your token is stored only in this session and never shared.")
404
  st.stop()
405
  else:
406
+ # User is authenticated - lock to their username
407
+ persona_name = st.session_state.hf_authenticated_user
408
+ st.success(f"πŸ” Authenticated as: **{persona_name}**")
409
+ st.caption("Your memories are secured to your account only.")
410
+ if st.button("πŸ”“ Sign Out", use_container_width=True):
411
+ del st.session_state.hf_authenticated_user
412
+ if "hf_token" in st.session_state:
413
+ del st.session_state.hf_token
414
  st.rerun()
415
  elif hf_user_id:
416
  # HF user ID detected automatically