password added

README.md

@@ -19,6 +19,7 @@ The application requires the following environment variables to be set:
 
 *   `NOTION_COOKIE`: Your Notion `token_v2` cookie value. This is used for authentication with the Notion API. You can typically find this in your browser's developer tools while logged into Notion.
 *   `NOTION_SPACE_ID`: The ID of your Notion workspace. You can usually find this in the URL when browsing your Notion workspace (it's the part after your domain and before the first page ID, often a UUID).
+*   `PROXY_PASSWORD` (Optional): The password required for HTTP Basic Authentication to access the API endpoints. If not set, it defaults to `123456`.
 
 ## Running Locally (without Docker)
 
@@ -31,19 +32,20 @@ The application requires the following environment variables to be set:
     ```dotenv
     NOTION_COOKIE="your_cookie_value_here"
     NOTION_SPACE_ID="your_space_id_here"
+    # PROXY_PASSWORD="your_secure_password" # Optional, defaults to 123456
     ```
 4.  Run the application using Uvicorn:
     ```bash
     uvicorn main:app --reload --port 7860
     ```
-    The server will be available at `http://localhost:7860`.
+    The server will be available at `http://localhost:7860`. You will need to provide the correct password (either the default `123456` or the one set in `.env`) via HTTP Basic Authentication.
 
 ## Running with Docker Compose (Recommended for Local Dev)
 
 This method uses the `docker-compose.yml` file for a streamlined local development setup. It automatically builds the image if needed and loads environment variables directly from your `.env` file.
 
 1.  Ensure you have Docker and Docker Compose installed.
-2.  Make sure your `.env` file exists in the project root with your `NOTION_COOKIE` and `NOTION_SPACE_ID`.
+2.  Make sure your `.env` file exists in the project root with your `NOTION_COOKIE`, `NOTION_SPACE_ID`, and optionally `PROXY_PASSWORD`. If `PROXY_PASSWORD` is not in the `.env` file, the default `123456` will be used.
 3.  Run the following command in the project root:
     ```bash
     docker-compose up --build -d
@@ -71,9 +73,10 @@ This method involves building and running the Docker container manually, passing
     docker run -p 7860:7860 \
       -e NOTION_COOKIE="your_cookie_value" \
       -e NOTION_SPACE_ID="your_space_id" \
+      -e PROXY_PASSWORD="your_secure_password" \ # Set your desired password here
       notion-api-bridge
     ```
-    The server will be available at `http://localhost:7860` (or whichever host port you mapped to the container's 7860).
+    The server will be available at `http://localhost:7860` (or whichever host port you mapped to the container's 7860). You will need to use the password provided in the `-e PROXY_PASSWORD` flag for authentication.
 
 ## Deploying to Hugging Face Spaces
 
@@ -84,13 +87,31 @@ This application is designed to be easily deployed as a Docker Space on Hugging
 3.  **Add Secrets:** In your Space settings, navigate to the "Secrets" section. Add two secrets:
     *   `NOTION_COOKIE`: Paste your Notion `token_v2` cookie value.
     *   `NOTION_SPACE_ID`: Paste your Notion Space ID.
+    *   `PROXY_PASSWORD`: Paste the desired password for API authentication (e.g., a strong, generated password). If you omit this, the default `123456` will be used, which is **not recommended** for public spaces.
     Hugging Face will securely inject these secrets as environment variables into your running container.
 4.  **Deployment:** Hugging Face Spaces will automatically build the Docker image from your `Dockerfile` and run the container. It detects applications running on port 7860 (as specified in the `Dockerfile` and metadata).
-5.  **Accessing the API:** Once the Space is running, you can access the API endpoint at the Space's public URL. For example, if your Space URL is `https://your-username-your-space-name.hf.space`, you can send requests like:
+5.  **Accessing the API:** Once the Space is running, you can access the API endpoint at the Space's public URL, providing the password via HTTP Basic Authentication. The username can be anything (e.g., `user`), but the password must match the `PROXY_PASSWORD` secret you set (or the default `123456`).
+
+    **Example using `curl` (replace `your_password` and URL):**
     ```bash
+    # Example for Hugging Face Space
     curl -X POST https://your-username-your-space-name.hf.space/v1/chat/completions \
+      -u user:your_password \
+      -H "Content-Type: application/json" \
+      -d '{
+            "model": "notion-model", # Specify a Notion model like "openai-gpt-4.1"
+            "messages": [{"role": "user", "content": "Summarize this document."}],
+            "stream": false,
+            "notion_model": "openai-gpt-4.1" # Required field for Notion
+          }'
+
+    # Example for Localhost (using default password 123456)
+    curl -X POST http://localhost:7860/v1/chat/completions \
+      -u user:123456 \
       -H "Content-Type: application/json" \
       -d '{
-            "model": "gpt-3.5-turbo", # Model name is often ignored by bridge, but required by spec
-            "messages": [{"role": "user", "content": "Add a new page titled '\''Meeting Notes'\'' with content '\''Discuss project roadmap'\''"}]
+            "model": "notion-model",
+            "messages": [{"role": "user", "content": "What is the capital of France?"}],
+            "stream": true,
+            "notion_model": "anthropic-sonnet-4" # Required field for Notion
           }'

main.py

@@ -3,9 +3,11 @@ import uuid
 import json
 import time
 import httpx
-from fastapi import FastAPI, Request, HTTPException
+from fastapi import FastAPI, Request, HTTPException, Depends, status
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
 from fastapi.responses import StreamingResponse
 from dotenv import load_dotenv
+import secrets # Added for secure comparison
 from models import (
     ChatMessage, ChatCompletionRequest, NotionTranscriptConfigValue,
     NotionTranscriptItem, NotionDebugOverrides, NotionRequestBody,
@@ -30,6 +32,22 @@ if not NOTION_SPACE_ID:
     # Consider raising an error instead: raise ValueError("NOTION_SPACE_ID not set")
     NOTION_SPACE_ID = str(uuid.uuid4()) # Default or raise error
 
+# --- Authentication ---
+PROXY_PASSWORD = os.getenv("PROXY_PASSWORD", "123456") # Default password
+security = HTTPBasic()
+
+def authenticate(credentials: HTTPBasicCredentials = Depends(security)):
+    """Compares provided password with the proxy password."""
+    correct_password = secrets.compare_digest(credentials.password, PROXY_PASSWORD)
+    if not correct_password:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect password",
+            headers={"WWW-Authenticate": "Basic"},
+        )
+    # Username is ignored as per requirement
+    return True # Indicate successful authentication
+
 # --- FastAPI App ---
 app = FastAPI()
 
@@ -156,7 +174,7 @@ async def stream_notion_response(notion_request_body: NotionRequestBody):
 # --- API Endpoint ---
 
 @app.get("/v1/models", response_model=ModelList)
-async def list_models():
+async def list_models(authenticated: bool = Depends(authenticate)):
     """
     Endpoint to list available Notion models, mimicking OpenAI's /v1/models.
     """
@@ -171,7 +189,7 @@ async def list_models():
     ]
     return ModelList(data=model_list)
 @app.post("/v1/chat/completions")
-async def chat_completions(request_data: ChatCompletionRequest, request: Request):
+async def chat_completions(request_data: ChatCompletionRequest, request: Request, authenticated: bool = Depends(authenticate)):
     """
     Endpoint to mimic OpenAI's chat completions, proxying to Notion.
     """