Spaces:

holistic-ai
/

AgentGraph

Sleeping

wu981526092 commited on Sep 16, 2025

Commit

188f8a3

1 Parent(s): 97068b2

Add smart authentication redirect system

- Add custom HTTPException handler in app.py
- Distinguish between API and web requests
- Web requests get redirected to /auth/login-page (302)
- API requests get JSON error response (401)
- Check Accept and Content-Type headers for request type detection
- Improve user experience by avoiding JSON errors in browser

Files changed (2) hide show

backend/app.py +27 -2
backend/dependencies.py +30 -8

backend/app.py CHANGED Viewed

@@ -8,11 +8,12 @@ import os
 import secrets
 from pathlib import Path
 import sys
-from fastapi import FastAPI, Request, status, Depends
 from fastapi.staticfiles import StaticFiles
 from fastapi.middleware.cors import CORSMiddleware
 from starlette.middleware.sessions import SessionMiddleware
-from fastapi.responses import RedirectResponse, HTMLResponse
 from backend.middleware.auth import ConditionalAuthMiddleware
 from backend.middleware.usage_tracker import UsageTrackingMiddleware
 from backend.dependencies import require_auth_in_hf_spaces
@@ -71,6 +72,30 @@ app.add_middleware(
 # Add usage tracking middleware (last, to track authenticated requests)
 app.add_middleware(UsageTrackingMiddleware)
 # Mount datasets directory for accessing json files
 app.mount("/data", StaticFiles(directory="datasets"), name="data")

 import secrets
 from pathlib import Path
 import sys
+from fastapi import FastAPI, Request, status, Depends, HTTPException
 from fastapi.staticfiles import StaticFiles
 from fastapi.middleware.cors import CORSMiddleware
 from starlette.middleware.sessions import SessionMiddleware
+from fastapi.responses import RedirectResponse, HTMLResponse, JSONResponse
+from fastapi.exception_handlers import http_exception_handler
 from backend.middleware.auth import ConditionalAuthMiddleware
 from backend.middleware.usage_tracker import UsageTrackingMiddleware
 from backend.dependencies import require_auth_in_hf_spaces
 # Add usage tracking middleware (last, to track authenticated requests)
 app.add_middleware(UsageTrackingMiddleware)
+# Custom exception handler for authentication redirects
+@app.exception_handler(HTTPException)
+async def custom_http_exception_handler(request: Request, exc: HTTPException):
+    """
+    Custom exception handler that redirects web requests to login page
+    when they receive 401 errors with redirect_to field.
+    """
+    # Check if this is a 401 with redirect_to field
+    if exc.status_code == 401 and isinstance(exc.detail, dict) and "redirect_to" in exc.detail:
+        # Check if this is not an API request
+        is_api_request = (
+            request.url.path.startswith("/api/") or
+            request.headers.get("accept", "").startswith("application/json") or
+            request.headers.get("content-type", "").startswith("application/json")
+        )
+        if not is_api_request:
+            # Redirect web requests to login page
+            logger.info(f"🔄 Redirecting unauthenticated user from {request.url.path} to login page")
+            return RedirectResponse(url=exc.detail["redirect_to"], status_code=302)
+    # For all other cases, use default exception handler
+    return await http_exception_handler(request, exc)
 # Mount datasets directory for accessing json files
 app.mount("/data", StaticFiles(directory="datasets"), name="data")

backend/dependencies.py CHANGED Viewed

@@ -167,15 +167,37 @@ def require_auth_in_hf_spaces(request: Request) -> None:
         user = get_current_user_optional(request)
         if not user:
             logger.warning(f"🚫 HF Spaces requires authentication for {request.url.path}")
-            raise HTTPException(
-                status_code=401,
-                detail={
-                    "error": "Authentication required in Hugging Face Spaces",
-                    "message": "Please log in to access this service",
-                    "login_url": "/auth/login-page",
-                    "reason": "This prevents abuse of OpenAI resources"
-                }
             )
 # Convenience aliases for common use cases

         user = get_current_user_optional(request)
         if not user:
             logger.warning(f"🚫 HF Spaces requires authentication for {request.url.path}")
+            # Check if this is an API request or web request
+            is_api_request = (
+                request.url.path.startswith("/api/") or
+                request.headers.get("accept", "").startswith("application/json") or
+                request.headers.get("content-type", "").startswith("application/json")
             )
+            if is_api_request:
+                # For API requests, return JSON error
+                raise HTTPException(
+                    status_code=401,
+                    detail={
+                        "error": "Authentication required in Hugging Face Spaces",
+                        "message": "Please log in to access this service",
+                        "login_url": "/auth/login-page",
+                        "reason": "This prevents abuse of OpenAI resources"
+                    }
+                )
+            else:
+                # For web requests, include redirect info in the error
+                # This will be handled by our custom exception handler
+                raise HTTPException(
+                    status_code=401,
+                    detail={
+                        "error": "Authentication required in Hugging Face Spaces",
+                        "message": "Please log in to access this service",
+                        "redirect_to": "/auth/login-page",
+                        "reason": "This prevents abuse of OpenAI resources"
+                    }
+                )
 # Convenience aliases for common use cases