Spaces:
Sleeping
Sleeping
Commit ·
3dc5183
1
Parent(s): 0e5cbf1
Enhance authentication requirements for root and agentgraph endpoints
Browse files- Update root endpoint to require authentication, adding comments for clarity.
- Modify agentgraph endpoint documentation to indicate authentication necessity.
- Remove root and agentgraph from excluded paths in authentication middleware to enforce security.
- backend/app.py +4 -2
- backend/middleware/auth.py +8 -2
- backend/routers/agentgraph.py +1 -1
backend/app.py
CHANGED
|
@@ -122,9 +122,11 @@ async def shutdown_event():
|
|
| 122 |
# scheduler_service.stop() # This line is now commented out
|
| 123 |
|
| 124 |
|
| 125 |
-
# Root redirect to React app
|
| 126 |
@app.get("/")
|
| 127 |
-
async def root():
|
|
|
|
|
|
|
| 128 |
return RedirectResponse(url="/agentgraph")
|
| 129 |
|
| 130 |
|
|
|
|
| 122 |
# scheduler_service.stop() # This line is now commented out
|
| 123 |
|
| 124 |
|
| 125 |
+
# Root redirect to React app (requires authentication)
|
| 126 |
@app.get("/")
|
| 127 |
+
async def root(request: Request):
|
| 128 |
+
# This endpoint will be protected by authentication middleware
|
| 129 |
+
# If user reaches here, they are authenticated
|
| 130 |
return RedirectResponse(url="/agentgraph")
|
| 131 |
|
| 132 |
|
backend/middleware/auth.py
CHANGED
|
@@ -29,7 +29,6 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
|
|
| 29 |
|
| 30 |
# Paths that don't require authentication even in HF Spaces
|
| 31 |
self.excluded_paths = excluded_paths or [
|
| 32 |
-
"/",
|
| 33 |
"/docs",
|
| 34 |
"/redoc",
|
| 35 |
"/openapi.json",
|
|
@@ -38,9 +37,11 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
|
|
| 38 |
"/auth/login",
|
| 39 |
"/auth/callback",
|
| 40 |
"/auth/logout",
|
|
|
|
|
|
|
| 41 |
"/assets/",
|
| 42 |
"/static/",
|
| 43 |
-
"/
|
| 44 |
]
|
| 45 |
|
| 46 |
# Check if auth should be enabled
|
|
@@ -61,6 +62,7 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
|
|
| 61 |
"""
|
| 62 |
# If auth is disabled (local dev), bypass all authentication
|
| 63 |
if not self.auth_enabled:
|
|
|
|
| 64 |
return await call_next(request)
|
| 65 |
|
| 66 |
# If auth is enabled but OAuth not properly configured, log warning and continue
|
|
@@ -70,8 +72,12 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
|
|
| 70 |
|
| 71 |
# Check if path is excluded from authentication
|
| 72 |
if self._is_excluded_path(request.url.path):
|
|
|
|
| 73 |
return await call_next(request)
|
| 74 |
|
|
|
|
|
|
|
|
|
|
| 75 |
# Check user authentication
|
| 76 |
user = await self._get_current_user(request)
|
| 77 |
if not user:
|
|
|
|
| 29 |
|
| 30 |
# Paths that don't require authentication even in HF Spaces
|
| 31 |
self.excluded_paths = excluded_paths or [
|
|
|
|
| 32 |
"/docs",
|
| 33 |
"/redoc",
|
| 34 |
"/openapi.json",
|
|
|
|
| 37 |
"/auth/login",
|
| 38 |
"/auth/callback",
|
| 39 |
"/auth/logout",
|
| 40 |
+
"/auth/login-page",
|
| 41 |
+
"/auth/status",
|
| 42 |
"/assets/",
|
| 43 |
"/static/",
|
| 44 |
+
# Note: Removed "/" and "/agentgraph" to force authentication
|
| 45 |
]
|
| 46 |
|
| 47 |
# Check if auth should be enabled
|
|
|
|
| 62 |
"""
|
| 63 |
# If auth is disabled (local dev), bypass all authentication
|
| 64 |
if not self.auth_enabled:
|
| 65 |
+
logger.debug(f"🏠 Auth disabled - allowing {request.url.path}")
|
| 66 |
return await call_next(request)
|
| 67 |
|
| 68 |
# If auth is enabled but OAuth not properly configured, log warning and continue
|
|
|
|
| 72 |
|
| 73 |
# Check if path is excluded from authentication
|
| 74 |
if self._is_excluded_path(request.url.path):
|
| 75 |
+
logger.debug(f"🚪 Excluded path - allowing {request.url.path}")
|
| 76 |
return await call_next(request)
|
| 77 |
|
| 78 |
+
# Log the authentication check
|
| 79 |
+
logger.info(f"🔐 Checking authentication for {request.url.path}")
|
| 80 |
+
|
| 81 |
# Check user authentication
|
| 82 |
user = await self._get_current_user(request)
|
| 83 |
if not user:
|
backend/routers/agentgraph.py
CHANGED
|
@@ -6,7 +6,7 @@ router = APIRouter()
|
|
| 6 |
|
| 7 |
@router.get("/agentgraph", response_class=HTMLResponse)
|
| 8 |
async def agentgraph_interface(request: Request):
|
| 9 |
-
"""Serve the React-based AgentGraph interface"""
|
| 10 |
# Serve the built React app from the new location
|
| 11 |
dist_path = "frontend/dist/index.html"
|
| 12 |
if os.path.exists(dist_path):
|
|
|
|
| 6 |
|
| 7 |
@router.get("/agentgraph", response_class=HTMLResponse)
|
| 8 |
async def agentgraph_interface(request: Request):
|
| 9 |
+
"""Serve the React-based AgentGraph interface (requires authentication)"""
|
| 10 |
# Serve the built React app from the new location
|
| 11 |
dist_path = "frontend/dist/index.html"
|
| 12 |
if os.path.exists(dist_path):
|