Spaces:

holistic-ai
/

AgentGraph

Sleeping

App Files Files Community

wu981526092 commited on Sep 16, 2025

Commit

dbbc4b1

1 Parent(s): d1a53e8

dd

Browse files

Files changed (1) hide show

backend/middleware/auth.py +30 -16

backend/middleware/auth.py CHANGED Viewed

@@ -7,25 +7,25 @@ Local development bypasses authentication entirely.
 import os
 import logging
-from typing import Optional, Dict, Any
 from fastapi import Request, Response, HTTPException
-from starlette.middleware.base import BaseHTTPMiddleware
 from starlette.responses import RedirectResponse, JSONResponse
 from utils.environment import should_enable_auth, get_oauth_config, is_huggingface_space
 logger = logging.getLogger(__name__)
-class ConditionalAuthMiddleware(BaseHTTPMiddleware):
     """
-    Middleware that conditionally enables authentication based on deployment environment.
     - In HF Spaces: Full OAuth authentication required
     - In local development: Authentication bypassed
     """
-    def __init__(self, app, excluded_paths: Optional[list] = None):
-        super().__init__(app)
         # Paths that don't require authentication even in HF Spaces
         self.excluded_paths = excluded_paths or [
@@ -56,24 +56,33 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
         else:
             logger.info("🏠 Authentication middleware DISABLED (Local development)")
-    async def dispatch(self, request: Request, call_next):
         """
-        Process request through conditional authentication.
         """
         # If auth is disabled (local dev), bypass all authentication
         if not self.auth_enabled:
             logger.debug(f"🏠 Auth disabled - allowing {request.url.path}")
-            return await call_next(request)
         # If auth is enabled but OAuth not properly configured, log warning and continue
         if not self.oauth_config:
             logger.warning("OAuth not configured properly, bypassing auth")
-            return await call_next(request)
         # Check if path is excluded from authentication
         if self._is_excluded_path(request.url.path):
             logger.debug(f"🚪 Excluded path - allowing {request.url.path}")
-            return await call_next(request)
         # Log the authentication check
         logger.info(f"🔐 Checking authentication for {request.url.path}")
@@ -88,7 +97,7 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
             # For API calls, return JSON error with login instructions
             if request.url.path.startswith("/api/"):
-                return JSONResponse(
                     status_code=401,
                     content={
                         "error": "Authentication required to access OpenAI-powered features",
@@ -97,13 +106,18 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
                         "reason": "API access requires user authentication for security and usage tracking"
                     }
                 )
-            # For web requests, redirect to login page
-            return RedirectResponse(url="/auth/login-page", status_code=302)
         # Add user info to request state
-        request.state.user = user
-        return await call_next(request)
     def _is_excluded_path(self, path: str) -> bool:
         """Check if the request path should bypass authentication."""

 import os
 import logging
+from typing import Optional, Dict, Any, Callable, Awaitable
 from fastapi import Request, Response, HTTPException
 from starlette.responses import RedirectResponse, JSONResponse
+from starlette.types import ASGIApp, Receive, Scope, Send
 from utils.environment import should_enable_auth, get_oauth_config, is_huggingface_space
 logger = logging.getLogger(__name__)
+class ConditionalAuthMiddleware:
     """
+    ASGI middleware that conditionally enables authentication based on deployment environment.
     - In HF Spaces: Full OAuth authentication required
     - In local development: Authentication bypassed
     """
+    def __init__(self, app: ASGIApp, excluded_paths: Optional[list] = None):
+        self.app = app
         # Paths that don't require authentication even in HF Spaces
         self.excluded_paths = excluded_paths or [
         else:
             logger.info("🏠 Authentication middleware DISABLED (Local development)")
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
         """
+        ASGI callable that processes HTTP requests.
         """
+        if scope["type"] != "http":
+            await self.app(scope, receive, send)
+            return
+        request = Request(scope, receive)
         # If auth is disabled (local dev), bypass all authentication
         if not self.auth_enabled:
             logger.debug(f"🏠 Auth disabled - allowing {request.url.path}")
+            await self.app(scope, receive, send)
+            return
         # If auth is enabled but OAuth not properly configured, log warning and continue
         if not self.oauth_config:
             logger.warning("OAuth not configured properly, bypassing auth")
+            await self.app(scope, receive, send)
+            return
         # Check if path is excluded from authentication
         if self._is_excluded_path(request.url.path):
             logger.debug(f"🚪 Excluded path - allowing {request.url.path}")
+            await self.app(scope, receive, send)
+            return
         # Log the authentication check
         logger.info(f"🔐 Checking authentication for {request.url.path}")
             # For API calls, return JSON error with login instructions
             if request.url.path.startswith("/api/"):
+                response = JSONResponse(
                     status_code=401,
                     content={
                         "error": "Authentication required to access OpenAI-powered features",
                         "reason": "API access requires user authentication for security and usage tracking"
                     }
                 )
+            else:
+                # For web requests, redirect to login page
+                response = RedirectResponse(url="/auth/login-page", status_code=302)
+            await response(scope, receive, send)
+            return
         # Add user info to request state
+        scope["state"] = scope.get("state", {})
+        scope["state"]["user"] = user
+        await self.app(scope, receive, send)
     def _is_excluded_path(self, path: str) -> bool:
         """Check if the request path should bypass authentication."""