Spaces:

pbichpur
/

NotebookLMClone

Sleeping

App Files Files Community

github-actions[bot] commited on 18 days ago

Commit

3fe4567

1 Parent(s): dd79664

Sync from GitHub b32aec24fbce3d4b772838e2ed3310b56213b520

Browse files

Files changed (7) hide show

README.md +1 -3
app.py +0 -3
auth/oauth.py +2 -10
auth/session.py +4 -33
frontend/app.py +0 -3
tests/test_auth_mode.py +0 -42
tests/test_hf_oauth_settings.py +0 -14

README.md CHANGED Viewed

@@ -266,7 +266,7 @@ This repo now includes:
 1. Create or switch your Space to **Docker** SDK.
 2. Push this repo to your Space (or use the GitHub Action sync workflow already in `.github/workflows/deploy-hf-space.yml`).
 3. In Space variables/secrets, set at minimum:
-   - `AUTH_MODE=auto` (or explicitly `hf_oauth` / `oauth`)
    - `APP_SESSION_SECRET=<strong-random-secret>`
    - `STORAGE_BASE_DIR=/data`
    - `OPENAI_API_KEY=<key>` (if using OpenAI features)
@@ -276,6 +276,4 @@ This repo now includes:
    - `HF_OAUTH_REDIRECT_URI` (your Space callback URL)
    - `AUTH_SUCCESS_REDIRECT_URL` (your Space URL)
-With `AUTH_MODE=auto`, backend auth switches to OAuth automatically when both `HF_OAUTH_CLIENT_ID` and `HF_OAUTH_CLIENT_SECRET` are configured.
 The container exposes Streamlit on port `7860` and points the frontend to the internal backend via `BACKEND_URL=http://127.0.0.1:8000`.

 1. Create or switch your Space to **Docker** SDK.
 2. Push this repo to your Space (or use the GitHub Action sync workflow already in `.github/workflows/deploy-hf-space.yml`).
 3. In Space variables/secrets, set at minimum:
+   - `AUTH_MODE=dev` (or `hf_oauth`)
    - `APP_SESSION_SECRET=<strong-random-secret>`
    - `STORAGE_BASE_DIR=/data`
    - `OPENAI_API_KEY=<key>` (if using OpenAI features)
    - `HF_OAUTH_REDIRECT_URI` (your Space callback URL)
    - `AUTH_SUCCESS_REDIRECT_URL` (your Space URL)
 The container exposes Streamlit on port `7860` and points the frontend to the internal backend via `BACKEND_URL=http://127.0.0.1:8000`.

app.py CHANGED Viewed

@@ -12,7 +12,6 @@ from uuid import uuid4
 from fastapi.concurrency import run_in_threadpool
 from fastapi import APIRouter, BackgroundTasks, Depends, FastAPI, File, Form, HTTPException, Request, UploadFile, status
 from fastapi.responses import FileResponse, RedirectResponse
-from dotenv import load_dotenv
 from pydantic import BaseModel, Field
 from sqlalchemy import text
 from sqlalchemy.orm import Session
@@ -42,8 +41,6 @@ from src.artifacts.podcast_generator import PodcastGenerator
 from utils.llm_client import LLMConfigError, generate_chat_completion
 from utils.prompt_templates import build_rag_system_prompt, build_rag_user_prompt
-load_dotenv()
 @asynccontextmanager
 async def lifespan(_: FastAPI):

 from fastapi.concurrency import run_in_threadpool
 from fastapi import APIRouter, BackgroundTasks, Depends, FastAPI, File, Form, HTTPException, Request, UploadFile, status
 from fastapi.responses import FileResponse, RedirectResponse
 from pydantic import BaseModel, Field
 from sqlalchemy import text
 from sqlalchemy.orm import Session
 from utils.llm_client import LLMConfigError, generate_chat_completion
 from utils.prompt_templates import build_rag_system_prompt, build_rag_user_prompt
 @asynccontextmanager
 async def lifespan(_: FastAPI):

auth/oauth.py CHANGED Viewed

@@ -13,14 +13,6 @@ class HFOAuthError(RuntimeError):
     pass
-def _first_env(*names: str) -> str:
-    for name in names:
-        value = os.getenv(name, "").strip()
-        if value:
-            return value
-    return ""
 @dataclass(frozen=True)
 class HFOAuthSettings:
     client_id: str
@@ -32,8 +24,8 @@ class HFOAuthSettings:
 def get_hf_oauth_settings() -> HFOAuthSettings:
-    client_id = _first_env("HF_OAUTH_CLIENT_ID", "OAUTH_CLIENT_ID")
-    client_secret = _first_env("HF_OAUTH_CLIENT_SECRET", "OAUTH_CLIENT_SECRET")
     if not client_id or not client_secret:
         raise HFOAuthError("HF OAuth client configuration is missing.")

     pass
 @dataclass(frozen=True)
 class HFOAuthSettings:
     client_id: str
 def get_hf_oauth_settings() -> HFOAuthSettings:
+    client_id = os.getenv("HF_OAUTH_CLIENT_ID", "").strip()
+    client_secret = os.getenv("HF_OAUTH_CLIENT_SECRET", "").strip()
     if not client_id or not client_secret:
         raise HFOAuthError("HF OAuth client configuration is missing.")

auth/session.py CHANGED Viewed

@@ -30,43 +30,14 @@ class AuthBridgeTokenError(ValueError):
     pass
-def _first_env(*names: str) -> str:
-    for name in names:
-        value = os.getenv(name, "").strip()
-        if value:
-            return value
-    return ""
 def get_auth_mode() -> str:
-    configured = os.getenv("AUTH_MODE", "").strip().lower()
-    if configured == AUTH_MODE_DEV:
-        return AUTH_MODE_DEV
-    if configured in {AUTH_MODE_HF, "oauth"}:
-        return AUTH_MODE_HF
-    if not configured or configured == "auto":
-        has_hf_client = bool(_first_env("HF_OAUTH_CLIENT_ID", "OAUTH_CLIENT_ID"))
-        has_hf_secret = bool(_first_env("HF_OAUTH_CLIENT_SECRET", "OAUTH_CLIENT_SECRET"))
-        if has_hf_client and has_hf_secret:
-            return AUTH_MODE_HF
-    return AUTH_MODE_DEV
-def _resolve_session_secret() -> str:
-    configured = os.getenv("APP_SESSION_SECRET", "").strip()
-    if configured:
-        return configured
-    if get_auth_mode() == AUTH_MODE_HF:
-        # In HF Spaces OAuth deployments, OAUTH_CLIENT_SECRET is usually injected.
-        oauth_secret = _first_env("HF_OAUTH_CLIENT_SECRET", "OAUTH_CLIENT_SECRET")
-        if oauth_secret:
-            return oauth_secret
-    return DEFAULT_DEV_SESSION_SECRET
 def configure_session_middleware(app) -> None:
     """Attach Starlette session middleware once during app setup."""
-    secret = _resolve_session_secret()
     auth_mode = get_auth_mode()
     if auth_mode == AUTH_MODE_HF and (not secret or secret == DEFAULT_DEV_SESSION_SECRET):
         raise RuntimeError("APP_SESSION_SECRET must be set to a non-default value in hf_oauth mode.")
@@ -90,7 +61,7 @@ def configure_session_middleware(app) -> None:
 def _bridge_serializer() -> URLSafeTimedSerializer:
-    secret = _resolve_session_secret()
     return URLSafeTimedSerializer(secret_key=secret, salt=AUTH_BRIDGE_SALT)

     pass
 def get_auth_mode() -> str:
+    configured = os.getenv("AUTH_MODE", AUTH_MODE_DEV).strip().lower()
+    return configured if configured in {AUTH_MODE_DEV, AUTH_MODE_HF} else AUTH_MODE_DEV
 def configure_session_middleware(app) -> None:
     """Attach Starlette session middleware once during app setup."""
+    secret = os.getenv("APP_SESSION_SECRET", DEFAULT_DEV_SESSION_SECRET).strip()
     auth_mode = get_auth_mode()
     if auth_mode == AUTH_MODE_HF and (not secret or secret == DEFAULT_DEV_SESSION_SECRET):
         raise RuntimeError("APP_SESSION_SECRET must be set to a non-default value in hf_oauth mode.")
 def _bridge_serializer() -> URLSafeTimedSerializer:
+    secret = os.getenv("APP_SESSION_SECRET", DEFAULT_DEV_SESSION_SECRET)
     return URLSafeTimedSerializer(secret_key=secret, salt=AUTH_BRIDGE_SALT)

frontend/app.py CHANGED Viewed

@@ -5,9 +5,6 @@ from typing import Any
 import requests
 import streamlit as st
-from dotenv import load_dotenv
-load_dotenv()
 st.set_page_config(page_title="NotebookLM Clone", page_icon="📚", layout="wide")

 import requests
 import streamlit as st
 st.set_page_config(page_title="NotebookLM Clone", page_icon="📚", layout="wide")

tests/test_auth_mode.py DELETED Viewed

@@ -1,42 +0,0 @@
-from __future__ import annotations
-from auth.session import AUTH_MODE_DEV, AUTH_MODE_HF, get_auth_mode
-def test_get_auth_mode_dev_explicit(monkeypatch):
-    monkeypatch.setenv("AUTH_MODE", "dev")
-    monkeypatch.delenv("HF_OAUTH_CLIENT_ID", raising=False)
-    monkeypatch.delenv("HF_OAUTH_CLIENT_SECRET", raising=False)
-    assert get_auth_mode() == AUTH_MODE_DEV
-def test_get_auth_mode_oauth_alias(monkeypatch):
-    monkeypatch.setenv("AUTH_MODE", "oauth")
-    assert get_auth_mode() == AUTH_MODE_HF
-def test_get_auth_mode_auto_switches_to_hf(monkeypatch):
-    monkeypatch.setenv("AUTH_MODE", "auto")
-    monkeypatch.setenv("HF_OAUTH_CLIENT_ID", "client-id")
-    monkeypatch.setenv("HF_OAUTH_CLIENT_SECRET", "client-secret")
-    monkeypatch.delenv("OAUTH_CLIENT_ID", raising=False)
-    monkeypatch.delenv("OAUTH_CLIENT_SECRET", raising=False)
-    assert get_auth_mode() == AUTH_MODE_HF
-def test_get_auth_mode_auto_falls_back_to_dev(monkeypatch):
-    monkeypatch.setenv("AUTH_MODE", "auto")
-    monkeypatch.delenv("HF_OAUTH_CLIENT_ID", raising=False)
-    monkeypatch.delenv("HF_OAUTH_CLIENT_SECRET", raising=False)
-    monkeypatch.delenv("OAUTH_CLIENT_ID", raising=False)
-    monkeypatch.delenv("OAUTH_CLIENT_SECRET", raising=False)
-    assert get_auth_mode() == AUTH_MODE_DEV
-def test_get_auth_mode_auto_switches_to_hf_with_space_oauth_vars(monkeypatch):
-    monkeypatch.setenv("AUTH_MODE", "auto")
-    monkeypatch.delenv("HF_OAUTH_CLIENT_ID", raising=False)
-    monkeypatch.delenv("HF_OAUTH_CLIENT_SECRET", raising=False)
-    monkeypatch.setenv("OAUTH_CLIENT_ID", "space-client-id")
-    monkeypatch.setenv("OAUTH_CLIENT_SECRET", "space-client-secret")
-    assert get_auth_mode() == AUTH_MODE_HF

tests/test_hf_oauth_settings.py DELETED Viewed

@@ -1,14 +0,0 @@
-from __future__ import annotations
-from auth.oauth import get_hf_oauth_settings
-def test_hf_oauth_settings_accept_space_oauth_vars(monkeypatch):
-    monkeypatch.delenv("HF_OAUTH_CLIENT_ID", raising=False)
-    monkeypatch.delenv("HF_OAUTH_CLIENT_SECRET", raising=False)
-    monkeypatch.setenv("OAUTH_CLIENT_ID", "space-client-id")
-    monkeypatch.setenv("OAUTH_CLIENT_SECRET", "space-client-secret")
-    settings = get_hf_oauth_settings()
-    assert settings.client_id == "space-client-id"
-    assert settings.client_secret == "space-client-secret"