Spaces:

studzinsky
/

bielik_app_service

Sleeping

App Files Files Community

Patryk Studzinski commited on 16 days ago

Commit

ff33042

1 Parent(s): 3297dba

using a placeholder auth

Browse files

Files changed (2) hide show

app/auth/__init__.py +7 -0
app/auth/placeholder_auth.py +85 -0

app/auth/__init__.py ADDED Viewed

	@@ -0,0 +1,7 @@

+"""
+Authentication module placeholder.
+"""
+from .placeholder_auth import get_authenticated_user, get_optional_user
+__all__ = ["get_authenticated_user", "get_optional_user"]

app/auth/placeholder_auth.py ADDED Viewed

	@@ -0,0 +1,85 @@

+"""
+Simple token-based authentication module.
+Uses a secret API token stored as environment variable.
+"""
+import os
+from typing import Optional
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+# Security scheme - auto_error=False allows unauthenticated requests to pass through
+security = HTTPBearer(auto_error=False)
+# Get API token from environment variable (set as HuggingFace secret)
+API_SECRET_TOKEN = os.getenv("API_SECRET_TOKEN", None)
+async def get_authenticated_user(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(security)
+) -> dict:
+    """
+    Simple token-based authentication.
+    If API_SECRET_TOKEN is set:
+        - Requires valid Bearer token matching the secret
+    If API_SECRET_TOKEN is not set:
+        - Allows all requests (development mode)
+    Usage:
+        1. Set API_SECRET_TOKEN as a HuggingFace Space secret
+        2. Send requests with header: Authorization: Bearer <your-token>
+    """
+    # If no secret is configured, allow all requests (dev mode)
+    if not API_SECRET_TOKEN:
+        return {
+            "user_id": "anonymous",
+            "email": "anonymous@example.com",
+            "name": "Anonymous User",
+            "authenticated": False
+        }
+    # Secret is configured - require valid token
+    if not credentials:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required. Provide Bearer token.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    # Validate token
+    if credentials.credentials != API_SECRET_TOKEN:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication token",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    # Token is valid
+    return {
+        "user_id": "api_user",
+        "email": "api@example.com",
+        "name": "API User",
+        "authenticated": True
+    }
+async def get_optional_user(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(security)
+) -> Optional[dict]:
+    """
+    Optional authentication - doesn't require credentials.
+    Returns user info if authenticated, None otherwise.
+    """
+    if not API_SECRET_TOKEN:
+        return None
+    if credentials and credentials.credentials == API_SECRET_TOKEN:
+        return {
+            "user_id": "api_user",
+            "email": "api@example.com",
+            "name": "API User",
+            "authenticated": True
+        }
+    return None