added auth

behavior_backend/main.py

@@ -9,6 +9,8 @@ import logging
 import time
 import os
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+import jwt
+from typing import Optional
 
 from app.core.config import settings
 from app.api.routes.videos import router as videos_router
@@ -26,19 +28,37 @@ logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
 
 # Add security scheme
-security = HTTPBearer()
+security = HTTPBearer(auto_error=False)
 
 # Add authentication dependency
-async def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)):
-    token = credentials.credentials
-    # You can add more token verification logic here if needed
-    if not token:
-        raise HTTPException(
-            status_code=401,
-            detail="Invalid authentication credentials",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    return token
+async def verify_token(request: Request, credentials: Optional[HTTPAuthorizationCredentials] = Depends(security)):
+    # First check for HF Space JWT token in query params
+    hf_token = request.query_params.get("__sign")
+    if hf_token:
+        try:
+            # Verify the JWT token (you may want to add more verification)
+            jwt.decode(hf_token, options={"verify_signature": False})
+            return hf_token
+        except jwt.InvalidTokenError:
+            raise HTTPException(status_code=403, detail="Invalid HF Space token")
+    
+    # Then check for Bearer token
+    if credentials:
+        token = credentials.credentials
+        if not token:
+            raise HTTPException(
+                status_code=401,
+                detail="Invalid authentication credentials",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        return token
+    
+    # If no token found at all
+    raise HTTPException(
+        status_code=401,
+        detail="Authentication required",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
 
 # Create FastAPI app
 app = FastAPI(
@@ -49,10 +69,10 @@ app = FastAPI(
     redoc_url="/redoc"  # ReDoc UI
 )
 
-# Configure CORS with more specific settings for private Space
+# Configure CORS
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["https://huggingface.co", "https://*.hf.space"],
+    allow_origins=["*"],  # Allow all origins for testing
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
@@ -83,8 +103,8 @@ async def log_requests(request: Request, call_next):
     logger.info(f"Path: {request.url.path} Method: {request.method} Time: {process_time:.2f}s Status: {response.status_code}")
     return response
 
-@app.get("/", dependencies=[Depends(verify_token)])
-async def root():
+@app.get("/")
+async def root(token: str = Depends(verify_token)):
     """Root endpoint that returns API status"""
     return {
         "status": "ok",

behavior_backend/requirements.txt

@@ -19,6 +19,7 @@ python-dotenv==1.0.1
 cryptography==44.0.2
 bcrypt==4.0.1
 email_validator==2.2.0
+PyJWT==2.8.0
 
 # File Handling
 aiofiles==23.2.1