Skip to content

feat(api): implement token-based authentication for endpoints#155

Merged
EmilienM merged 2 commits intomainfrom
auth_api
May 15, 2025
Merged

feat(api): implement token-based authentication for endpoints#155
EmilienM merged 2 commits intomainfrom
auth_api

Conversation

@EmilienM
Copy link
Contributor

@EmilienM EmilienM commented May 12, 2025

This commit introduces token-based authentication for the /prompt and
/rca-from-tempest API endpoints. Clients now need to include a
valid bearer token in the Authorization header to access these
resources.

Key changes include:

  • Added get_current_user dependency in src/api.py to validate
    tokens for protected routes.
  • Implemented the verify_token method in src/auth.py within the
    DatabaseAuthentification class to check token validity against the
    database and expiry.
  • Updated docs/api-quickstart.md to reflect the new authentication
    requirement, including Authorization header examples.

BREAKING CHANGE: Endpoints /prompt and /rca-from-tempest now
require authentication. Requests without a valid Authorization: Bearer <token>
header will be rejected with a 401 Unauthorized error.

lpiwowar
lpiwowar approved these changes May 13, 2025
View reviewed changes
Copy link
Contributor

@lpiwowar lpiwowar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!:) 👍

I was able to successfully authenticate. The code rejects invalid tokens. I had to tweak the code a bit to check the authentication during testing because of the Jirka's work on the embedding model.

@EmilienM EmilienM force-pushed the auth_api branch 2 times, most recently from 9906636 to 127d2a6 Compare May 13, 2025 14:57
EmilienM added 2 commits May 13, 2025 16:18
@EmilienM
auth: don't rely on Chainlit anymore
bb3aa32
@EmilienM
feat(api): implement token-based authentication for endpoints
7348444 
This commit introduces token-based authentication for the `/prompt` and
`/rca-from-tempest` API endpoints. Clients now need to include a
valid bearer token in the `Authorization` header to access these
resources.

Key changes include:
- Added `get_current_user` dependency in `src/api.py` to validate
  tokens for protected routes.
- Implemented the `verify_token` method in `src/auth.py` within the
  `DatabaseAuthentification` class to check token validity against the
  database and expiry.
- Updated `docs/api-quickstart.md` to reflect the new authentication
  requirement, including `Authorization` header examples.

BREAKING CHANGE: Endpoints `/prompt` and `/rca-from-tempest` now
require authentication. Requests without a valid `Authorization: Bearer <token>`
header will be rejected with a 401 Unauthorized error.
@EmilienM EmilienM merged commit 63d1db4 into main May 15, 2025
3 checks passed
@EmilienM EmilienM deleted the auth_api branch May 15, 2025 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lpiwowar lpiwowar lpiwowar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EmilienM @lpiwowar