Skip to content

feat(api): implement token-based authentication for endpoints #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
EmilienM merged 2 commits into from
May 15, 2025
Merged

feat(api): implement token-based authentication for endpoints #155

EmilienM merged 2 commits into from
May 15, 2025

Conversation

@EmilienM
Copy link
Contributor

@EmilienM EmilienM commented May 12, 2025

This commit introduces token-based authentication for the /prompt and
/rca-from-tempest API endpoints. Clients now need to include a
valid bearer token in the Authorization header to access these
resources.

Key changes include:

  • Added get_current_user dependency in src/api.py to validate
    tokens for protected routes.
  • Implemented the verify_token method in src/auth.py within the
    DatabaseAuthentification class to check token validity against the
    database and expiry.
  • Updated docs/api-quickstart.md to reflect the new authentication
    requirement, including Authorization header examples.

BREAKING CHANGE: Endpoints /prompt and /rca-from-tempest now
require authentication. Requests without a valid Authorization: Bearer <token>
header will be rejected with a 401 Unauthorized error.

lpiwowar
lpiwowar approved these changes May 13, 2025
View reviewed changes
Copy link
Contributor

@lpiwowar lpiwowar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!:) 👍

I was able to successfully authenticate. The code rejects invalid tokens. I had to tweak the code a bit to check the authentication during testing because of the Jirka's work on the embedding model.

@EmilienM EmilienM force-pushed the auth_api branch 2 times, most recently from 9906636 to 127d2a6 Compare May 13, 2025 14:57
EmilienM added 2 commits May 13, 2025 16:18
@EmilienM
auth: don't rely on Chainlit anymore
bb3aa32
@EmilienM
feat(api): implement token-based authentication for endpoints
7348444 
This commit introduces token-based authentication for the `/prompt` and
`/rca-from-tempest` API endpoints. Clients now need to include a
valid bearer token in the `Authorization` header to access these
resources.

Key changes include:
- Added `get_current_user` dependency in `src/api.py` to validate
  tokens for protected routes.
- Implemented the `verify_token` method in `src/auth.py` within the
  `DatabaseAuthentification` class to check token validity against the
  database and expiry.
- Updated `docs/api-quickstart.md` to reflect the new authentication
  requirement, including `Authorization` header examples.

BREAKING CHANGE: Endpoints `/prompt` and `/rca-from-tempest` now
require authentication. Requests without a valid `Authorization: Bearer <token>`
header will be rejected with a 401 Unauthorized error.
@EmilienM EmilienM merged commit 63d1db4 into main May 15, 2025
3 checks passed
@EmilienM EmilienM deleted the auth_api branch May 15, 2025 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lpiwowar lpiwowar lpiwowar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@EmilienM @lpiwowar