Closed mrab72 closed 7 months ago
@ogabrielluiz, I passed the token to the Security
and made it an input of the get_current_user
method. Then I checked the docs, and the endpoints consider both oauth2
and api_key
as authentication methods. Please let me know what you think about it.
@mrab72 I think all it takes is something like this:
async def get_current_user(
token: str = Security(oauth2_login),
query_param: str = Security(api_key_query),
header_param: str = Security(api_key_header),
db: Session = Depends(get_session),
) -> User:
try:
return await get_current_user_by_jwt(token, db)
except HTTPException as exc:
if not query_param and not header_param:
raise exc
user = await api_key_security(query_param, header_param, db)
if user:
return user
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid or missing API key",
)
except Exception as exc:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Internal server error",
)
If there's an exception and there is no api key the exception should be raised. That will probably make the tests pass.
Ok, there is an incompatibility issue, will fix it.
@ogabrielluiz Regarding test failure does it use your OPENAI_API_KEY
or I should set an environment variable? if it is using mine I just added the env so could you please rerun it?
@mrab72 I think the problem with the test is a dependency of the oauth2 security. It seems it is missing the Request object or something like that.
FAILED tests/test_websocket.py::test_websocket_endpoint_after_build - TypeError: OAuth2PasswordBearer.__call__() missing 1 required positional argument: 'request'
I've updated the OPENAI API key just in case
@ogabrielluiz hmm, weird, they're passing on my local machine...will check
I'm on the road at the moment.
Are you running the tests with make tests
?
If so, I can merge it then check once I get home.
Ok, no my mistake, I found it! It's the chat
endpoint which is a websocket
one and I'm not allowed to pass the Depend(get_current_user)
will revert it.
Regarding this feature request, I've created this PR. It lets the users call all the endpoints with their
api_key
. I updated theget_current_user
function, and it checks the request headers to see whether theBearer token
is provided orapi_key
. Otherwise, it raise 401.