Spaces:
Runtime error
Runtime error
| """Authentication endpoints for passkey gate.""" | |
| import hashlib | |
| import os | |
| from fastapi import APIRouter, Request, Response | |
| from fastapi.responses import JSONResponse | |
| from pydantic import BaseModel | |
| router = APIRouter(prefix="/api/auth", tags=["auth"]) | |
| PASSKEY = "flyingagents" | |
| # Token derived from passkey so it stays stable across restarts. | |
| AUTH_TOKEN = hashlib.sha256(f"flight_auth:{PASSKEY}".encode()).hexdigest() | |
| def _require_passkey() -> bool: | |
| """Return True unless REQUIRE_PASSKEY is explicitly set to 'false'.""" | |
| return os.environ.get("REQUIRE_PASSKEY", "true").lower() != "false" | |
| class PasskeyBody(BaseModel): | |
| passkey: str | |
| async def verify(body: PasskeyBody, response: Response): | |
| if not _require_passkey(): | |
| _set_auth_cookie(response) | |
| return {"ok": True} | |
| if body.passkey != PASSKEY: | |
| return JSONResponse(status_code=401, content={"detail": "Invalid passkey"}) | |
| _set_auth_cookie(response) | |
| return {"ok": True} | |
| def _set_auth_cookie(response: Response) -> None: | |
| """Set the auth cookie. Uses SameSite=None + Secure for HF Spaces iframe.""" | |
| response.set_cookie( | |
| key="flight_auth", | |
| value=AUTH_TOKEN, | |
| httponly=True, | |
| samesite="none", | |
| secure=True, | |
| max_age=60 * 60 * 24 * 30, # 30 days | |
| ) | |
| async def check(request: Request): | |
| if not _require_passkey(): | |
| return {"ok": True} | |
| token = request.cookies.get("flight_auth") | |
| if token != AUTH_TOKEN: | |
| return JSONResponse(status_code=401, content={"detail": "Not authenticated"}) | |
| return {"ok": True} | |