Benjamin_Boenisch/breakpilot-pwa
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-02-15. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
ci
breakpilot-pwa/backend/llm_gateway/middleware/auth.py
BreakPilot Dev 19855efacc
Some checks failed
Tests / Go Tests (push) Has been cancelled
Details
Tests / Python Tests (push) Has been cancelled
Details
Tests / Integration Tests (push) Has been cancelled
Details
Tests / Go Lint (push) Has been cancelled
Details
Tests / Python Lint (push) Has been cancelled
Details
Tests / Security Scan (push) Has been cancelled
Details
Tests / All Checks Passed (push) Has been cancelled
Details
Security Scanning / Secret Scanning (push) Has been cancelled
Details
Security Scanning / Dependency Vulnerability Scan (push) Has been cancelled
Details
Security Scanning / Go Security Scan (push) Has been cancelled
Details
Security Scanning / Python Security Scan (push) Has been cancelled
Details
Security Scanning / Node.js Security Scan (push) Has been cancelled
Details
Security Scanning / Docker Image Security (push) Has been cancelled
Details
Security Scanning / Security Summary (push) Has been cancelled
Details
CI/CD Pipeline / Go Tests (push) Has been cancelled
Details
CI/CD Pipeline / Python Tests (push) Has been cancelled
Details
CI/CD Pipeline / Website Tests (push) Has been cancelled
Details
CI/CD Pipeline / Linting (push) Has been cancelled
Details
CI/CD Pipeline / Security Scan (push) Has been cancelled
Details
CI/CD Pipeline / Docker Build & Push (push) Has been cancelled
Details
CI/CD Pipeline / Integration Tests (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / CI Summary (push) Has been cancelled
Details
ci/woodpecker/manual/build-ci-image Pipeline was successful
Details
ci/woodpecker/manual/main Pipeline failed
Details
feat: BreakPilot PWA - Full codebase (clean push without large binaries) 
All services: admin-v2, studio-v2, website, ai-compliance-sdk,
consent-service, klausur-service, voice-service, and infrastructure.
Large PDFs and compiled binaries excluded via .gitignore.
2026-02-11 13:25:58 +01:00

97 lines
2.7 KiB
Python
Raw Permalink Blame History

"""
Auth Middleware für LLM Gateway.
Unterstützt:
- API Key Auth (X-API-Key Header oder Authorization Bearer)
- JWT Token Auth (vom Consent Service)
"""
import logging
from typing import Optional
from fastapi import HTTPException, Header, Depends
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
import jwt
from ..config import get_config
logger = logging.getLogger(__name__)
security = HTTPBearer(auto_error=False)
async def verify_api_key(
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
authorization: Optional[HTTPAuthorizationCredentials] = Depends(security),
) -> str:
"""
Verifiziert den API Key oder JWT Token.
Akzeptiert:
- X-API-Key Header
- Authorization: Bearer <token>
Returns:
str: User ID oder "api_key" bei API Key Auth
"""
config = get_config()
# 1. Prüfe X-API-Key Header
if x_api_key:
if x_api_key in config.api_keys:
return "api_key"
logger.warning(f"Invalid API key attempted")
raise HTTPException(
status_code=401,
detail={"error": "unauthorized", "message": "Invalid API key"},
)
# 2. Prüfe Authorization Header
if authorization:
token = authorization.credentials
# Prüfe ob es ein API Key ist
if token in config.api_keys:
return "api_key"
# Versuche JWT zu dekodieren
if config.jwt_secret:
try:
payload = jwt.decode(
token,
config.jwt_secret,
algorithms=["HS256"],
)
user_id = payload.get("user_id") or payload.get("sub")
if user_id:
return str(user_id)
except jwt.ExpiredSignatureError:
raise HTTPException(
status_code=401,
detail={"error": "token_expired", "message": "Token has expired"},
)
except jwt.InvalidTokenError as e:
logger.warning(f"Invalid JWT token: {e}")
raise HTTPException(
status_code=401,
detail={"error": "invalid_token", "message": "Invalid token"},
)
# 3. In Development Mode ohne Auth erlauben
if config.debug:
logger.warning("Auth bypassed in debug mode")
return "debug_user"
# 4. Keine gültige Auth gefunden
raise HTTPException(
status_code=401,
detail={
"error": "unauthorized",
"message": "API key or valid token required",
},
)
def get_current_user_id(user_id: str = Depends(verify_api_key)) -> str:
"""Dependency um die aktuelle User ID zu bekommen."""
return user_id
Reference in New Issue View Git Blame Copy Permalink