use AuthUser.user_id as the browser_id #953
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| import re | ||
| from typing import cast | ||
|
|
||
| from fastapi import FastAPI | ||
|
|
@@ -6,15 +7,16 @@ | |
| from mcp.server.auth.middleware.auth_context import AuthContextMiddleware | ||
| from mcp.server.auth.middleware.bearer_auth import BearerAuthBackend, RequireAuthMiddleware | ||
| from mcp.server.auth.provider import TokenVerifier | ||
| from nanoid import generate | ||
| from pydantic import BaseModel, field_validator, model_validator | ||
| from starlette.datastructures import Headers | ||
| from starlette.middleware import Middleware | ||
| from starlette.middleware.authentication import AuthenticationMiddleware | ||
| from starlette.responses import RedirectResponse | ||
| from starlette.types import Receive, Scope, Send | ||
|
|
||
| from getgather.auth.provider import CustomOAuthProvider | ||
| from getgather.config import FRIENDLY_CHARS, settings | ||
|
|
||
|
|
||
| class RequireAuthMiddlewareCustom(RequireAuthMiddleware): | ||
|
|
@@ -99,14 +101,32 @@ class AuthUser(BaseModel): | |
| @field_validator("auth_provider") | ||
| @classmethod | ||
| def validate_auth_provider(cls, v: str) -> str: | ||
| valid_providers = ( | ||
| [settings.FIRST_PARTY_OAUTH_PROVIDER_NAME, "google"] | ||
| if settings.auth_enabled | ||
| else [NO_AUTH_PROVIDER] | ||
| ) | ||
|
|
||
| if v not in valid_providers: | ||
| raise ValueError(f"Invalid auth provider: {v}") | ||
| return v | ||
|
|
||
| @model_validator(mode="after") | ||
| def validate_user_id(self) -> "AuthUser": | ||
| if len(self.user_id) > 54: | ||
| raise ValueError(f"User id is too long: {self.user_id}") | ||
| if not re.match(r"^[a-z0-9-]+$", self.user_id): | ||
| raise ValueError(f"User id contains invalid characters: {self.user_id}") | ||
| return self | ||
|
|
||
| @property | ||
| def user_id(self) -> str: | ||
| """ | ||
| Unique user name combining login and auth provider. | ||
| Only numbers, lowercase letters and dashes are allowed. | ||
| Maximum length is 54 characters. | ||
| """ | ||
| return f"{self.sub}-{self.auth_provider}" | ||
|
Contributor
There was a problem hiding this comment. why sub-auth provider rather than auth provider - sub? Just curious
Contributor
Author
There was a problem hiding this comment. no strong preference, more like firstname - lastname |
||
|
|
||
| @classmethod | ||
| def from_user_id(cls, user_id: str) -> "AuthUser": | ||
|
|
@@ -121,8 +141,7 @@ def dump(self): | |
|
|
||
| def get_auth_user() -> AuthUser: | ||
| if not settings.auth_enabled: | ||
| return _get_user_for_no_auth() | ||
|
|
||
| token = get_access_token() | ||
| if not token: | ||
|
|
@@ -137,3 +156,12 @@ def get_auth_user() -> AuthUser: | |
| raise RuntimeError("Missing sub or provider in auth token") | ||
|
|
||
| return AuthUser(sub=sub, auth_provider=provider, name=name, email=email, app_name=app_name) | ||
|
|
||
|
|
||
| NO_AUTH_PROVIDER = "noauth" | ||
|
|
||
|
|
||
| def _get_user_for_no_auth() -> AuthUser: | ||
| """Fake auth user for when auth is disabled to keep the code consistent.""" | ||
| sub = generate(FRIENDLY_CHARS, 6) | ||
| return AuthUser(sub=sub, auth_provider=NO_AUTH_PROVIDER) | ||
|
Contributor
There was a problem hiding this comment. @faisalive @broerjuang Please confirm that this new format, e.g.
Contributor
Author
There was a problem hiding this comment. similar to gateway, demo apps will set the token header to where
Contributor
There was a problem hiding this comment. cool so it sounds like the user_id will always avoid the underscores which I think is needed |
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you want to reverse parse it to check if the auth_provider is valid?