Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(security): Add API bearer token auth via JWT #1063

Merged
merged 5 commits into from
Sep 4, 2024
Merged

feat(security): Add API bearer token auth via JWT #1063

merged 5 commits into from
Sep 4, 2024

Conversation

jennmueng
Copy link
Member

@jennmueng jennmueng commented Aug 16, 2024
edited
Loading

Mainly for the staging deployment in ml-ai

Introduces an ENFORCE_API_AUTH env variable that will enforce either the rpc secret signing or the bearer token.

@jennmueng jennmueng marked this pull request as draft August 16, 2024 19:04
@jennmueng jennmueng changed the title add simple api key alternative feat(security): Add API bearer token auth via JWT Aug 16, 2024
@jennmueng jennmueng requested a review from corps August 16, 2024 19:14
@jennmueng jennmueng marked this pull request as ready for review August 16, 2024 19:14
@jennmueng jennmueng requested a review from mdtro August 16, 2024 19:17
@mdtro
Copy link
Member

mdtro commented Aug 16, 2024

What is the plan for generating the JWT, just locally with some sort of management command?

mdtro
mdtro reviewed Aug 16, 2024
View reviewed changes
src/seer/json_api.py Outdated Show resolved Hide resolved
mdtro
mdtro reviewed Aug 16, 2024
View reviewed changes
src/seer/configuration.py Outdated Show resolved Hide resolved
corps
corps reviewed Aug 26, 2024
View reviewed changes
src/seer/configuration.py Outdated Show resolved Hide resolved
corps
corps reviewed Aug 26, 2024
View reviewed changes
src/seer/json_api.py Outdated Show resolved Hide resolved
@jennmueng jennmueng marked this pull request as draft August 27, 2024 22:05
@jennmueng jennmueng marked this pull request as ready for review August 27, 2024 22:39
@jennmueng jennmueng requested review from corps and mdtro August 27, 2024 22:39
corps
corps reviewed Aug 27, 2024
View reviewed changes
src/seer/configuration.py Outdated
@@ -74,6 +79,11 @@ def has_sentry_integration(self) -> bool:
return not self.NO_SENTRY_INTEGRATION

def do_validation(self):
if self.IGNORE_API_AUTH:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be if not self.IGNORE_API_AUTH?

@jennmueng jennmueng merged commit 9ef0b6d into main Sep 4, 2024
11 checks passed
@jennmueng jennmueng deleted the jenn/api-key branch September 4, 2024 18:50
aayush-se pushed a commit that referenced this pull request Sep 10, 2024
@jennmueng @aayush-se
feat(security): Add API bearer token auth via JWT (#1063)
93c1f1c 
Mainly for the staging deployment in `ml-ai`

Introduces an `ENFORCE_API_AUTH` env variable that will enforce either
the rpc secret signing or the bearer token.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@corps corps corps approved these changes

@mdtro mdtro Awaiting requested review from mdtro

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jennmueng @mdtro @corps