Merge remote-tracking branch 'origin/master' into build-docker

README.md

@@ -8,11 +8,15 @@ The easiest way to get started is to use the docker image. This will give you a
 
 ```shell
 
-docker-compose up -d
+docker compose up -d
+docker logs neptyne-spreadsheet-neptyne-1
 
 ```
 
-Only need to build it once. After that, you can just run `docker-compose up`.
+The second statement will print out the shared secret you need to connect to the Neptyne server. 
+Open that url and you are in business.
+
+```shell
 
 ### Method 2: pip install
 

neptyne_kernel/dash.py

@@ -599,6 +599,8 @@ def _discover_google_credentials(self):
             return self._load_authorized_credentials(authorized_user)
         elif (oauth_credentials := config_path / "oauth_credentials.json").exists():
             return self._load_oauth_credentials(oauth_credentials)
+        else:
+            self._google_credentials = None
 
     def _authorize_service_account(self, credentials: Path):
         from google.oauth2.service_account import Credentials

neptyne_kernel/neptyne_api/geo.py

@@ -99,6 +99,7 @@ def dataset(name_or_url: str) -> GeoDataFrame:
             path = geopandas.datasets.get_path(name_or_url)
         else:
             import geoplot
+
             try:
                 path = geoplot.datasets.get_path(name_or_url)
             except ValueError:

server/kernels/kernel_handlers.py

@@ -116,21 +116,21 @@ async def init_connection(
         with self.make_session() as session:
             user: User | NonUser
             self.user_profile_image = ""
-            if auth_token:
+            if gsheet_auth_token:
+                assert gsheet_auth_token
+                user = NonUser.GSHEET
+                claims = decode_gsheet_extension_token(gsheet_auth_token)
+                self.user_id = None
+                self.user_name = f"anon-{claims.sheet_id}"
+                self.user_email = f"{self.user_name}@example.com"
+            else:
                 user = await authenticate_request(self, session, token=auth_token)
                 self.user_email = user.email
                 self.user_name = user.name
                 self.user_id = user.id
                 self.allow_other_gsheets = bool(
                     self.user_email
                 ) and self.user_email.endswith("@neptyne.com")
-            else:
-                assert gsheet_auth_token
-                user = NonUser.GSHEET
-                claims = decode_gsheet_extension_token(gsheet_auth_token)
-                self.user_id = None
-                self.user_name = f"anon-{claims.sheet_id}"
-                self.user_email = f"{self.user_name}@example.com"
 
             tyne_proxy = await self.tyne_contents_manager.get(
                 self.tyne_id, session, user, gsheet_auth_token

server/users.py

@@ -1,10 +1,12 @@
 from typing import Any, Literal
 
+from jwt import PyJWTError
 from sqlalchemy import func
 from sqlalchemy.orm import Session
 from tornado import web
 from tornado_sqlalchemy import SessionMixin
 
+from server.gsheet_auth import decode_gsheet_extension_token
 from server.models import (
     EmailShare,
     FirebaseUser,
@@ -17,9 +19,10 @@
 
 
 def token_from_headers(request_handler: web.RequestHandler) -> str | None:
+    header = request_handler.request.headers.get("X-Neptyne-GSheet-Auth-Token")
+    if header:
+        return header
     header = request_handler.request.headers.get("Authorization")
-    if not header:
-        return None
 
     parts = header.split(" ")
     if len(parts) != 2 or parts[0].lower() != "bearer":
@@ -55,8 +58,11 @@ async def _authenticate_request(
         )
     if not token:
         raise web.HTTPError(401, "Missing token")
-    if not token == shared_secret:  # TODO: also check for a signed token
-        raise web.HTTPError(401, "Invalid token")
+    if not token == shared_secret:
+        try:
+            decode_gsheet_extension_token(token)
+        except PyJWTError:
+            raise web.HTTPError(401, "Invalid token")
     return await load_user(
         session,
         "<single-user-firebase-uid>",