diff options
| author | Alexander_Kabui | 2025-06-26 14:20:27 +0300 |
|---|---|---|
| committer | BonfaceKilz | 2025-07-07 07:56:57 +0300 |
| commit | 275e06e5248f291f069a5099282abc0c0fcafdaf (patch) | |
| tree | 8a860c22cf0704fa9981a59eb862d3ed17aa3482 | |
| parent | 94e1bb3c8c54840094b01f766ea21875e2c478af (diff) | |
| download | genenetwork3-275e06e5248f291f069a5099282abc0c0fcafdaf.tar.gz | |
feat: Remove authentication requirement for gnqa users.
| -rw-r--r-- | gn3/api/llm.py | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/gn3/api/llm.py b/gn3/api/llm.py index f61e3f1..a127eb7 100644 --- a/gn3/api/llm.py +++ b/gn3/api/llm.py @@ -11,6 +11,7 @@ from flask import current_app from flask import jsonify from flask import request +from authlib.jose.errors import DecodeError from gn3.llms.process import get_gnqa from gn3.llms.errors import LLMError @@ -64,23 +65,31 @@ def clean_query(query:str) -> str: def is_verified_anonymous_user(request): - # validate metadata from gn2 api(cors, and signed by gn2) - # verify metadata that should be sent from gn2 - return False - + """This function should verify autheniticity of metadate from gn2 """ + anony_id = request.headers.get("anonymous_id") #should verify this + metadata signature + user_status = request.headers.get("anonymous_status", "") + _user_signed_metadata = request.headers.get("anony_metadata", "") # verify this for integrity + return bool(anony_id) and user_status.lower() == "verified" def with_gnqna_fallback(view_func): """Allow fallback to GNQNA user if token auth fails.""" @wraps(view_func) def wrapper(*args, **kwargs): - response = view_func(*args, **kwargs) - # Token check failed (400 from require_token) - if isinstance(response, tuple) and len(response) == 2 and response[1] == 400: - if is_valid_anonymous_user(request): - # Retry with anonymous access + try: + response = view_func(*args, **kwargs) + is_bad_token_response = ( + isinstance(response, tuple) and + len(response) == 2 and + response[1] == 400 + ) + if is_bad_token_response and is_valid_anonymous_user(request): return view_func(*args, **{**kwargs, "auth_token": None, "valid_anony": True}) - - return response + return response + except DecodeError: + if is_verified_anonymous_user(request): + original_func = view_func.__wrapped__ + return original_func(*args, **{**kwargs, "auth_token": None, "valid_anony": True}) + raise # re-raise if anonymous access isn't allowed return wrapper |