mirror of
https://github.com/dograh-hq/dograh.git
synced 2026-07-07 11:02:12 +02:00
fix: gate OSS email/password auth endpoints outside local auth mode (#500)
* fix: gate OSS email/password auth endpoints outside local auth mode The /auth signup/login/me routes were mounted unconditionally, so the SaaS deployment accepted unauthenticated signups that created oss_* provider-id users (and auto-provisioned MPS service keys) bypassing Stack Auth entirely. Gate them with a router-level dependency that 404s when AUTH_PROVIDER is not "local", rather than conditionally mounting the router, so the OpenAPI spec and the clients generated from it stay identical across deployment modes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * fix: keep current user route available in stack auth --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
45afc47473
commit
4fb3193eb5
3 changed files with 91 additions and 3 deletions
|
|
@ -5,7 +5,11 @@ from api.db import db_client
|
|||
from api.db.models import UserModel
|
||||
from api.enums import OrganizationConfigurationKey, PostHogEvent
|
||||
from api.schemas.auth import AuthResponse, LoginRequest, SignupRequest, UserResponse
|
||||
from api.services.auth.depends import create_user_configuration_with_mps_key, get_user
|
||||
from api.services.auth.depends import (
|
||||
create_user_configuration_with_mps_key,
|
||||
get_user,
|
||||
require_local_auth,
|
||||
)
|
||||
from api.services.configuration.ai_model_configuration import (
|
||||
convert_legacy_ai_model_configuration_to_v2,
|
||||
)
|
||||
|
|
@ -18,7 +22,11 @@ router = APIRouter(
|
|||
)
|
||||
|
||||
|
||||
@router.post("/signup", response_model=AuthResponse)
|
||||
@router.post(
|
||||
"/signup",
|
||||
response_model=AuthResponse,
|
||||
dependencies=[Depends(require_local_auth)],
|
||||
)
|
||||
async def signup(request: SignupRequest):
|
||||
# Check if email is already taken
|
||||
existing_user = await db_client.get_user_by_email(request.email)
|
||||
|
|
@ -85,7 +93,11 @@ async def signup(request: SignupRequest):
|
|||
)
|
||||
|
||||
|
||||
@router.post("/login", response_model=AuthResponse)
|
||||
@router.post(
|
||||
"/login",
|
||||
response_model=AuthResponse,
|
||||
dependencies=[Depends(require_local_auth)],
|
||||
)
|
||||
async def login(request: LoginRequest):
|
||||
# Look up user by email
|
||||
user = await db_client.get_user_by_email(request.email)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue