feat: add authentication for OSS (#167)

* feat: add authentication for OSS

Fixes #157 and #156

* fix: fix token generation

* fix: limit fastapi workers to 1

api/utils/auth.py

@@ -0,0 +1,28 @@
+from datetime import UTC, datetime, timedelta
+
+import bcrypt
+import jwt
+
+from api.constants import OSS_JWT_EXPIRY_HOURS, OSS_JWT_SECRET
+
+
+def hash_password(password: str) -> str:
+    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+
+def verify_password(password: str, password_hash: str) -> bool:
+    return bcrypt.checkpw(password.encode("utf-8"), password_hash.encode("utf-8"))
+
+
+def create_jwt_token(user_id: int, email: str) -> str:
+    payload = {
+        "sub": str(user_id),
+        "email": email,
+        "exp": datetime.now(UTC) + timedelta(hours=OSS_JWT_EXPIRY_HOURS),
+        "iat": datetime.now(UTC),
+    }
+    return jwt.encode(payload, OSS_JWT_SECRET, algorithm="HS256")
+
+
+def decode_jwt_token(token: str) -> dict:
+    return jwt.decode(token, OSS_JWT_SECRET, algorithms=["HS256"])

api/utils/common.py

@@ -119,10 +119,6 @@ async def get_backend_endpoints() -> tuple[str, str]:
         _validate_url(BACKEND_API_ENDPOINT)
 
     if BACKEND_API_ENDPOINT:
-        logger.debug(
-            f"Processing BACKEND_API_ENDPOINT from environment: {BACKEND_API_ENDPOINT}"
-        )
-
         # Handle localhost/127.0.0.1 special case - use tunnel URL if available
         if "localhost" in BACKEND_API_ENDPOINT or "127.0.0.1" in BACKEND_API_ENDPOINT:
             logger.debug(

api/utils/tunnel.py

@@ -27,7 +27,6 @@ class TunnelURLProvider:
             # Try to get URL from cloudflared metrics
             urls = await cls._get_cloudflared_urls()
             if urls:
-                logger.info(f"Retrieved tunnel URLs from cloudflared: {urls}")
                 return urls
         except Exception as e:
             logger.warning(f"Failed to get tunnel URL from cloudflared: {e}")