Merge pull request #47 from rowboatlabs/no-auth

make auth optional

.env.example

@@ -2,11 +2,19 @@
 # ------------------------------------------------------------
 MONGODB_CONNECTION_STRING=mongodb://127.0.0.1:27017/rowboat
 OPENAI_API_KEY=<OPENAI_API_KEY>
-AUTH0_SECRET=<AUTH0_SECRET>
+
+
+# Uncomment to enable auth using Auth0
+# ------------------------------------------------------------
+# USE_AUTH=true
+
+# Even though auth is disabled by default, these test values are needed for the auth0 imports
+# --------------------------------------------------------------------------------------------
+AUTH0_SECRET=test_secret
 AUTH0_BASE_URL=http://localhost:3000
-AUTH0_ISSUER_BASE_URL=<AUTH0_ISSUER_BASE_URL>
+AUTH0_ISSUER_BASE_URL=https://test.com
-AUTH0_CLIENT_ID=<AUTH0_CLIENT_ID>
+AUTH0_CLIENT_ID=test
-AUTH0_CLIENT_SECRET=<AUTH0_CLIENT_SECRET>
+AUTH0_CLIENT_SECRET=test
 
 # Uncomment to enable RAG:
 # ------------------------------------------------------------

README.md

@@ -42,20 +42,6 @@ Before running RowBoat, ensure you have:
      brew services start mongodb-community@8.0
      ```
 
-4. **Auth0 Account and Application Setup**
-   - **Create an Auth0 Account**: Sign up at [Auth0](https://auth0.com).
-   - **Create a New Application**: Choose "Regular Web Application", select "Next.js" as the application type, and name it "RowBoat".
-   - **Configure Application**:
-     - **Allowed Callback URLs**: In the Auth0 Dashboard, go to your "RowBoat" application settings and set `http://localhost:3000/api/auth/callback` as an Allowed Callback URL.
-   - **Get Credentials**: Collect the following from your Auth0 application settings:
-     - **Domain**: Copy your Auth0 domain (ensure you append `https://` to the Domain that the Auth0 dashboard shows you)
-     - **Client ID**: Your application's unique identifier
-     - **Client Secret**: Your application's secret key
-   - **Generate secret**: Generate a session encryption secret in your terminal and note the output for later:
-     ```bash
-     openssl rand -hex 32
-     ```
-
 ## Local Development Setup
 
 1. **Clone the Repository**
@@ -75,13 +61,6 @@ Before running RowBoat, ensure you have:
      # OpenAI Configuration
      OPENAI_API_KEY=your-openai-api-key
 
-     # Auth0 Configuration
-     AUTH0_SECRET=your-generated-secret               # Generated using openssl command
-     AUTH0_BASE_URL=http://localhost:3000             # Your application's base URL
-     AUTH0_ISSUER_BASE_URL=https://example.auth0.com  # Your Auth0 domain (ensure it is prefixed with https://)
-     AUTH0_CLIENT_ID=your-client-id
-     AUTH0_CLIENT_SECRET=your-client-secret
-
      # MongoDB Configuration (choose one based on your setup)
      # For local MongoDB
      MONGODB_CONNECTION_STRING=mongodb://host.docker.internal:27017/rowboat 
@@ -173,6 +152,37 @@ Before running RowBoat, ensure you have:
    
    The documentation site is available at [http://localhost:8000](http://localhost:8000)
 
+## Enable Authentication
+
+By default, RowBoat runs without authentication. To enable user authentication using Auth0:
+
+1. **Auth0 Setup**
+   - **Create an Auth0 Account**: Sign up at [Auth0](https://auth0.com).
+   - **Create a New Application**: Choose "Regular Web Application", select "Next.js" as the application type, and name it "RowBoat".
+   - **Configure Application**:
+     - **Allowed Callback URLs**: In the Auth0 Dashboard, go to your "RowBoat" application settings and set `http://localhost:3000/api/auth/callback` as an Allowed Callback URL.
+   - **Get Credentials**: Collect the following from your Auth0 application settings:
+     - **Domain**: Copy your Auth0 domain (ensure you append `https://` to the Domain that the Auth0 dashboard shows you)
+     - **Client ID**: Your application's unique identifier
+     - **Client Secret**: Your application's secret key
+   - **Generate secret**: Generate a session encryption secret in your terminal and note the output for later:
+     ```bash
+     openssl rand -hex 32
+     ```
+
+2. **Update Environment Variables**
+   Add the following to your `.env` file:
+   ```ini
+   USE_AUTH=true
+   AUTH0_SECRET=your-generated-secret               # Generated using openssl command
+   AUTH0_BASE_URL=http://localhost:3000             # Your application's base URL
+   AUTH0_ISSUER_BASE_URL=https://example.auth0.com  # Your Auth0 domain (ensure it is prefixed with https://)
+   AUTH0_CLIENT_ID=your-client-id
+   AUTH0_CLIENT_SECRET=your-client-secret
+   ```
+
+After enabling authentication, users will need to sign in to access the application.
+
 ## Enable RAG
 
 RowBoat supports RAG capabilities to enhance responses with your custom knowledge base. To enable RAG, you'll need:

apps/rowboat/app/actions/actions.ts

@@ -11,10 +11,18 @@ import { getAgenticApiResponse, getAgenticResponseStreamId } from "../lib/utils"
 import { check_query_limit } from "../lib/rate_limiting";
 import { QueryLimitError } from "../lib/client_utils";
 import { projectAuthCheck } from "./project_actions";
+import { USE_AUTH } from "../lib/feature_flags";
 
 const crawler = new FirecrawlApp({ apiKey: process.env.FIRECRAWL_API_KEY || '' });
 
 export async function authCheck(): Promise<Claims> {
+    if (!USE_AUTH) {
+        return {
+            email: 'guestuser@rowboatlabs.com',
+            email_verified: true,
+            sub: 'guest_user',
+        };
+    }
     const { user } = await getSession() || {};
     if (!user) {
         throw new Error('User not authenticated');

apps/rowboat/app/actions/project_actions.ts

@@ -10,8 +10,12 @@ import { authCheck } from "./actions";
 import { WithStringId } from "../lib/types/types";
 import { ApiKey } from "../lib/types/project_types";
 import { Project } from "../lib/types/project_types";
+import { USE_AUTH } from "../lib/feature_flags";
 
 export async function projectAuthCheck(projectId: string) {
+    if (!USE_AUTH) {
+        return;
+    }
     const user = await authCheck();
     const membership = await projectMembersCollection.findOne({
         projectId,

apps/rowboat/app/lib/feature_flags.ts

@@ -2,3 +2,4 @@ export const USE_RAG = process.env.USE_RAG === 'true';
 export const USE_RAG_UPLOADS = process.env.USE_RAG_UPLOADS === 'true';
 export const USE_RAG_SCRAPING = process.env.USE_RAG_SCRAPING === 'true';
 export const USE_CHAT_WIDGET = process.env.USE_CHAT_WIDGET === 'true';
+export const USE_AUTH = process.env.USE_AUTH === 'true';

apps/rowboat/app/page.tsx

@@ -1,5 +1,12 @@
 import { App } from "./app";
+import { redirect } from "next/navigation";
+import { USE_AUTH } from "./lib/feature_flags";
+
+export const dynamic = 'force-dynamic';
 
 export default function Home() {
+    if (!USE_AUTH) {
+        redirect("/projects");
+    }
     return <App />
 }

apps/rowboat/app/projects/layout.tsx

@@ -4,6 +4,9 @@ import Image from "next/image";
 import Link from "next/link";
 import { UserButton } from "../lib/components/user_button";
 import { ThemeToggle } from "../lib/components/theme-toggle";
+import { USE_AUTH } from "../lib/feature_flags";
+
+export const dynamic = 'force-dynamic';
 
 export default function Layout({
     children,
@@ -30,7 +33,7 @@ export default function Layout({
             </div>
             <div className="flex items-center gap-2">
                 <ThemeToggle />
-                <UserButton />
+                {USE_AUTH && <UserButton />}
             </div>
         </header>
         <main className="grow overflow-auto">

apps/rowboat/middleware.ts

@@ -34,6 +34,10 @@ export async function middleware(request: NextRequest, event: NextFetchEvent) {
   }
 
   if (request.nextUrl.pathname.startsWith('/projects')) {
+    // Skip auth check if USE_AUTH is not enabled
+    if (process.env.USE_AUTH !== 'true') {
+      return NextResponse.next();
+    }
     return auth0MiddlewareHandler(request, event);
   }
 

docker-compose.yml

@@ -10,6 +10,7 @@ services:
     environment:
       - OPENAI_API_KEY=${OPENAI_API_KEY}
       - MONGODB_CONNECTION_STRING=${MONGODB_CONNECTION_STRING}
+      - USE_AUTH=${USE_AUTH}
       - AUTH0_SECRET=${AUTH0_SECRET}
       - AUTH0_BASE_URL=${AUTH0_BASE_URL}
       - AUTH0_ISSUER_BASE_URL=${AUTH0_ISSUER_BASE_URL}