add auth for copilot and agents

2026-04-30 19:06:23 +02:00 · 2025-01-29 08:33:06 +05:30 · 2025-01-29 08:33:06 +05:30 · ad4ea23d79
commit ad4ea23d79
parent cdc96e7ce3
14 changed files with 173 additions and 43 deletions
--- a/apps/agents/.env.example
+++ b/apps/agents/.env.example
@ -1 +1,2 @@
-OPENAI_API_KEY=<your_openai_api_key>
+OPENAI_API_KEY=<your_openai_api_key>
+API_KEY=test
--- a/apps/agents/README.md
+++ b/apps/agents/README.md
@ -74,8 +74,9 @@ Copy `.env.example` to `.env` and add your API keys
 - To set up the server on a remote machine: `gunicorn -b 0.0.0.0:4040 src.app.main:app`

 ### 🖥️ Run test client
-`python -m tests.app_client --sample_request default_example.json`
+`python -m tests.app_client --sample_request default_example.json --api_key test`
 - `--sample_request`: Path to the sample request file, under `tests/sample_requests` folder
+- `--api_key`: API key to use for authentication. This is the same key as the one in the `.env` file.

 ## 📖 More details

--- a/apps/agents/poetry.lock
+++ b/apps/agents/poetry.lock
@ -342,6 +342,29 @@ Werkzeug = ">=3.1"
 async = ["asgiref (>=3.2)"]
 dotenv = ["python-dotenv"]

+[[package]]
+name = "gunicorn"
+version = "23.0.0"
+description = "WSGI HTTP Server for UNIX"
+optional = false
+python-versions = ">=3.7"
+groups = ["main"]
+markers = "python_version <= \"3.11\" or python_version >= \"3.12\""
+files = [
+    {file = "gunicorn-23.0.0-py3-none-any.whl", hash = "sha256:ec400d38950de4dfd418cff8328b2c8faed0edb0d517d3394e457c317908ca4d"},
+    {file = "gunicorn-23.0.0.tar.gz", hash = "sha256:f014447a0101dc57e294f6c18ca6b40227a4c90e9bdb586042628030cba004ec"},
+]
+
+[package.dependencies]
+packaging = "*"
+
+[package.extras]
+eventlet = ["eventlet (>=0.24.1,!=0.36.0)"]
+gevent = ["gevent (>=1.4.0)"]
+setproctitle = ["setproctitle"]
+testing = ["coverage", "eventlet", "gevent", "pytest", "pytest-cov"]
+tornado = ["tornado (>=0.2)"]
+
 [[package]]
 name = "h11"
 version = "0.14.0"
@ -930,6 +953,19 @@ files = [
 [package.dependencies]
 et-xmlfile = "*"

+[[package]]
+name = "packaging"
+version = "24.2"
+description = "Core utilities for Python packages"
+optional = false
+python-versions = ">=3.8"
+groups = ["main"]
+markers = "python_version <= \"3.11\" or python_version >= \"3.12\""
+files = [
+    {file = "packaging-24.2-py3-none-any.whl", hash = "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"},
+    {file = "packaging-24.2.tar.gz", hash = "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"},
+]
+
 [[package]]
 name = "pandas"
 version = "2.2.3"
@ -1619,4 +1655,4 @@ test = ["pytest (>=6.0.0)", "setuptools (>=65)"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<4.0"
-content-hash = "789b01787d1fa737ae3ad38f642c5c1bcbb142fd38bbbd7a3906a9300b232eb3"
+content-hash = "ef220af6b184e760ccc9b45e26ec9f58a54cb9327c562a612798433a7f9c08e4"
--- a/apps/agents/pyproject.toml
+++ b/apps/agents/pyproject.toml
@ -63,4 +63,5 @@ tzdata = "^2024.2"
 urllib3 = "^2.2.3"
 websockets = "^13.1"
 Werkzeug = "^3.0.5"
-wheel = "^0.44.0"
+wheel = "^0.44.0"
+gunicorn = "^23.0.0"
--- a/apps/agents/requirements.txt
+++ b/apps/agents/requirements.txt
@ -1,51 +1,82 @@
 annotated-types==0.7.0
-anyio==4.6.2
+anyio==4.8.0
 beautifulsoup4==4.12.3
-blinker==1.8.2
-certifi==2024.8.30
-charset-normalizer==3.4.0
-click==8.1.7
+blinker==1.9.0
+build==1.2.2.post1
+CacheControl==0.14.2
+certifi==2024.12.14
+cffi==1.17.1
+charset-normalizer==3.4.1
+cleo==2.1.0
+click==8.1.8
+crashtest==0.4.1
+distlib==0.3.9
 distro==1.9.0
 dnspython==2.7.0
+dulwich==0.22.7
 et_xmlfile==2.0.0
-eval_type_backport==0.2.0
-firecrawl==1.4.0
-Flask==3.0.3
+eval_type_backport==0.2.2
+fastjsonschema==2.21.1
+filelock==3.17.0
+firecrawl==1.9.0
+Flask==3.1.0
+gunicorn==23.0.0
 h11==0.14.0
-httpcore==1.0.6
+httpcore==1.0.7
 httpx==0.27.2
 idna==3.10
+installer==0.7.0
 itsdangerous==2.2.0
-Jinja2==3.1.4
+jaraco.classes==3.4.0
+jaraco.context==6.0.1
+jaraco.functools==4.1.0
+Jinja2==3.1.5
 jiter==0.6.1
 jsonpath-python==1.0.6
+keyring==25.6.0
 lxml==5.3.0
 markdownify==0.13.1
 MarkupSafe==3.0.2
+more-itertools==10.6.0
+msgpack==1.1.0
 mypy-extensions==1.0.0
 nest-asyncio==1.6.0
-numpy==2.1.2
-openai==1.52.2
+numpy==2.2.1
+openai==1.59.7
 openpyxl==3.1.5
+packaging==24.2
 pandas==2.2.3
-pydantic==2.9.2
-pydantic_core==2.23.4
+pkginfo==1.12.0
+platformdirs==4.3.6
+poetry==2.0.1
+poetry-core==2.0.1
+pycparser==2.22
+pydantic==2.10.5
+pydantic_core==2.27.2
 pymongo==4.10.1
-python-dateutil==2.8.2
+pyproject_hooks==1.2.0
+python-dateutil==2.9.0.post0
 python-docx==1.1.2
 python-dotenv==1.0.1
 pytz==2024.2
+RapidFuzz==3.11.0
 requests==2.32.3
-setuptools==75.1.0
-six==1.16.0
+requests-toolbelt==1.0.0
+setuptools==75.8.0
+shellingham==1.5.4
+six==1.17.0
 sniffio==1.3.1
 soupsieve==2.6
 tabulate==0.9.0
-tqdm==4.66.5
+tomlkit==0.13.2
+tqdm==4.67.1
+trove-classifiers==2025.1.15.22
 typing-inspect==0.9.0
 typing_extensions==4.12.2
 tzdata==2024.2
-urllib3==2.2.3
+urllib3==2.3.0
+virtualenv==20.29.1
 websockets==13.1
-Werkzeug==3.0.5
-wheel==0.44.0
+Werkzeug==3.1.3
+wheel==0.44.0
+xattr==1.1.4
--- a/apps/agents/src/app/main.py
+++ b/apps/agents/src/app/main.py
@ -1,5 +1,7 @@
 from flask import Flask, request, jsonify
 from datetime import datetime
+from functools import wraps
+import os

 from src.graph.core import run_turn
 from src.graph.tools import RAG_TOOL, CLOSE_CHAT_TOOL
@ -9,11 +11,30 @@ logger = common_logger

 app = Flask(__name__)
 
+@app.route("/health", methods=["GET"])
+def health():
+    return jsonify({"status": "ok"})
+
@app.route("/")
 def home():
    return "Hello, World!"

+def require_api_key(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        auth_header = request.headers.get('Authorization')
+        if not auth_header or not auth_header.startswith('Bearer '):
+            return jsonify({'error': 'Missing or invalid authorization header'}), 401
+
+        token = auth_header.split('Bearer ')[1]
+        if token != os.environ.get('API_KEY'):
+            return jsonify({'error': 'Invalid API key'}), 403
+
+        return f(*args, **kwargs)
+    return decorated
+
@app.route("/chat", methods=["POST"])
+@require_api_key
 def chat():
    print('='*200)
    logger.info('='*200)
--- a/apps/agents/tests/app_client.py
+++ b/apps/agents/tests/app_client.py
@ -7,13 +7,16 @@ if __name__ == "__main__":
    import argparse
    parser = argparse.ArgumentParser()
    parser.add_argument('--sample_request', type=str, required=True, help='Sample request JSON file name under tests/sample_requests/')
+    parser.add_argument('--api_key', type=str, required=True, help='API key to use for authentication')
+    parser.add_argument('--host', type=str, required=False, help='Host to use for the request', default='http://localhost:4040')
    args = parser.parse_args()

    request = read_json_from_file(f"./tests/sample_requests/{args.sample_request}").get("lastRequest", {})
    print("Sending request...")
    response = requests.post(
-        "http://localhost:4040/chat", 
-        json=request
+        f"{args.host}/chat",
+        json=request,
+        headers={'Authorization': f'Bearer {args.api_key}'}
    ).json()
    print("Output: ")
    print(response)