From a36c85d9f695091dc72c150aba190ed7d62ab314 Mon Sep 17 00:00:00 2001 From: Daniel McKnight Date: Tue, 5 Nov 2024 09:37:24 -0800 Subject: [PATCH] Deprecate configured `node_username`/`node_password` and annotate `disable_auth` config Use `disable_auth` config to skip MQ Users service connection --- README.md | 4 +--- neon_hana/auth/client_manager.py | 20 ++++++++++++-------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c378839..074b470 100644 --- a/README.md +++ b/README.md @@ -25,12 +25,10 @@ hana: jwt_issuer: neon.ai # Used in the `iss` field of generated JWT tokens. fastapi_title: "My HANA API Host" fastapi_summary: "Personal HTTP API to access my DIANA backend." - disable_auth: True + disable_auth: True # If true, no authentication will be attempted; all connections will be allowed stt_max_length_encoded: 500000 # Arbitrary limit that is larger than any expected voice command tts_max_words: 128 # Arbitrary limit that is longer than any default LLM token limit enable_email: True # Disabled by default; anyone with access to the API will be able to send emails from the configured address - node_username: node_user # Username to authenticate Node API access; leave empty to disable Node API access - node_password: node_password # Password associated with node_username max_streaming_clients: -1 # Maximum audio streaming clients allowed (including 0). Default unset value allows infinite clients ``` It is recommended to generate unique values for configured tokens, these are 32 diff --git a/neon_hana/auth/client_manager.py b/neon_hana/auth/client_manager.py index 3118b91..3af6d25 100644 --- a/neon_hana/auth/client_manager.py +++ b/neon_hana/auth/client_manager.py @@ -70,13 +70,13 @@ def __init__(self, config: dict, self._rpm = config.get("requests_per_minute", 60) self._auth_rpm = config.get("auth_requests_per_minute", 6) self._disable_auth = config.get("disable_auth") - self._node_username = config.get("node_username") - self._node_password = config.get("node_password") self._max_streaming_clients = config.get("max_streaming_clients") self._jwt_algo = "HS256" self._connected_streams = 0 self._stream_check_lock = Lock() - self._mq_connector = mq_connector + # If authentication is explicitly disabled, don't try to query the + # users service + self._mq_connector = None if self._disable_auth else mq_connector @property def authorized_clients(self) -> Dict[str, AuthenticationResponse]: @@ -205,11 +205,15 @@ def check_auth_request(self, client_id: str, username: str, f"{origin_ip}. Wait {wait_time}s.") if self._mq_connector is None: - user = User(username=username, password_hash=password) - elif all((self._node_username, username == self._node_username, - password == self._node_password)): - user = User(username=username, password_hash=password) - user.permissions.node = AccessRoles.USER + # Auth is disabled; every auth request gets a successful response + user = User(username=username, password_hash=password, + permissions=_DEFAULT_USER_PERMISSIONS) + # elif all((self._node_username, username == self._node_username, + # password == self._node_password)): + # # User matches configured node username/password + # user = User(username=username, password_hash=password, + # permissions=_DEFAULT_USER_PERMISSIONS) + # user.permissions.node = AccessRoles.USER else: user = self._mq_connector.get_user_profile(username, password)