modify get_current_user to accept api_key as authentication method

[mrab72]

Regarding this feature request, I've created this PR. It lets the users call all the endpoints with their api_key. I updated the get_current_user function, and it checks the request headers to see whether the Bearer token is provided or api_key. Otherwise, it raise 401.

[ogabrielluiz]

Thanks for the PR, @mrab72

By not including oauth2_login in any Depends the docs don't show that those endpoints require login (localhost:7860/docs) do you think you could validate that case too?

Essentially, having only the API key Security makes the docs show only API key when clicking the padlock icon.

[mrab72]

@ogabrielluiz, I passed the token to the Security and made it an input of the get_current_user method. Then I checked the docs, and the endpoints consider both oauth2 and api_key as authentication methods. Please let me know what you think about it.

[ogabrielluiz]

@mrab72 I think all it takes is something like this:

async def get_current_user(
    token: str = Security(oauth2_login),
    query_param: str = Security(api_key_query),
    header_param: str = Security(api_key_header),
    db: Session = Depends(get_session),
) -> User:
    try:
        return await get_current_user_by_jwt(token, db)
    except HTTPException as exc:
        if not query_param and not header_param:
            raise exc
        user = await api_key_security(query_param, header_param, db)
        if user:
            return user
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Invalid or missing API key",
        )
    except Exception as exc:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Internal server error",
        )

If there's an exception and there is no api key the exception should be raised. That will probably make the tests pass.

[ogabrielluiz]

LGTM

[mrab72]

Ok, there is an incompatibility issue, will fix it.

[mrab72]

@ogabrielluiz Regarding test failure does it use your OPENAI_API_KEY or I should set an environment variable? if it is using mine I just added the env so could you please rerun it?

[ogabrielluiz]

@mrab72 I think the problem with the test is a dependency of the oauth2 security. It seems it is missing the Request object or something like that.

FAILED tests/test_websocket.py::test_websocket_endpoint_after_build - TypeError: OAuth2PasswordBearer.__call__() missing 1 required positional argument: 'request'

[ogabrielluiz]

I've updated the OPENAI API key just in case

[mrab72]

@ogabrielluiz hmm, weird, they're passing on my local machine...will check

[ogabrielluiz]

I'm on the road at the moment.

Are you running the tests with make tests?

If so, I can merge it then check once I get home.

[mrab72]

Ok, no my mistake, I found it! It's the chat endpoint which is a websocket one and I'm not allowed to pass the Depend(get_current_user) will revert it.