Skip to content

ccproxy.auth.conditional

ccproxy.auth.conditional

Conditional authentication dependencies.

get_conditional_auth_manager async 

get_conditional_auth_manager(
    request, credentials=None, settings=None
)

Get authentication manager only if auth is required.

This dependency checks if authentication is configured and validates the token if required. If no auth is configured, returns None.

Parameters:

Name Type Description Default
request Request

The FastAPI request object

 required
credentials Annotated[HTTPAuthorizationCredentials | None, Depends(bearer_scheme)]

HTTP authorization credentials

 None
settings Annotated[Settings | None, Depends(get_settings)]

Application settings

 None

Returns:

Type Description
AuthManager | None

AuthManager instance if authenticated, None if no auth required

Raises:

Type Description
HTTPException

If auth is required but credentials are invalid
Source code in ccproxy/auth/conditional.py 
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
async def get_conditional_auth_manager(
    request: Request,
    credentials: Annotated[
        HTTPAuthorizationCredentials | None, Depends(bearer_scheme)
    ] = None,
    settings: Annotated[Settings | None, Depends(get_settings)] = None,
) -> AuthManager | None:
    """Get authentication manager only if auth is required.

    This dependency checks if authentication is configured and validates
    the token if required. If no auth is configured, returns None.

    Args:
        request: The FastAPI request object
        credentials: HTTP authorization credentials
        settings: Application settings

    Returns:
        AuthManager instance if authenticated, None if no auth required

    Raises:
        HTTPException: If auth is required but credentials are invalid
    """
    # Check if auth is required for this configuration
    if settings is None or not settings.security.auth_token:
        # No auth configured, return None
        return None

    # Auth is required, validate credentials
    if not credentials or not credentials.credentials:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Authentication required",
            headers={"WWW-Authenticate": "Bearer"},
        )

    # Validate the token
    if credentials.credentials != settings.security.auth_token:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authentication credentials",
            headers={"WWW-Authenticate": "Bearer"},
        )

    # Create and return auth manager
    try:
        bearer_auth = BearerTokenAuthManager(credentials.credentials)
        if await bearer_auth.is_authenticated():
            return bearer_auth
        else:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Authentication failed",
                headers={"WWW-Authenticate": "Bearer"},
            )
    except (AuthenticationError, ValueError) as e:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=str(e),
            headers={"WWW-Authenticate": "Bearer"},
        ) from e