Skip to content

ccproxy.auth.dependencies

ccproxy.auth.dependencies

FastAPI dependency injection utilities for authentication.

get_settings 

get_settings()

Get settings instance directly (without service container).

Source code in ccproxy/auth/dependencies.py 
24
25
26
def get_settings() -> Settings:
    """Get settings instance directly (without service container)."""
    return Settings()

get_auth_manager async 

get_auth_manager(credentials, settings)

Return an authentication manager when credentials are required.

Source code in ccproxy/auth/dependencies.py 
120
121
122
123
124
125
126
127
128
129
130
131
132
133
async def get_auth_manager(
    credentials: Annotated[HTTPAuthorizationCredentials | None, Depends(bearer_scheme)],
    settings: SettingsDep,
) -> AuthManager:
    """Return an authentication manager when credentials are required."""

    auth_manager = await _build_bearer_auth_manager(
        credentials,
        _expected_token(settings),
        require_credentials=True,
    )
    # require_credentials ensures auth_manager is never None here.
    assert auth_manager is not None
    return auth_manager

require_auth async 

require_auth(auth_manager)

Enforce authentication, translating failures into HTTP errors.

Source code in ccproxy/auth/dependencies.py 
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
async def require_auth(
    auth_manager: Annotated[AuthManager, Depends(get_auth_manager)],
) -> AuthManager:
    """Enforce authentication, translating failures into HTTP errors."""

    try:
        if not await auth_manager.is_authenticated():
            raise AuthenticationRequiredError("Authentication required")
        return auth_manager
    except AuthenticationError as exc:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=str(exc),
            headers={"WWW-Authenticate": "Bearer"},
        ) from exc

get_access_token async 

get_access_token(auth_manager)

Retrieve an access token from an authenticated manager.

Source code in ccproxy/auth/dependencies.py 
153
154
155
156
157
158
159
160
161
162
163
164
165
async def get_access_token(
    auth_manager: Annotated[AuthManager, Depends(require_auth)],
) -> str:
    """Retrieve an access token from an authenticated manager."""

    try:
        return await auth_manager.get_access_token()
    except AuthenticationError as exc:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=str(exc),
            headers={"WWW-Authenticate": "Bearer"},
        ) from exc

get_conditional_auth_manager async 

get_conditional_auth_manager(request, credentials=None)

Return an auth manager only when the configuration requires it.

Source code in ccproxy/auth/dependencies.py 
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
async def get_conditional_auth_manager(
    request: Request,
    credentials: Annotated[
        HTTPAuthorizationCredentials | None, Depends(bearer_scheme)
    ] = None,
) -> AuthManager | None:
    """Return an auth manager only when the configuration requires it."""

    settings = _resolve_runtime_settings(request)
    expected_token = _expected_token(settings)

    if expected_token is None:
        return None

    return await _build_bearer_auth_manager(
        credentials,
        expected_token,
        require_credentials=True,
    )