feat(server): Add JWT validation (Significant-Gravitas#7642)

* add auth middleware * update readnme * Update rnd/autogpt_server/pyproject.toml Co-authored-by: Krzysztof Czerwinski <[email protected]> * address newline feedback * update poetry lock --------- Co-authored-by: Krzysztof Czerwinski <[email protected]>
junzishendu-yz · Aug 1, 2024 · b23bd9c · b23bd9c
1 parent ac45b7c
commit b23bd9c
Show file tree

Hide file tree

Showing 13 changed files with 165 additions and 3 deletions.
diff --git a/rnd/__init__.py b/rnd/__init__.py
diff --git a/rnd/autogpt_libs/README.md b/rnd/autogpt_libs/README.md
@@ -0,0 +1,3 @@
+# AutoGPT Libs
+
+This is a new project to store shared functionality across different services in NextGen AutoGPT (e.g. authentication)
diff --git a/rnd/autogpt_libs/autogpt_libs/__init__.py b/rnd/autogpt_libs/autogpt_libs/__init__.py
diff --git a/rnd/autogpt_libs/autogpt_libs/auth/__init__.py b/rnd/autogpt_libs/autogpt_libs/auth/__init__.py
diff --git a/rnd/autogpt_libs/autogpt_libs/auth/config.py b/rnd/autogpt_libs/autogpt_libs/auth/config.py
@@ -0,0 +1,16 @@
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+
+class Settings:
+    JWT_SECRET_KEY: str = os.getenv("SUPABASE_JWT_SECRET", "")
+    ENABLE_AUTH: bool = os.getenv("ENABLE_AUTH", "false").lower() == "true"
+    JWT_ALGORITHM: str = "HS256"
+
+    @property
+    def is_configured(self) -> bool:
+        return bool(self.JWT_SECRET_KEY)
+
+
+settings = Settings()
diff --git a/rnd/autogpt_libs/autogpt_libs/auth/jwt_utils.py b/rnd/autogpt_libs/autogpt_libs/auth/jwt_utils.py
@@ -0,0 +1,20 @@
+import jwt
+from typing import Dict, Any
+from .config import settings
+
+
+def parse_jwt_token(token: str) -> Dict[str, Any]:
+    """
+    Parse and validate a JWT token.
+
+    :param token: The token to parse
+    :return: The decoded payload
+    :raises ValueError: If the token is invalid or expired
+    """
+    try:
+        payload = jwt.decode(token, settings.JWT_SECRET_KEY, algorithms=[settings.JWT_ALGORITHM])
+        return payload
+    except jwt.ExpiredSignatureError:
+        raise ValueError("Token has expired")
+    except jwt.InvalidTokenError as e:
+        raise ValueError(f"Invalid token: {str(e)}")
diff --git a/rnd/autogpt_libs/autogpt_libs/auth/middleware.py b/rnd/autogpt_libs/autogpt_libs/auth/middleware.py
@@ -0,0 +1,26 @@
+import logging
+
+from fastapi import Request, HTTPException, Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from .jwt_utils import parse_jwt_token
+from .config import settings
+
+security = HTTPBearer()
+async def auth_middleware(request: Request):
+    if not settings.ENABLE_AUTH:
+        # If authentication is disabled, allow the request to proceed
+        return {}
+
+    security = HTTPBearer()
+    credentials = await security(request)
+
+    if not credentials:
+        raise HTTPException(status_code=401, detail="Authorization header is missing")
+
+    try:
+        payload = parse_jwt_token(credentials.credentials)
+        request.state.user = payload
+        logging.info("Token decoded successfully")
+    except ValueError as e:
+        raise HTTPException(status_code=401, detail=str(e))
+    return payload
diff --git a/rnd/autogpt_libs/poetry.lock b/rnd/autogpt_libs/poetry.lock
diff --git a/rnd/autogpt_libs/pyproject.toml b/rnd/autogpt_libs/pyproject.toml
@@ -0,0 +1,17 @@
+[tool.poetry]
+name = "autogpt-libs"
+version = "0.1.0"
+description = "Shared libraries across NextGen AutoGPT"
+authors = ["Aarushi <[email protected]>"]
+readme = "README.md"
+packages = [{ include = "autogpt_libs" }]
+
+[tool.poetry.dependencies]
+python = ">=3.10,<4.0"
+pyjwt = "^2.8.0"
+python-dotenv = "^1.0.1"
+
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
diff --git a/rnd/autogpt_server/.env.example b/rnd/autogpt_server/.env.example
@@ -4,3 +4,4 @@ DB_NAME=agpt_local
 DB_PORT=5432
 DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@localhost:${DB_PORT}/${DB_NAME}"
 PRISMA_SCHEMA="postgres/schema.prisma"
+ENABLE_AUTH="false"
diff --git a/rnd/autogpt_server/autogpt_server/server/server.py b/rnd/autogpt_server/autogpt_server/server/server.py
@@ -5,9 +5,11 @@
 from typing import Annotated, Any, Dict
 
 import uvicorn
+from autogpt_libs.auth.middleware import auth_middleware
 from fastapi import (
     APIRouter,
     Body,
+    Depends,
     FastAPI,
     HTTPException,
     WebSocket,
@@ -80,6 +82,8 @@ def run_service(self):
 
         # Define the API routes
         router = APIRouter(prefix="/api")
+        router.dependencies.append(Depends(auth_middleware))
+
         router.add_api_route(
             path="/blocks",
             endpoint=self.get_graph_blocks,  # type: ignore

diff --git a/rnd/autogpt_server/poetry.lock b/rnd/autogpt_server/poetry.lock
diff --git a/rnd/autogpt_server/pyproject.toml b/rnd/autogpt_server/pyproject.toml
@@ -40,6 +40,7 @@ feedparser = "^6.0.11"
 python-dotenv = "^1.0.1"
 expiringdict = "^1.2.2"
 
+autogpt-libs = { path = "../autogpt_libs", develop = true }
 [tool.poetry.group.dev.dependencies]
 cx-freeze = { git = "https://github.com/ntindle/cx_Freeze.git", rev = "main", develop = true }
 poethepoet = "^0.26.1"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# AutoGPT Libs

		This is a new project to store shared functionality across different services in NextGen AutoGPT (e.g. authentication)