mirror of
https://github.com/danswer-ai/danswer.git
synced 2025-07-13 06:32:57 +02:00
Add automated auth checks for ee
This commit is contained in:
@ -19,6 +19,7 @@ from danswer.utils.variable_functionality import global_version
|
||||
from ee.danswer.configs.app_configs import OPENID_CONFIG_URL
|
||||
from ee.danswer.server.analytics.api import router as analytics_router
|
||||
from ee.danswer.server.api_key.api import router as api_key_router
|
||||
from ee.danswer.server.auth_check import check_ee_router_auth
|
||||
from ee.danswer.server.enterprise_settings.api import (
|
||||
admin_router as enterprise_settings_admin_router,
|
||||
)
|
||||
@ -85,6 +86,10 @@ def get_ee_application() -> FastAPI:
|
||||
application, enterprise_settings_admin_router
|
||||
)
|
||||
include_router_with_global_prefix_prepended(application, enterprise_settings_router)
|
||||
|
||||
# Ensure all routes have auth enabled or are explicitly marked as public
|
||||
check_ee_router_auth(application)
|
||||
|
||||
return application
|
||||
|
||||
|
||||
|
28
backend/ee/danswer/server/auth_check.py
Normal file
28
backend/ee/danswer/server/auth_check.py
Normal file
@ -0,0 +1,28 @@
|
||||
from fastapi import FastAPI
|
||||
|
||||
from danswer.server.auth_check import check_router_auth
|
||||
from danswer.server.auth_check import PUBLIC_ENDPOINT_SPECS
|
||||
|
||||
|
||||
EE_PUBLIC_ENDPOINT_SPECS = PUBLIC_ENDPOINT_SPECS + [
|
||||
# needs to be accessible prior to user login
|
||||
("/enterprise-settings", {"GET"}),
|
||||
("/enterprise-settings/logo", {"GET"}),
|
||||
("/enterprise-settings/custom-analytics-script", {"GET"}),
|
||||
# oidc
|
||||
("/auth/oidc/authorize", {"GET"}),
|
||||
("/auth/oidc/callback", {"GET"}),
|
||||
# saml
|
||||
("/auth/saml/authorize", {"GET"}),
|
||||
("/auth/saml/callback", {"POST"}),
|
||||
("/auth/saml/logout", {"POST"}),
|
||||
]
|
||||
|
||||
|
||||
def check_ee_router_auth(
|
||||
application: FastAPI,
|
||||
public_endpoint_specs: list[tuple[str, set[str]]] = EE_PUBLIC_ENDPOINT_SPECS,
|
||||
) -> None:
|
||||
# similar to the open source version of this function, but checking for the EE-only
|
||||
# endpoints as well
|
||||
check_router_auth(application, public_endpoint_specs)
|
Reference in New Issue
Block a user