Add automated auth checks for ee

This commit is contained in:
Weves
2024-04-19 01:38:39 -07:00
committed by Chris Weaver
parent 50f006557f
commit 1984f2c1ca
2 changed files with 33 additions and 0 deletions

View File

@ -19,6 +19,7 @@ from danswer.utils.variable_functionality import global_version
from ee.danswer.configs.app_configs import OPENID_CONFIG_URL
from ee.danswer.server.analytics.api import router as analytics_router
from ee.danswer.server.api_key.api import router as api_key_router
from ee.danswer.server.auth_check import check_ee_router_auth
from ee.danswer.server.enterprise_settings.api import (
admin_router as enterprise_settings_admin_router,
)
@ -85,6 +86,10 @@ def get_ee_application() -> FastAPI:
application, enterprise_settings_admin_router
)
include_router_with_global_prefix_prepended(application, enterprise_settings_router)
# Ensure all routes have auth enabled or are explicitly marked as public
check_ee_router_auth(application)
return application

View File

@ -0,0 +1,28 @@
from fastapi import FastAPI
from danswer.server.auth_check import check_router_auth
from danswer.server.auth_check import PUBLIC_ENDPOINT_SPECS
EE_PUBLIC_ENDPOINT_SPECS = PUBLIC_ENDPOINT_SPECS + [
# needs to be accessible prior to user login
("/enterprise-settings", {"GET"}),
("/enterprise-settings/logo", {"GET"}),
("/enterprise-settings/custom-analytics-script", {"GET"}),
# oidc
("/auth/oidc/authorize", {"GET"}),
("/auth/oidc/callback", {"GET"}),
# saml
("/auth/saml/authorize", {"GET"}),
("/auth/saml/callback", {"POST"}),
("/auth/saml/logout", {"POST"}),
]
def check_ee_router_auth(
application: FastAPI,
public_endpoint_specs: list[tuple[str, set[str]]] = EE_PUBLIC_ENDPOINT_SPECS,
) -> None:
# similar to the open source version of this function, but checking for the EE-only
# endpoints as well
check_router_auth(application, public_endpoint_specs)