mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-06-10 17:35:57 +00:00
DanielWalnut
2b795265e7
* fix: align auth-disabled mode and mock history loading * fix: address auth-disabled review feedback * test: cover auth-disabled backend contract * style: format frontend tests * fix: address follow-up review comments
55 lines
1.5 KiB
Python
55 lines
1.5 KiB
Python
"""Shared helpers for local/E2E auth-disabled mode."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import logging
|
|
import os
|
|
from types import SimpleNamespace
|
|
|
|
AUTH_DISABLED_ENV_VAR = "DEER_FLOW_AUTH_DISABLED"
|
|
AUTH_DISABLED_USER_ID = "e2e-user"
|
|
AUTH_DISABLED_USER_EMAIL = "e2e@test.local"
|
|
|
|
AUTH_SOURCE_SESSION = "session"
|
|
AUTH_SOURCE_INTERNAL = "internal"
|
|
AUTH_SOURCE_AUTH_DISABLED = "auth_disabled"
|
|
|
|
_PRODUCTION_ENV_VARS: tuple[str, ...] = ("DEER_FLOW_ENV", "ENVIRONMENT")
|
|
_PRODUCTION_ENV_VALUES: frozenset[str] = frozenset({"prod", "production"})
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def is_explicit_production_environment() -> bool:
|
|
return any(os.environ.get(name, "").strip().lower() in _PRODUCTION_ENV_VALUES for name in _PRODUCTION_ENV_VARS)
|
|
|
|
|
|
def is_auth_disabled_requested() -> bool:
|
|
return os.environ.get(AUTH_DISABLED_ENV_VAR) == "1"
|
|
|
|
|
|
def is_auth_disabled() -> bool:
|
|
return is_auth_disabled_requested() and not is_explicit_production_environment()
|
|
|
|
|
|
def warn_if_auth_disabled_enabled() -> None:
|
|
if not is_auth_disabled():
|
|
return
|
|
|
|
logger.warning(
|
|
"%s=1 is active: authentication is bypassed and anonymous requests run as synthetic admin user %r. Do not enable this in shared or production deployments.",
|
|
AUTH_DISABLED_ENV_VAR,
|
|
AUTH_DISABLED_USER_ID,
|
|
)
|
|
|
|
|
|
def get_auth_disabled_user():
|
|
return SimpleNamespace(
|
|
id=AUTH_DISABLED_USER_ID,
|
|
email=AUTH_DISABLED_USER_EMAIL,
|
|
password_hash=None,
|
|
system_role="admin",
|
|
needs_setup=False,
|
|
token_version=0,
|
|
)
|