mirror of
https://github.com/langchain-ai/mcp-agent.git
synced 2026-07-01 16:00:21 -04:00
x
This commit is contained in:
@@ -23,14 +23,16 @@ APP_SECRET = _get_app_secret()
|
||||
|
||||
@auth.authenticate
|
||||
async def authenticate(authorization: str) -> Auth.types.MinimalUserDict:
|
||||
# Validate credentials (e.g., API key, JWT token)
|
||||
if not authorization or not hmac.compare_digest(authorization, APP_SECRET):
|
||||
raise Auth.exceptions.HTTPException(status_code=401, detail="Unauthorized")
|
||||
# Expecting a header like: "Bearer <token>"
|
||||
if not authorization or not authorization.startswith("Bearer "):
|
||||
raise Auth.exceptions.HTTPException(status_code=401, detail="Missing or invalid Authorization header")
|
||||
|
||||
token = authorization.removeprefix("Bearer ").strip()
|
||||
|
||||
# Validate the token using HMAC constant-time comparison
|
||||
if not hmac.compare_digest(token, APP_SECRET):
|
||||
raise Auth.exceptions.HTTPException(status_code=401, detail="Invalid token")
|
||||
|
||||
# Return user info - only identity and is_authenticated are required
|
||||
# Add any additional fields you need for authorization
|
||||
return {
|
||||
"identity": "authenticated-user",
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user