Skip to content

Commit

Permalink
Merge pull request #95 from crestalnetwork/improve/jwt-auth
Browse files Browse the repository at this point in the history 
Improve: jwt auth
  • Loading branch information
@taiyangc
taiyangc authored Jan 26, 2025
2 parents 75ebffe + bce96e3 commit 7578480
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 42 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
# Changelog

## 2025-01-26

### Improvements
- If you open the jwt verify of admin api, it now ignore the reqest come from internal network
- Improve the docker compose tutorial, comment the twitter and tg entrypoint service by default

### Break Changes
- The new docker-compose.yml change the service name, add "intent-" prefix to all services

## 2025-01-25

### New Features
Expand Down
80 changes: 42 additions & 38 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ services:
timeout: 5s
retries: 5

api:
intent-api:
image: crestal/intentkit:latest
depends_on:
db:
Expand All @@ -29,13 +29,14 @@ services:
- DB_PORT=5432
- DB_NAME=${POSTGRES_DB:-intentkit}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY}
- CDP_API_KEY_NAME=${CDP_API_KEY_NAME}
- CDP_API_KEY_PRIVATE_KEY=${CDP_API_KEY_PRIVATE_KEY}
ports:
- "8000:8000"
command: poetry run uvicorn app.api:app --host 0.0.0.0 --port 8000

autonomous:
intent-autonomous:
image: crestal/intentkit:latest
depends_on:
db:
Expand All @@ -49,48 +50,51 @@ services:
- DB_PORT=5432
- DB_NAME=${POSTGRES_DB:-intentkit}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY}
- CDP_API_KEY_NAME=${CDP_API_KEY_NAME}
- CDP_API_KEY_PRIVATE_KEY=${CDP_API_KEY_PRIVATE_KEY}
- INTERNAL_BASE_URL=http://api:8000
command: poetry run python -m app.autonomous

twitter:
image: crestal/intentkit:latest
depends_on:
db:
condition: service_healthy
environment:
- ENV=${ENV:-local}
- RELEASE=${RELEASE:-local}
- DB_USERNAME=${POSTGRES_USER:-postgres}
- DB_PASSWORD=${POSTGRES_PASSWORD:-postgres}
- DB_HOST=db
- DB_PORT=5432
- DB_NAME=${POSTGRES_DB:-intentkit}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- CDP_API_KEY_NAME=${CDP_API_KEY_NAME}
- CDP_API_KEY_PRIVATE_KEY=${CDP_API_KEY_PRIVATE_KEY}
- INTERNAL_BASE_URL=http://api:8000
command: poetry run python -m app.twitter
# intent-twitter:
# image: crestal/intentkit:latest
# depends_on:
# db:
# condition: service_healthy
# environment:
# - ENV=${ENV:-local}
# - RELEASE=${RELEASE:-local}
# - DB_USERNAME=${POSTGRES_USER:-postgres}
# - DB_PASSWORD=${POSTGRES_PASSWORD:-postgres}
# - DB_HOST=db
# - DB_PORT=5432
# - DB_NAME=${POSTGRES_DB:-intentkit}
# - OPENAI_API_KEY=${OPENAI_API_KEY}
# - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY}
# - CDP_API_KEY_NAME=${CDP_API_KEY_NAME}
# - CDP_API_KEY_PRIVATE_KEY=${CDP_API_KEY_PRIVATE_KEY}
# - INTERNAL_BASE_URL=http://api:8000
# command: poetry run python -m app.twitter

telegram:
image: crestal/intentkit:latest
depends_on:
db:
condition: service_healthy
environment:
- ENV=${ENV:-local}
- RELEASE=${RELEASE:-local}
- DB_USERNAME=${POSTGRES_USER:-postgres}
- DB_PASSWORD=${POSTGRES_PASSWORD:-postgres}
- DB_HOST=db
- DB_PORT=5432
- DB_NAME=${POSTGRES_DB:-intentkit}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- CDP_API_KEY_NAME=${CDP_API_KEY_NAME}
- CDP_API_KEY_PRIVATE_KEY=${CDP_API_KEY_PRIVATE_KEY}
- INTERNAL_BASE_URL=http://api:8000
command: poetry run python -m app.telegram
# intent-tg:
# image: crestal/intentkit:latest
# depends_on:
# db:
# condition: service_healthy
# environment:
# - ENV=${ENV:-local}
# - RELEASE=${RELEASE:-local}
# - DB_USERNAME=${POSTGRES_USER:-postgres}
# - DB_PASSWORD=${POSTGRES_PASSWORD:-postgres}
# - DB_HOST=db
# - DB_PORT=5432
# - DB_NAME=${POSTGRES_DB:-intentkit}
# - OPENAI_API_KEY=${OPENAI_API_KEY}
# - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY}
# - CDP_API_KEY_NAME=${CDP_API_KEY_NAME}
# - CDP_API_KEY_PRIVATE_KEY=${CDP_API_KEY_PRIVATE_KEY}
# - INTERNAL_BASE_URL=http://api:8000
# command: poetry run python -m app.telegram

volumes:
postgres_data:
6 changes: 5 additions & 1 deletion models/agent.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,11 @@ def create_or_update(self, db: Session) -> "Agent":
existing_agent = db.exec(select(Agent).where(Agent.id == self.id)).first()
if existing_agent:
# Check owner
if existing_agent.owner and existing_agent.owner != self.owner:
if (
existing_agent.owner
and self.owner # if no owner, the request is coming from internal call, so skip the check
and existing_agent.owner != self.owner
):
raise HTTPException(
status_code=403,
detail="Your JWT token does not match the agent owner",
Expand Down
16 changes: 13 additions & 3 deletions utils/middleware.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
from typing import Optional

import jwt
from fastapi import Depends, HTTPException
from fastapi import Depends, HTTPException, Request
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

logger = logging.getLogger(__name__)
Expand All @@ -22,15 +22,25 @@ def create_jwt_middleware(enable: bool, jwt_secret: str):
"""

async def verify_jwt(
request: Request,
credentials: Optional[HTTPAuthorizationCredentials] = Depends(security),
) -> str:
"""Verify JWT token from Authorization header and return the subject claim.
Returns:
str: The subject claim from the JWT token
"""
logger.debug(f"verify_jwt: enable={enable}, credentials={credentials}")
if not enable:
host = request.headers.get("host", "").split(":")[0]
logger.debug(
f"verify_jwt: enable={enable}, credentials={credentials}, host={host}"
)

if (
not enable
or host == "localhost"
or host == "127.0.0.1"
or host == "intent-api"
):
return ""

if not credentials:
Expand Down

0 comments on commit 7578480

Please sign in to comment.