Your Name
feat: UI improvements and error suppression - Enhanced dashboard and market pages with improved header buttons, logo, and currency symbol display - Stopped animated ticker - Removed pie chart legends - Added error suppressor for external service errors (SSE, Permissions-Policy warnings) - Improved header button prominence and icon appearance - Enhanced logo with glow effects and better design - Fixed currency symbol visibility in market tables
8b7b267
| """ | |
| HuggingFace Space Authentication | |
| Authentication middleware for HuggingFace Space API endpoints | |
| CRITICAL RULES: | |
| - Verify HF_TOKEN from environment | |
| - Return error if token missing or invalid | |
| - NO bypass - authentication is REQUIRED | |
| """ | |
| import os | |
| import logging | |
| from fastapi import Security, HTTPException, status, Header | |
| from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials | |
| from typing import Optional | |
| logger = logging.getLogger(__name__) | |
| # Get HF_TOKEN from environment - REQUIRED for authentication | |
| HF_TOKEN_ENV = os.getenv("HF_TOKEN") or os.getenv("HUGGINGFACE_TOKEN") | |
| # CRITICAL: TEST MODE for development/testing | |
| TEST_MODE = os.getenv("TEST_MODE", "false").lower() == "true" | |
| if TEST_MODE: | |
| logger.warning("=" * 80) | |
| logger.warning("🧪 TEST MODE ACTIVE - Authentication bypass enabled!") | |
| logger.warning(" Set TEST_MODE=false in production") | |
| logger.warning("=" * 80) | |
| # Security scheme | |
| security = HTTPBearer(auto_error=False) | |
| async def verify_hf_token( | |
| credentials: Optional[HTTPAuthorizationCredentials] = Security(security), | |
| authorization: Optional[str] = Header(None) | |
| ) -> bool: | |
| """ | |
| Verify HuggingFace API token | |
| CRITICAL RULES: | |
| 1. MUST check credentials from Bearer token OR Authorization header | |
| 2. MUST compare with HF_TOKEN from environment | |
| 3. MUST return 401 if token missing or invalid | |
| 4. NO fake authentication - REAL token verification ONLY | |
| Args: | |
| credentials: HTTP Bearer token credentials | |
| authorization: Authorization header (fallback) | |
| Returns: | |
| bool: True if authenticated | |
| Raises: | |
| HTTPException: 401 if authentication fails | |
| """ | |
| # Get token from credentials or header | |
| provided_token = None | |
| if credentials: | |
| provided_token = credentials.credentials | |
| elif authorization: | |
| # Handle "Bearer TOKEN" format | |
| if authorization.startswith("Bearer "): | |
| provided_token = authorization[7:] | |
| else: | |
| provided_token = authorization | |
| # CRITICAL: Allow bypass in TEST_MODE for development | |
| if TEST_MODE: | |
| logger.info("✅ TEST MODE: Authentication bypassed") | |
| return { | |
| "user_id": "test_user", | |
| "username": "test_user", | |
| "test_mode": True, | |
| "access_level": "full", | |
| "note": "TEST_MODE active - no real authentication" | |
| } | |
| # If no token provided, return 401 | |
| if not provided_token: | |
| logger.warning("Authentication failed: No token provided") | |
| raise HTTPException( | |
| status_code=status.HTTP_401_UNAUTHORIZED, | |
| detail={ | |
| "success": False, | |
| "error": "Authentication required. Please provide HF_TOKEN in Authorization header.", | |
| "source": "hf_engine", | |
| "hint": "For development: Set TEST_MODE=true in .env" | |
| }, | |
| headers={"WWW-Authenticate": "Bearer"} | |
| ) | |
| # If HF_TOKEN not configured in environment, return 401 | |
| if not HF_TOKEN_ENV: | |
| logger.error("HF_TOKEN not configured in environment") | |
| raise HTTPException( | |
| status_code=status.HTTP_401_UNAUTHORIZED, | |
| detail={ | |
| "success": False, | |
| "error": "HF_TOKEN not configured on server. Please set HF_TOKEN environment variable.", | |
| "source": "hf_engine" | |
| } | |
| ) | |
| # Verify token matches | |
| # CRITICAL: This is REAL token verification - NO bypass | |
| if provided_token != HF_TOKEN_ENV: | |
| logger.warning(f"Authentication failed: Invalid token provided (length: {len(provided_token)})") | |
| raise HTTPException( | |
| status_code=status.HTTP_401_UNAUTHORIZED, | |
| detail={ | |
| "success": False, | |
| "error": "Invalid authentication token", | |
| "source": "hf_engine" | |
| }, | |
| headers={"WWW-Authenticate": "Bearer"} | |
| ) | |
| # Token is valid | |
| logger.info("Authentication successful") | |
| return True | |
| async def optional_hf_token( | |
| credentials: Optional[HTTPAuthorizationCredentials] = Security(security), | |
| authorization: Optional[str] = Header(None) | |
| ) -> Optional[bool]: | |
| """ | |
| Optional HF token verification (for endpoints that can work without auth) | |
| Returns: | |
| Optional[bool]: True if authenticated, None if no token provided | |
| """ | |
| try: | |
| return await verify_hf_token(credentials, authorization) | |
| except HTTPException: | |
| # Return None if authentication fails (optional mode) | |
| return None | |