giorgio/read.markets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
read.markets/app/auth.py
Giorgio Gilestro a10409c02b initial commit — cassandra v0.1 
Containerised macro-strategy dashboard: 4-panel web UI (indicators,
portfolio, flash news, AI strategic log), MariaDB store, hourly
ingestion jobs, OpenRouter-backed AI analysis.

Ports the four prototype scripts in the parent dir (market_pulse,
flash_news, trading212, strategic_log) into async services backed by a
persistent DB and served via FastAPI + Jinja2 + HTMX. APScheduler runs
as a separate compose service for crash-safety and easier restarts.

Portfolio composition + position names come live from Trading 212;
news per-ticker headlines reuse those names. Tone (NOVICE/INTERMEDIATE/
PRO) and analysis style (DRY/SPECULATIVE) are env-configurable and
stored on each log row so historical entries show what produced them.

Default model is deepseek/deepseek-v4-flash (overridable via env).
Light/dark theme toggle, sans-serif for prose surfaces, monospace for
data. Bearer-token auth, OpenRouter monthly cost cap, RSS feeds auto-
disabled on consecutive failures.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 21:56:10 +01:00

31 lines
1 KiB
Python
Raw Blame History

"""Bearer-token auth — single static token from CASSANDRA_TOKEN env.
If the env is empty, the app runs open (LAN-only / dev mode).
Constant-time comparison via secrets.compare_digest.
"""
from __future__ import annotations
import secrets
from fastapi import Header, HTTPException, status
from app.config import get_settings
async def require_token(
authorization: str | None = Header(default=None),
) -> None:
expected = get_settings().CASSANDRA_TOKEN
if not expected:
return # open mode — no auth required
if not authorization or not authorization.lower().startswith("bearer "):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Bearer token required",
headers={"WWW-Authenticate": "Bearer"},
)
provided = authorization.split(" ", 1)[1].strip()
if not secrets.compare_digest(provided.encode(), expected.encode()):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid token",
)
Reference in a new issue View git blame Copy permalink