🔒 refactor(base.py): remove SECRET_KEY field from Settings class since it is now handled by AuthSettings class
🔒 refactor(manager.py): pass CONFIG_DIR to AuthSettings constructor when creating an instance
The accessToken parameter in the chatEndpoint URL is now encoded using the encodeURIComponent function to handle special characters correctly. This ensures that the accessToken is properly passed to the chat endpoint without causing any issues.
🔧 fix(alertContext): remove isTweakPage and setIsTweakPage from alertContext
🔧 fix(genericModal): add null check for nodeClass before calling postValidatePrompt
🔧 fix(extraSidebarComponent): remove setIsTweakPage from extraSidebarComponent
🔧 fix(typesContext): remove isTweakPage and setIsTweakPage from typesContext
### Description
This pull request introduces a significant enhancement to the project by
incorporating robust authentication logic. The enhancement addresses the
critical need for secure user access and data protection within the
application. With this addition, the system will be able to authenticate
users, verify their identities, and provide access only to authorized
individuals.
### Changes Implemented
- **Authentication Middleware**: A new middleware module has been
implemented to intercept incoming requests and validate user
authentication. This middleware checks for valid authentication tokens
or credentials and ensures that only authenticated users can access
protected resources.
- **User Authentication Endpoint**: A new endpoint has been created to
handle user authentication. This endpoint allows users to provide their
credentials, which are then securely processed and validated against the
stored user data.
- **Password Hashing**: User passwords are now securely hashed using a
strong cryptographic algorithm before being stored in the database. This
ensures that even if the database is compromised, user passwords remain
inaccessible.
- **Token-Based Authentication**: Upon successful authentication, the
system generates a time-limited access token for the user. This token
must be included in subsequent requests to access protected resources.
Token validity is maintained through token expiration and refresh
mechanisms.
- **Authorization Checks**: The logic has been extended to include
authorization checks after successful authentication. This ensures that
authenticated users only have access to the resources they are
authorized to use, based on their roles and permissions.
### Benefits
1. **Enhanced Security**: By implementing strong authentication
mechanisms and password hashing, the project significantly improves
security, minimizing the risk of unauthorized access or data breaches.
2. **User-Friendly Experience**: Users can securely access the
application, confident in the knowledge that their credentials and data
are protected. The token-based authentication simplifies the user
experience by eliminating the need for frequent re-authentication.
3. **Scalability**: The authentication logic has been designed with
scalability in mind, ensuring that the system can handle a growing
number of users and requests without compromising security or
performance.
4. **Modularity**: The new authentication logic has been integrated as a
separate module, enhancing the project's modularity and maintainability.
fix(AdminPage/index.tsx): fix nullish assertion for create_at and updated_at properties to avoid potential errors
fix(signUpPage/index.tsx): fix error handling to correctly display error message
fix(types/components/index.ts): make id, create_at, and updated_at properties optional in UserInputType
✨ feat(headerComponent): add Home link when on admin page for easier navigation
✨ feat(headerComponent): add Admin page link for easier navigation to admin page
🐛 fix(ApiKeysPage): handle case when api_keys.name is null or undefined by displaying "-" instead
🐛 fix(ApiKeysPage): handle case when api_keys.last_used_at is an invalid date by displaying "Never" instead
✨ feat(ApiKeysPage): add Total Uses column to display the total number of uses for each API key
🐛 fix(loginPage): set isAdmin context variable based on user's is_superuser property
🐛 fix(loginPage): increase delay before fetching logged user to 500ms for better user experience
🐛 fix(types): add total_uses property to ApiKey type to match backend response
🔧 chore(main.py): update import statement to use get_number_of_workers from __main__ module
🔧 chore(util.py): remove unused imports and functions to improve code cleanliness and maintainability
🐛 fix(types.py): add *args and **kwargs to build method in AgentVertex, LLMVertex, WrapperVertex, ChainVertex, and PromptVertex classes to allow for additional arguments to be passed
🐛 fix(utils.py): change return type annotation in api_key_security function from Optional[ApiKey] to Optional[User] to reflect the actual return type
🐛 fix(util.py): fix condition to check if "BaseModel" is in the string representation of _type to avoid skipping BaseModel types in format_dict function
🔒 chore(endpoints.py): rename api_key parameter to api_key_user for clarity and consistency
🔒 chore(endpoints.py): add type hint for api_key_user parameter to indicate it is of type User
🔒 chore(endpoints.py): remove unnecessary assignment of api_key_user from api_key.user
🔧 fix(tabsContext.tsx): remove unnecessary console.error statements to improve code readability and maintainability
🔧 fix(genericModal/index.tsx): remove unnecessary console.log statement to improve code readability and maintainability
🔧 fix(ApiKeysPage/index.tsx): remove unnecessary console.log statement to improve code readability and maintainability
🔧 fix(auth.ts): remove unused refreshAccessToken function type to improve code readability and maintainability
