mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-18 15:29:36 +00:00
d8bb836614
Add revenue discovery APIs/services, launch verification gates, CI quality checks, and frontend E2E/docs updates to prepare the branch for production go-live. Made-with: Cursor
87 lines
3.1 KiB
Python
87 lines
3.1 KiB
Python
"""Optional bearer token for /api/v1 when DEALIX_INTERNAL_API_TOKEN is set (production hardening).
|
|
|
|
Exemption list is broad (public marketing, demo widgets). Before strict production, see
|
|
docs/LAUNCH_CHECKLIST.md section 6.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from starlette.middleware.base import BaseHTTPMiddleware
|
|
from starlette.requests import Request
|
|
from starlette.responses import JSONResponse
|
|
|
|
from app.config import get_settings
|
|
|
|
|
|
def _exempt_path(path: str) -> bool:
|
|
if path in ("/api/v1/health", "/api/v1/ready"):
|
|
return True
|
|
if path.startswith("/api/v1/webhooks"):
|
|
return True
|
|
if path.startswith("/api/v1/marketing"):
|
|
return True
|
|
if path.startswith("/api/v1/strategy"):
|
|
return True
|
|
if path.startswith("/api/v1/value-proposition"):
|
|
return True
|
|
if path.startswith("/api/v1/customer-onboarding"):
|
|
return True
|
|
# Public demo GETs only; /sales-os/quota, /tasks-inbox, PUT /quota require token when set
|
|
if path in (
|
|
"/api/v1/sales-os/commission-ledger",
|
|
"/api/v1/sales-os/rep-onboarding",
|
|
"/api/v1/sales-os/overview",
|
|
"/api/v1/operations/snapshot",
|
|
):
|
|
return True
|
|
# مسارات المسوقين العامة (تسجيل، لوحة، برنامج) دون كشف بيانات فردية حساسة
|
|
if path == "/api/v1/affiliates/program" or path == "/api/v1/affiliates/register":
|
|
return True
|
|
if path.startswith("/api/v1/affiliates/leaderboard"):
|
|
return True
|
|
# Dashboard / demo widgets that call the API from the browser without internal token
|
|
# (still require JWT on routes that use Depends(get_current_user).)
|
|
if path in (
|
|
"/api/v1/agents/status",
|
|
"/api/v1/intelligence/health",
|
|
"/api/v1/intelligence/run-pipeline",
|
|
"/api/v1/dealix/generate-leads",
|
|
"/api/v1/dealix/full-power",
|
|
"/api/v1/dealix/enrich-exploration",
|
|
"/api/v1/dealix/enrich-exploration/async",
|
|
"/api/v1/dealix/channel-drafts",
|
|
"/api/v1/dealix/intelligence-flags",
|
|
):
|
|
return True
|
|
if path.startswith("/api/v1/dealix/enrich-exploration/jobs/"):
|
|
return True
|
|
if path.startswith("/api/v1/dealix/ai-eval/"):
|
|
return True
|
|
return False
|
|
|
|
|
|
class InternalApiTokenMiddleware(BaseHTTPMiddleware):
|
|
async def dispatch(self, request: Request, call_next):
|
|
if request.method == "OPTIONS":
|
|
return await call_next(request)
|
|
|
|
settings = get_settings()
|
|
token = (settings.DEALIX_INTERNAL_API_TOKEN or "").strip()
|
|
if not token:
|
|
return await call_next(request)
|
|
|
|
path = request.url.path
|
|
if not path.startswith("/api/v1"):
|
|
return await call_next(request)
|
|
if _exempt_path(path):
|
|
return await call_next(request)
|
|
|
|
auth = request.headers.get("authorization") or ""
|
|
expected = f"Bearer {token}"
|
|
if auth != expected:
|
|
return JSONResponse(
|
|
status_code=401,
|
|
content={"detail": "Invalid or missing Authorization bearer token"},
|
|
)
|
|
return await call_next(request)
|