diff --git a/deployment/terraform/terraform.tfstate b/deployment/terraform/terraform.tfstate index fa76fd0..cd39785 100644 --- a/deployment/terraform/terraform.tfstate +++ b/deployment/terraform/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.12.1", - "serial": 482, + "serial": 485, "lineage": "a183cd95-f987-8698-c6dd-84e933c394a5", "outputs": { "cloud_function_name": { @@ -174,7 +174,7 @@ "effective_annotations": { "run.googleapis.com/ingress": "all", "run.googleapis.com/ingress-status": "all", - "run.googleapis.com/operation-id": "0425a798-bd0b-4453-83ba-38983e678875", + "run.googleapis.com/operation-id": "273b1403-cab6-4397-8714-83b0d8b96d2e", "run.googleapis.com/urls": "[\"https://contoso-761163285547.us-central1.run.app\",\"https://contoso-p64zpdtkta-uc.a.run.app\"]", "serving.knative.dev/creator": "johnpccd3@gmail.com", "serving.knative.dev/lastModifier": "johnpccd3@gmail.com" @@ -186,12 +186,12 @@ "generation": 1, "labels": null, "namespace": "gen-lang-client-0424120530", - "resource_version": "AAY2Deo4Uy8", + "resource_version": "AAY2DhNWeIk", "self_link": "/apis/serving.knative.dev/v1/namespaces/761163285547/services/contoso", "terraform_labels": { "goog-terraform-provisioned": "true" }, - "uid": "65c83cd2-1e60-4541-a922-6132aabb9311" + "uid": "5fbbdac4-c4de-4a73-b144-3a2d5206401b" } ], "name": "contoso", @@ -218,14 +218,14 @@ "type": "RoutesReady" } ], - "latest_created_revision_name": "contoso-00001-w6c", - "latest_ready_revision_name": "contoso-00001-w6c", + "latest_created_revision_name": "contoso-00001-t4p", + "latest_ready_revision_name": "contoso-00001-t4p", "observed_generation": 1, "traffic": [ { "latest_revision": true, "percent": 100, - "revision_name": "contoso-00001-w6c", + "revision_name": "contoso-00001-t4p", "tag": "", "url": "" } @@ -393,7 +393,7 @@ "schema_version": 0, "attributes": { "condition": [], - "etag": "BwY2DeqBDyE=", + "etag": "BwY2DhPXkYo=", "id": "v1/projects/gen-lang-client-0424120530/locations/us-central1/services/contoso/roles/run.invoker/allUsers", "location": "us-central1", "member": "allUsers", @@ -802,7 +802,7 @@ "delete_protection_state": "DELETE_PROTECTION_DISABLED", "deletion_policy": "ABANDON", "earliest_version_time": "2025-05-26T17:30:34.654251Z", - "etag": "IJPvj6vewY0DMLiE6qfXwY0D", + "etag": "IOjogY/hwY0DMLiE6qfXwY0D", "id": "projects/gen-lang-client-0424120530/databases/contoso-imagedb", "key_prefix": "", "location_id": "us-central1", diff --git a/deployment/terraform/terraform.tfstate.backup b/deployment/terraform/terraform.tfstate.backup index 6a8d36d..fa76fd0 100644 --- a/deployment/terraform/terraform.tfstate.backup +++ b/deployment/terraform/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.12.1", - "serial": 479, + "serial": 482, "lineage": "a183cd95-f987-8698-c6dd-84e933c394a5", "outputs": { "cloud_function_name": { @@ -174,7 +174,7 @@ "effective_annotations": { "run.googleapis.com/ingress": "all", "run.googleapis.com/ingress-status": "all", - "run.googleapis.com/operation-id": "fd6ae30c-0621-41c4-998b-cbf693bd98da", + "run.googleapis.com/operation-id": "0425a798-bd0b-4453-83ba-38983e678875", "run.googleapis.com/urls": "[\"https://contoso-761163285547.us-central1.run.app\",\"https://contoso-p64zpdtkta-uc.a.run.app\"]", "serving.knative.dev/creator": "johnpccd3@gmail.com", "serving.knative.dev/lastModifier": "johnpccd3@gmail.com" @@ -186,12 +186,12 @@ "generation": 1, "labels": null, "namespace": "gen-lang-client-0424120530", - "resource_version": "AAY2DdPXaEU", + "resource_version": "AAY2Deo4Uy8", "self_link": "/apis/serving.knative.dev/v1/namespaces/761163285547/services/contoso", "terraform_labels": { "goog-terraform-provisioned": "true" }, - "uid": "d3664fe2-c0fc-40d5-90bd-93904dd237b1" + "uid": "65c83cd2-1e60-4541-a922-6132aabb9311" } ], "name": "contoso", @@ -218,14 +218,14 @@ "type": "RoutesReady" } ], - "latest_created_revision_name": "contoso-00001-v79", - "latest_ready_revision_name": "contoso-00001-v79", + "latest_created_revision_name": "contoso-00001-w6c", + "latest_ready_revision_name": "contoso-00001-w6c", "observed_generation": 1, "traffic": [ { "latest_revision": true, "percent": 100, - "revision_name": "contoso-00001-v79", + "revision_name": "contoso-00001-w6c", "tag": "", "url": "" } @@ -393,7 +393,7 @@ "schema_version": 0, "attributes": { "condition": [], - "etag": "BwY2DdQrt9Y=", + "etag": "BwY2DeqBDyE=", "id": "v1/projects/gen-lang-client-0424120530/locations/us-central1/services/contoso/roles/run.invoker/allUsers", "location": "us-central1", "member": "allUsers", @@ -802,7 +802,7 @@ "delete_protection_state": "DELETE_PROTECTION_DISABLED", "deletion_policy": "ABANDON", "earliest_version_time": "2025-05-26T17:30:34.654251Z", - "etag": "IInb+u7cwY0DMLiE6qfXwY0D", + "etag": "IJPvj6vewY0DMLiE6qfXwY0D", "id": "projects/gen-lang-client-0424120530/databases/contoso-imagedb", "key_prefix": "", "location_id": "us-central1", diff --git a/main.py b/main.py index 96b2b64..68e8c8e 100644 --- a/main.py +++ b/main.py @@ -140,9 +140,38 @@ def custom_openapi(): if "schemas" not in openapi_schema["components"]: openapi_schema["components"]["schemas"] = {} - # Note: Authentication is now handled properly in individual route modules - # Public endpoints (auth, users, teams) don't require authentication - # Protected endpoints (images, search) require API key authentication + + # Apply security to protected endpoints + # Look for endpoints that use get_current_user dependency and apply ApiKeyAuth + for path, path_item in openapi_schema.get("paths", {}).items(): + for method, operation in path_item.items(): + if method in ["get", "post", "put", "delete", "patch"]: + # Check if this endpoint requires authentication by looking at the operation ID or tags + operation_id = operation.get("operationId", "") + tags = operation.get("tags", []) + + # Apply security to protected endpoints + # These are endpoints that require authentication based on our API design + protected_paths = [ + "/api/v1/auth/api-keys", + "/api/v1/auth/verify", + "/api/v1/auth/admin/", + "/api/v1/images", + "/api/v1/search" + ] + + # Check if this is a protected endpoint + is_protected = False + for protected_path in protected_paths: + if protected_path in path: + # Skip the public API key creation endpoint + if path == "/api/v1/auth/api-keys" and method == "post": + continue + is_protected = True + break + + if is_protected: + operation["security"] = [{"ApiKeyAuth": []}] app.openapi_schema = openapi_schema return app.openapi_schema