Merge dev to main: Security improvements and comprehensive test infrastructure #39

Merged
jimmy merged 195 commits from dev into main 2026-04-08 01:42:27 +08:00
Showing only changes of commit e8f1373b41 - Show all commits
+14 -1
View File
@@ -4,7 +4,7 @@ import threading
import tempfile import tempfile
from typing import Optional from typing import Optional
from pydantic import BaseModel from pydantic import BaseModel
from fastapi import HTTPException, Request, status from fastapi import HTTPException, Request, status, Depends
import config import config
@@ -136,3 +136,16 @@ def require_write():
if user.role == "viewer" and request.method != "GET": if user.role == "viewer" and request.method != "GET":
raise HTTPException(status_code=403, detail="Read-only access") raise HTTPException(status_code=403, detail="Read-only access")
return checker return checker
async def _inject_user(request: Request, user = Depends(lambda: None)):
"""Dependency to store user in request.state for rbac dependencies.
Note: This expects auth to be handled by a parent dependency.
Import auth module at runtime to avoid circular imports.
"""
if user is None:
import auth as auth_module
user = await auth_module.get_current_user(request)
request.state.user = user
return user