Merge dev to main: Security improvements and comprehensive test infrastructure #39

Merged
jimmy merged 195 commits from dev into main 2026-04-08 01:42:27 +08:00
Showing only changes of commit e8f1373b41 - Show all commits
+14 -1
View File
@@ -4,7 +4,7 @@ import threading
import tempfile
from typing import Optional
from pydantic import BaseModel
from fastapi import HTTPException, Request, status
from fastapi import HTTPException, Request, status, Depends
import config
@@ -136,3 +136,16 @@ def require_write():
if user.role == "viewer" and request.method != "GET":
raise HTTPException(status_code=403, detail="Read-only access")
return checker
async def _inject_user(request: Request, user = Depends(lambda: None)):
"""Dependency to store user in request.state for rbac dependencies.
Note: This expects auth to be handled by a parent dependency.
Import auth module at runtime to avoid circular imports.
"""
if user is None:
import auth as auth_module
user = await auth_module.get_current_user(request)
request.state.user = user
return user