gh auth, commit

# What does this PR do? ## Test Plan # What does this PR do? ## Test Plan
2025-06-28 10:54:19 +00:00 · 2025-06-24 16:28:17 -07:00 · 2025-06-24 16:28:17 -07:00 · 94282d3482
commit 94282d3482
parent 114946ae88
9 changed files with 962 additions and 43 deletions
--- a/llama_stack/distribution/server/auth.py
+++ b/llama_stack/distribution/server/auth.py
@ -81,13 +81,23 @@ class AuthenticationMiddleware:
    def __init__(self, app, auth_config: AuthenticationConfig):
        self.app = app
        self.auth_provider = create_auth_provider(auth_config)
+        self.public_paths = self.auth_provider.get_public_paths()

    async def __call__(self, scope, receive, send):
        if scope["type"] == "http":
+            # Skip authentication for public paths defined by the provider
+            path = scope.get("path", "")
+            if any(path.startswith(public_path) for public_path in self.public_paths):
+                return await self.app(scope, receive, send)
+
            headers = dict(scope.get("headers", []))
            auth_header = headers.get(b"authorization", b"").decode()

-            if not auth_header or not auth_header.startswith("Bearer "):
+            if not auth_header:
+                error_msg = self.auth_provider.get_auth_error_message(scope)
+                return await self._send_auth_error(send, error_msg)
+
+            if not auth_header.startswith("Bearer "):
                return await self._send_auth_error(send, "Missing or invalid Authorization header")

            token = auth_header.split("Bearer ", 1)[1]