auth.py

Overview

The auth.py file provides custom authentication classes designed to be used with the Python requests library. These classes facilitate the inclusion of authorization tokens in HTTP request headers, enabling secure interaction with different APIs in the InfiniFlow ecosystem.

Specifically, this file defines two authentication handlers:

• RAGFlowHttpApiAuth: Adds a Bearer token to the Authorization header, suitable for RESTful HTTP APIs.

• RAGFlowWebApiAuth: Adds a raw token string to the Authorization header, suitable for web APIs that expect the token without the "Bearer" prefix.

Both classes inherit from requests.auth.AuthBase, making them compatible with requests's authentication mechanism.

Classes

RAGFlowHttpApiAuth

Description

This class attaches a Bearer token to the Authorization header of outgoing HTTP requests. The token is prefixed with the keyword "Bearer " as per OAuth 2.0 bearer token usage conventions.

Constructor

def __init__(self, token: str):

• Parameters:

  • token (str): The bearer token string used for authentication.

• Usage:

auth = RAGFlowHttpApiAuth(token="your_bearer_token_here")
response = requests.get("https://api.example.com/data", auth=auth)

Methods

def __call__(self, r: requests.PreparedRequest) -> requests.PreparedRequest:

• Parameters:

  • r (requests.PreparedRequest): The prepared HTTP request object before being sent.

• Returns:

  • The modified requests.PreparedRequest object with the Authorization header set.

• Functionality:

  • Adds the header: "Authorization": "Bearer <token>".

• Usage:
  This method is called internally by the requests library when the request is prepared and sent.

RAGFlowWebApiAuth

Description

This class attaches a raw token string directly to the Authorization header without any prefix. It is intended for web APIs that expect the token as-is in the header.

Constructor

def __init__(self, token: str):

• Parameters:

  • token (str): The raw token string used for authentication.

• Usage:

auth = RAGFlowWebApiAuth(token="raw_token_string_here")
response = requests.get("https://webapi.example.com/resource", auth=auth)

Methods

def __call__(self, r: requests.PreparedRequest) -> requests.PreparedRequest:

• Parameters:

  • r (requests.PreparedRequest): The prepared HTTP request object before being sent.

• Returns:

  • The modified requests.PreparedRequest object with the Authorization header set.

• Functionality:

  • Adds the header: "Authorization": "<token>" (no "Bearer" prefix).

• Usage:
  This method is called internally by the requests library when the request is prepared and sent.

Implementation Details

• Both classes inherit from AuthBase, the base class provided by requests for implementing custom authentication.

• The key method is call, which requests expects to modify the outgoing PreparedRequest object.

• By setting the Authorization header in call, the token is automatically included in every HTTP request where the auth instance is passed.

• RAGFlowHttpApiAuth follows the OAuth 2.0 Bearer Token standard, while RAGFlowWebApiAuth supports APIs expecting the token without any prefix.

Interaction With Other System Components

• These authentication classes are intended to be used wherever HTTP requests are made to protected endpoints within the InfiniFlow system.

• They are plug-and-play with the requests library, making them reusable components for all HTTP/Web API calls requiring token-based authentication.

• They abstract away the manual insertion of authorization headers, promoting secure and consistent authentication practices across the application.

• Higher-level API clients or service modules within InfiniFlow likely instantiate these classes and pass them to requests sessions or calls.

Example Usage

import requests
from auth import RAGFlowHttpApiAuth, RAGFlowWebApiAuth

# Using RAGFlowHttpApiAuth for a REST API
http_auth = RAGFlowHttpApiAuth(token="abc123bearertoken")
response = requests.get("https://api.infiflow.com/v1/data", auth=http_auth)
print(response.status_code, response.json())

# Using RAGFlowWebApiAuth for a Web API
web_auth = RAGFlowWebApiAuth(token="rawtoken123")
response = requests.get("https://web.infiflow.com/resource", auth=web_auth)
print(response.status_code, response.content)

Mermaid Class Diagram

classDiagram
    class RAGFlowHttpApiAuth {
        -_token: str
        +__init__(token: str)
        +__call__(r: PreparedRequest) PreparedRequest
    }
    class RAGFlowWebApiAuth {
        -_token: str
        +__init__(token: str)
        +__call__(r: PreparedRequest) PreparedRequest
    }
    RAGFlowHttpApiAuth --|> AuthBase
    RAGFlowWebApiAuth --|> AuthBase

Summary

The auth.py file encapsulates two streamlined authentication handlers for the InfiniFlow ecosystem that integrate seamlessly with requests. By abstracting token handling into dedicated classes, it improves code maintainability, security, and clarity in API interactions. The distinction between Bearer and raw token formats ensures compatibility with diverse API authentication schemes.