trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

Add getAuthUser() auth guard to all ML proxy API routes (task 7.3)

Browse source 
Adds authentication check at the top of each handler in:
- /api/predict
- /api/predict/batch
- /api/model/info
- /api/model/load
- /api/patterns/detect
- /api/patterns/available
- /api/training/start
- /api/training/runs

Returns 401 Unauthorized for unauthenticated requests. Proxy/fetch logic unchanged.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-20 13:10:23 +01:00
parent 5f727d84c6
commit 685639a0d3
9 changed files with 49 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/app/api/model/info/route.ts
View file

@ -1,9 +1,15 @@
import { NextRequest, NextResponse } from 'next/server';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_API_TIMEOUT = parseInt(process.env.INFERENCE_API_TIMEOUT || '10000', 10);
export async function GET(request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
try {
// Forward request to Python inference service
const controller = new AbortController();

6
src/app/api/model/load/route.ts
View file

@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_API_TIMEOUT = parseInt(process.env.INFERENCE_API_TIMEOUT || '30000', 10);
@ -9,6 +10,11 @@ const ModelLoadRequestSchema = z.object({
});
export async function POST(request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), INFERENCE_API_TIMEOUT);

6
src/app/api/patterns/available/route.ts
View file

@ -1,9 +1,15 @@
import { NextRequest, NextResponse } from 'next/server';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_API_TIMEOUT = parseInt(process.env.INFERENCE_API_TIMEOUT || '10000', 10);
export async function GET(_request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), INFERENCE_API_TIMEOUT);

6
src/app/api/patterns/detect/route.ts
View file

@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
// Pattern detection may take longer on large datasets
@ -20,6 +21,11 @@ const PatternDetectRequestSchema = z.object({
});
export async function POST(request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), INFERENCE_API_TIMEOUT);

6
src/app/api/predict/batch/route.ts
View file

@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_BATCH_TIMEOUT = parseInt(process.env.INFERENCE_BATCH_TIMEOUT || '120000', 10);
@ -12,6 +13,11 @@ const BatchPredictRequestSchema = z.object({
});
export async function POST(request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
try {
const body = await request.json();

6
src/app/api/predict/route.ts
View file

@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_API_TIMEOUT = parseInt(process.env.INFERENCE_API_TIMEOUT || '30000', 10);
@ -20,6 +21,11 @@ const PredictRequestSchema = z.object({
});
export async function POST(request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
try {
const body = await request.json();

6
src/app/api/training/runs/route.ts
View file

@ -1,9 +1,15 @@
import { NextRequest, NextResponse } from 'next/server';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_API_TIMEOUT = parseInt(process.env.INFERENCE_API_TIMEOUT || '10000', 10);
export async function GET(_request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), INFERENCE_API_TIMEOUT);

6
src/app/api/training/start/route.ts
View file

@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { getAuthUser } from '@/lib/auth';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_API_TIMEOUT = parseInt(process.env.INFERENCE_API_TIMEOUT || '10000', 10);
@ -10,6 +11,11 @@ const TrainingStartRequestSchema = z.object({
});
export async function POST(request: NextRequest) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), INFERENCE_API_TIMEOUT);