f217a5aea6
Replace X-User-Id header auth with Azure AD JWT token validation. Backend validates tokens via JWKS, frontend uses MSAL for login/token acquisition. Adds logout button, 401 handling, and configurable AZURE_AUTH_ENABLED toggle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
46 lines
1.5 KiB
Python
46 lines
1.5 KiB
Python
from pydantic_settings import BaseSettings
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
DATABASE_URL: str = "postgresql+asyncpg://olivas:olivas@localhost:5453/olivas"
|
|
UPLOAD_DIR: str = "./data/uploads"
|
|
DEVICE: str = "auto" # auto | cpu | cuda
|
|
ANTHROPIC_API_KEY: str = ""
|
|
CORS_ORIGINS: str = "http://localhost:1577"
|
|
BACKEND_HOST: str = "0.0.0.0"
|
|
BACKEND_PORT: int = 8000
|
|
|
|
# Google Cloud Run service URLs (empty = use local processing)
|
|
CLOUD_RUN_SALIENCY_URL: str = "" # e.g. https://olivas-saliency-xxx-ew.a.run.app
|
|
CLOUD_RUN_PROCESSING_URL: str = "" # e.g. https://olivas-processing-xxx-ew.a.run.app
|
|
CLOUD_RUN_SECRET: str = "" # Shared secret for X-Internal-Secret header
|
|
|
|
GOOGLE_CLOUD_PROJECT: str = "optical-414516"
|
|
|
|
# Azure AD SSO
|
|
AZURE_TENANT_ID: str = ""
|
|
AZURE_CLIENT_ID: str = ""
|
|
AZURE_AUTH_ENABLED: bool = True
|
|
|
|
@property
|
|
def use_cloud_run(self) -> bool:
|
|
return bool(self.CLOUD_RUN_SALIENCY_URL)
|
|
|
|
@property
|
|
def device(self) -> str:
|
|
if self.DEVICE == "auto":
|
|
try:
|
|
import torch
|
|
return "cuda" if torch.cuda.is_available() else "cpu"
|
|
except ImportError:
|
|
return "cpu"
|
|
return self.DEVICE
|
|
|
|
@property
|
|
def cors_origins_list(self) -> list[str]:
|
|
return [o.strip() for o in self.CORS_ORIGINS.split(",")]
|
|
|
|
model_config = {"env_file": ".env", "env_file_encoding": "utf-8"}
|
|
|
|
|
|
settings = Settings()
|