Skip to content

auth_middleware

auth_middleware

API key authentication middleware for the OpenJarvis server.

Classes

AuthMiddleware 

AuthMiddleware(app, api_key: str = '')

Bases: BaseHTTPMiddleware

Validates Authorization: Bearer <key> on /v1/* routes.

Webhook routes and health checks are exempt — they use per-channel signature verification instead.

Source code in src/openjarvis/server/auth_middleware.py 
31
32
33
def __init__(self, app, api_key: str = "") -> None:  # noqa: ANN001
    super().__init__(app)
    self._api_key = api_key or os.environ.get("OPENJARVIS_API_KEY", "")

Functions

generate_api_key 

generate_api_key() -> str

Generate a new API key with oj_sk_ prefix.

Source code in src/openjarvis/server/auth_middleware.py 
56
57
58
def generate_api_key() -> str:
    """Generate a new API key with ``oj_sk_`` prefix."""
    return f"oj_sk_{secrets.token_urlsafe(32)}"

check_bind_safety 

check_bind_safety(host: str, *, api_key: str) -> None

Refuse to bind non-loopback without an API key.

Raises SystemExit if host is not a loopback address and api_key is empty.

Source code in src/openjarvis/server/auth_middleware.py 
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
def check_bind_safety(host: str, *, api_key: str) -> None:
    """Refuse to bind non-loopback without an API key.

    Raises ``SystemExit`` if *host* is not a loopback address and
    *api_key* is empty.
    """
    import ipaddress
    import sys

    try:
        is_loop = ipaddress.ip_address(host).is_loopback
    except ValueError:
        is_loop = host in ("localhost", "")

    if not is_loop and not api_key:
        logger.error(
            "Binding to %s requires OPENJARVIS_API_KEY to be set. "
            "Run: jarvis auth generate-key",
            host,
        )
        sys.exit(1)