Fix auth_verify to accept admin/user/register secrets directly

- Check secrets (admin_secrets, user_secrets, register_secrets) before API keys - Allow UI to authenticate with the secrets provided in .env - Secrets now work as expected for authentication - API keys still supported as fallback for backward compatibility
2025-11-07 00:33:09 +01:00
parent 43750b32d7
commit 43ad9b60aa
1 changed files with 28 additions and 0 deletions
--- a/core/src/openrpc.rs
+++ b/core/src/openrpc.rs
@@ -964,6 +964,34 @@ impl SupervisorRpcServer for Arc<Mutex<Supervisor>> {
        let key = get_current_api_key()
            .ok_or_else(|| ErrorObject::owned(-32602, "Missing Authorization header", None::<()>))?;
        
+        // Check if it's an admin secret
+        if supervisor.has_admin_secret(&key) {
+            return Ok(crate::auth::AuthVerifyResponse {
+                valid: true,
+                name: "Admin Secret".to_string(),
+                scope: "admin".to_string(),
+            });
+        }
+        
+        // Check if it's a user secret
+        if supervisor.has_user_secret(&key) {
+            return Ok(crate::auth::AuthVerifyResponse {
+                valid: true,
+                name: "User Secret".to_string(),
+                scope: "user".to_string(),
+            });
+        }
+        
+        // Check if it's a register secret
+        if supervisor.has_register_secret(&key) {
+            return Ok(crate::auth::AuthVerifyResponse {
+                valid: true,
+                name: "Register Secret".to_string(),
+                scope: "register".to_string(),
+            });
+        }
+        
+        // Check if it's an API key
        match supervisor.verify_api_key(&key).await {
            Some(api_key) => {
                Ok(crate::auth::AuthVerifyResponse {