Skip to content

Add API write token configuration and tests#91

Merged
shayancoin merged 2 commits intomainfrom
codex/add-_load_expected_write_token-to-security.py
Oct 17, 2025
Merged

Add API write token configuration and tests#91
shayancoin merged 2 commits intomainfrom
codex/add-_load_expected_write_token-to-security.py

Conversation

@shayancoin
Copy link
Owner

@shayancoin shayancoin commented Oct 16, 2025

Summary

  • add configuration support for an API write token and cache loading in the security helpers
  • document the new API_WRITE_TOKEN requirement and forward it through docker compose environments
  • expand Hygraph pull endpoint tests to cover authorization failures and success paths

Testing

  • pytest backend/tests/test_sync_routes_metrics.py (fails: ModuleNotFoundError: No module named 'sqlalchemy')

https://chatgpt.com/codex/tasks/task_e_68f12bd6856c83308e935d2b4b529283

Summary by CodeRabbit

  • Documentation

    • Updated API write token configuration documentation with details on privileged sync endpoints.
  • Bug Fixes

    • Modified API write token validation error response to return HTTP 403 status code.
  • Chores

    • Updated environment configuration to support API write token setup.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 16, 2025

Caution

Review failed

The pull request is closed.

Walkthrough

This pull request updates API write token authentication and configuration. It modifies the error response in the require_write_token function from HTTP 401 to HTTP 403, adds a test helper function to manipulate the API write token environment variable, documents the API_WRITE_TOKEN variable in configuration files and docker-compose manifests, and propagates the token into container environments.

Changes

Cohort / File(s) Summary
Documentation updates
backend/README.md, docs/plan/paform-fastapi-extension-v0-1-plan.md
Added API_WRITE_TOKEN documentation for privileged sync endpoints and updated environment variable planning.
Security logic
backend/api/security.py
Modified require_write_token to return HTTP 403 FORBIDDEN (instead of 401 UNAUTHORIZED) when Authorization header is missing or invalid.
Test infrastructure
backend/tests/test_sync_routes_metrics.py
Added _set_write_token() test helper function to toggle API_WRITE_TOKEN environment variable and clear related caches.
Docker configuration
docker-compose.dev.yml, docker-compose.yml
Added API_WRITE_TOKEN=${API_WRITE_TOKEN} environment variable entry to backend services.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

The changes are straightforward: a simple error code modification, basic test helper addition, and repetitive environment variable configuration. No complex logic or control flow alterations. The consistency of changes across files reduces cognitive overhead.

Possibly related PRs

Poem

🐰 Token guard hops high, with 403 in sight,
Where 401 once stood, now proper rights,
Environment keys dance in config files true,
Docker secrets spin—authentication renewed!

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The description provides a summary and testing details but does not follow the repository’s required template because it omits the PR Type, Short Description, and Tests Added sections. Please revise the pull request description to match the repository template by adding a "PR Type" header with one of the allowed categories, a "Short Description" section summarizing the change, and a "Tests Added" section listing the new tests.
Docstring Coverage ⚠️ Warning Docstring coverage is 41.67% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (1 passed)
Check name Status Explanation
Title Check ✅ Passed The title concisely summarizes the primary changes of this pull request by highlighting the addition of API write token configuration and tests, making it clear and specific without unnecessary details.

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eaa4555 and 117ced8.

📒 Files selected for processing (3)
  • backend/README.md (1 hunks)
  • backend/api/security.py (1 hunks)
  • backend/tests/test_sync_routes_metrics.py (1 hunks)

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 17, 2025

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #155

coderabbitai bot added a commit that referenced this pull request Oct 17, 2025
….py`

Docstrings generation was requested by @shayancoin.

* #91 (comment)

The following files were modified:

* `backend/api/config.py`
* `backend/api/security.py`
* `backend/tests/test_sync_routes_metrics.py`
@shayancoin shayancoin merged commit 8427074 into main Oct 17, 2025
0 of 5 checks passed
shayancoin added a commit that referenced this pull request Oct 18, 2025
….py` (#155)

Docstrings generation was requested by @shayancoin.

* #91 (comment)

The following files were modified:

* `backend/api/config.py`
* `backend/api/security.py`
* `backend/tests/test_sync_routes_metrics.py`

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Shayan <shayan@coin.link>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant