&`i ddlZddlmZddlmZmZmZddlmZm Z ej e Z ddedeeedeeefdZd eeefd eeeffd Zd ed ed eefdZdS)N) ModuleType)DictListOptional)authentication_constantsauthentication_utilsaiohttp_modulewhitelisted_exact_pathswhitelisted_path_prefixesc>jjfd}|S)anInternal helper to create token auth middleware with provided modules. Args: aiohttp_module: The aiohttp module to use whitelisted_exact_paths: List of exact paths that don't require authentication whitelisted_path_prefixes: List of path prefixes that don't require authentication Returns: An aiohttp middleware function cKtjs||d{VSr |jvs)r8|jt r||d{VS|jtjd}|s%|jtj d}|s5|j tj }|rtj |z}|sj ddStj|sj ddS||d{VS)zMiddleware to validate bearer tokens when token authentication is enabled. In minimal Ray installations (without ray._raylet), this middleware is a no-op and passes all requests through without authentication. Nz*Unauthorized: Missing authentication token)statustextz'Forbidden: Invalid authentication token) auth_utilsis_token_auth_enabledpath startswithtupleheadersgetrAUTHORIZATION_HEADER_NAMERAY_AUTHORIZATION_HEADER_NAMEcookies AUTHENTICATION_TOKEN_COOKIE_NAMEAUTHORIZATION_BEARER_PREFIXwebResponsevalidate_request_token)requesthandler auth_headertokenr r r s /home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/ray/_private/authentication/http_token_authentication.pytoken_auth_middlewarez8get_token_auth_middleware..token_auth_middlewares/11 * )))))))) ) $ * 8O(O(O %)P ''.G(H(HII)P!)))))))) )o)) $ >   !/--(FK O''(IE -H5P !%..!M/ 0== !%..!J/ WW%%%%%%%%%)r middleware)r r r r's``` r&get_token_auth_middlewarer* sD"3&3&3&3&3&3&#"3&j ! r( user_headersreturnc"tjsiSddlm}t d|D}|riS|}|}|st d|S)Nr)AuthenticationTokenLoaderc3ZK|]&}|tjkV'dS)N)lowerrr).0keys r& z3get_auth_headers_if_auth_enabled..]sG  /IIr(zeToken authentication is enabled but no token was found. Requests to authenticated clusters will fail.) rr ray._rayletr.anykeysinstanceget_token_for_http_headerloggerwarning)r+r. has_user_auth token_loader auth_headerss r& get_auth_headers_if_auth_enabledr>Us  + - - 555555$$&&M ,5577L99;;L   <   r(rbodyc|dkr!d|tjS|dkr!d|tjSdS)zCReturn a user-friendly authentication error message, if applicable.rz*Authentication required: {body} {details})r?detailsrz(Authentication failed: {body} {details}N)formatr3TOKEN_AUTH_ENABLED_BUT_NO_TOKEN_FOUND_ERROR_MESSAGETOKEN_INVALID_ERROR_MESSAGE)rr?s r& format_authentication_http_errorrErsm}}=DD,`E   }};BB,HC   4r()NN)loggingtypesrtypingrrrray._private.authenticationrrr getLogger__name__r9strr*r>intrEr(r&rOs:''''''''''  8 $ $ 4859E!E!E!%d3i0E! (S 2E!E!E!E!P4S>d3PS8n:S r(