Spaces:
Running
Running
auth
Browse files
CLAUDE.md
CHANGED
|
@@ -114,11 +114,17 @@ Rarity scoring for leaderboard:
|
|
| 114 |
|
| 115 |
## Authentication Strategy
|
| 116 |
|
| 117 |
-
**
|
| 118 |
-
-
|
| 119 |
-
-
|
| 120 |
-
-
|
| 121 |
-
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 122 |
|
| 123 |
## Integration with Frontend
|
| 124 |
|
|
@@ -159,6 +165,7 @@ git add -A && git commit -m "Update" && git push
|
|
| 159 |
|
| 160 |
### Environment Variables
|
| 161 |
- `HF_TOKEN`: **Required** - HuggingFace write token (set in Space Secrets)
|
|
|
|
| 162 |
- `DATASET_REPO`: Target dataset (default: "Fraser/piclets")
|
| 163 |
|
| 164 |
## Key Implementation Details
|
|
|
|
| 114 |
|
| 115 |
## Authentication Strategy
|
| 116 |
|
| 117 |
+
**Web UI Authentication**:
|
| 118 |
+
- Gradio `auth` protects web interface from casual access
|
| 119 |
+
- Requires username="admin" and password from `ADMIN_PASSWORD` env var
|
| 120 |
+
- Prevents random users from manually creating piclets via UI
|
| 121 |
+
- **Does NOT affect API access** - programmatic clients bypass this
|
| 122 |
+
|
| 123 |
+
**API-Level Authentication**:
|
| 124 |
+
- OAuth token verification for user attribution
|
| 125 |
+
- Tokens verified via `https://huggingface.co/oauth/userinfo`
|
| 126 |
+
- User profiles keyed by stable HF `sub` (user ID)
|
| 127 |
+
- All discovery data is public (embracing open discovery)
|
| 128 |
|
| 129 |
## Integration with Frontend
|
| 130 |
|
|
|
|
| 165 |
|
| 166 |
### Environment Variables
|
| 167 |
- `HF_TOKEN`: **Required** - HuggingFace write token (set in Space Secrets)
|
| 168 |
+
- `ADMIN_PASSWORD`: **Required** - Password for web UI access (set in Space Secrets)
|
| 169 |
- `DATASET_REPO`: Target dataset (default: "Fraser/piclets")
|
| 170 |
|
| 171 |
## Key Implementation Details
|
README.md
CHANGED
|
@@ -51,9 +51,10 @@ python app.py
|
|
| 51 |
- Choose Gradio SDK
|
| 52 |
- Set to public
|
| 53 |
|
| 54 |
-
2. **Set up
|
| 55 |
- Go to Space Settings → Repository secrets
|
| 56 |
- Add `HF_TOKEN` with write permissions to `Fraser/piclets` dataset
|
|
|
|
| 57 |
|
| 58 |
3. **Push the code**:
|
| 59 |
```bash
|
|
@@ -81,6 +82,18 @@ metadata/
|
|
| 81 |
leaderboard.json # Top discoverers by rarity score
|
| 82 |
```
|
| 83 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 84 |
## Frontend Integration
|
| 85 |
|
| 86 |
### JavaScript/TypeScript
|
|
|
|
| 51 |
- Choose Gradio SDK
|
| 52 |
- Set to public
|
| 53 |
|
| 54 |
+
2. **Set up secrets**:
|
| 55 |
- Go to Space Settings → Repository secrets
|
| 56 |
- Add `HF_TOKEN` with write permissions to `Fraser/piclets` dataset
|
| 57 |
+
- Add `ADMIN_PASSWORD` with a secure password (protects web UI)
|
| 58 |
|
| 59 |
3. **Push the code**:
|
| 60 |
```bash
|
|
|
|
| 82 |
leaderboard.json # Top discoverers by rarity score
|
| 83 |
```
|
| 84 |
|
| 85 |
+
## Authentication
|
| 86 |
+
|
| 87 |
+
**Web UI Access**: Protected by username/password authentication
|
| 88 |
+
- Username: `admin`
|
| 89 |
+
- Password: Set via `ADMIN_PASSWORD` environment variable
|
| 90 |
+
- Prevents casual users from manually creating piclets via the web interface
|
| 91 |
+
|
| 92 |
+
**API Access**: Programmatic access via Gradio Client works without authentication
|
| 93 |
+
- Your frontend app can call endpoints directly
|
| 94 |
+
- No authentication required for API clients
|
| 95 |
+
- OAuth tokens verified at the API level for user attribution
|
| 96 |
+
|
| 97 |
## Frontend Integration
|
| 98 |
|
| 99 |
### JavaScript/TypeScript
|
app.py
CHANGED
|
@@ -744,4 +744,6 @@ with gr.Blocks(title="Piclets Discovery Server") as app:
|
|
| 744 |
""")
|
| 745 |
|
| 746 |
if __name__ == "__main__":
|
| 747 |
-
|
|
|
|
|
|
|
|
|
| 744 |
""")
|
| 745 |
|
| 746 |
if __name__ == "__main__":
|
| 747 |
+
# Protect web UI with authentication while allowing API access
|
| 748 |
+
admin_password = os.getenv("ADMIN_PASSWORD", "changeme")
|
| 749 |
+
app.launch(auth=("admin", admin_password))
|