add env variable to skip token authentication on endpoints (#72)

hsunami10 · web-flow · commit 8a46065eb45f · 2025-04-16T16:02:56.000-04:00
diff --git a/.env.example b/.env.example
@@ -15,4 +15,7 @@ export FIREBASE_PRIVATE_KEY_ID=''
 export FIREBASE_PRIVATE_KEY=''
 export FIREBASE_CLIENT_EMAIL=''
 export FIREBASE_CLIENT_ID=''
-export FIREBASE_CLIENT_X509_CERT_URL=''
+export FIREBASE_CLIENT_X509_CERT_URL=''
+
+# To skip firebase token authentication on endpoints. DO NOT ENABLE IN PRODUCTION.
+export SKIP_FIREBASE_TOKEN_AUTH=false
diff --git a/server/auth.py b/server/auth.py
@@ -1,9 +1,10 @@
 from .firebase import auth
 from pydantic import BaseModel
 from functools import wraps
-from typing import Callable, Optional, TypeVar, cast
+from typing import Callable, TypeVar, cast
 from flask import abort, request, jsonify, g
 from .logging import logger
+from .config import SKIP_FIREBASE_TOKEN_AUTH
 
 class FirebaseIDTokenData(BaseModel):
     uid: str
@@ -47,6 +48,9 @@ def protected_route():
     """
     @wraps(f)
     def decorated_function(*args, **kwargs):
+        if SKIP_FIREBASE_TOKEN_AUTH:
+            return f(*args, **kwargs)
+
         auth_header = request.headers.get('Authorization')
         if not auth_header or not auth_header.startswith('Bearer '):
             return jsonify({"error": "Authorization header required"}), 401
diff --git a/server/config.py b/server/config.py
@@ -1,5 +1,8 @@
 import os
 import logging
+from typing import Literal
+
+SKIP_FIREBASE_TOKEN_AUTH = bool(os.getenv("SKIP_FIREBASE_TOKEN_AUTH", False))
 
 # See if we are running in subnet mode
 SUBNET_MODE = os.getenv("subnet_mode", "false").lower() == "true"
