r/pallas
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

chore(logging): add diagnostic logs for inbound auth forwarding

Browse Source 
Add info-level logging to trace bearer token capture and forwarding
through fastagent, including token length/prefix and reasons for
skipping forward (existing user auth, oauth, or missing inbound token).
Also log warnings on bearer extraction errors instead of silently
swallowing exceptions.
This commit is contained in:
Robert Helewka
2026-05-04 21:20:49 -04:00
parent e7f1e044b7
commit 68b486d62a
2 changed files with 34 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
pallas/_fastagent_patch.py
View File

@@ -32,25 +32,44 @@ _original_prepare = _mcm._prepare_headers_and_auth
def _prepare_headers_and_auth_with_forward(server_config, **kwargs): def _prepare_headers_and_auth_with_forward(server_config, **kwargs):
headers, oauth_auth, user_auth_keys = _original_prepare(server_config, **kwargs) headers, oauth_auth, user_auth_keys = _original_prepare(server_config, **kwargs)
if not getattr(server_config, "forward_inbound_auth", False): server_name = getattr(server_config, "name", None)
forward_flag = getattr(server_config, "forward_inbound_auth", False)
if not forward_flag:
return headers, oauth_auth, user_auth_keys return headers, oauth_auth, user_auth_keys
if user_auth_keys: if user_auth_keys:
logger.info(
"fastagent_forward_skipped_user_auth",
extra={"server": server_name},
)
return headers, oauth_auth, user_auth_keys return headers, oauth_auth, user_auth_keys
if oauth_auth is not None: if oauth_auth is not None:
logger.info(
"fastagent_forward_skipped_oauth",
extra={"server": server_name},
)
return headers, oauth_auth, user_auth_keys return headers, oauth_auth, user_auth_keys
inbound = request_bearer_token.get() inbound = request_bearer_token.get()
if not inbound: if not inbound:
logger.info(
"fastagent_forward_no_inbound",
extra={"server": server_name},
)
return headers, oauth_auth, user_auth_keys return headers, oauth_auth, user_auth_keys
headers = dict(headers) headers = dict(headers)
headers["Authorization"] = f"Bearer {inbound}" headers["Authorization"] = f"Bearer {inbound}"
user_auth_keys = set(user_auth_keys) | {"Authorization"} user_auth_keys = set(user_auth_keys) | {"Authorization"}
logger.debug( logger.info(
"fastagent_forward_inbound_auth", "fastagent_forward_inbound_auth",
extra={"server": getattr(server_config, "name", None)}, extra={
"server": server_name,
"token_len": len(inbound),
"token_prefix": inbound[:8],
},
) )
return headers, oauth_auth, user_auth_keys return headers, oauth_auth, user_auth_keys

15
pallas/multimodal_server.py
View File

@@ -52,9 +52,18 @@ def _get_request_bearer_token() -> str | None:
request = get_http_request() request = get_http_request()
auth = request.headers.get("authorization", "") auth = request.headers.get("authorization", "")
if auth.lower().startswith("bearer "): if auth.lower().startswith("bearer "):
return auth[7:] token = auth[7:]
except Exception: logger.info(
pass "pallas_inbound_bearer_captured",
data={"token_len": len(token), "token_prefix": token[:8]},
)
return token
logger.info(
"pallas_inbound_bearer_absent",
data={"has_auth_header": bool(auth)},
)
except Exception as exc:
logger.warning("pallas_inbound_bearer_error", data={"error": str(exc)})
return None return None