feat: add endpoint access permissions via auth_dependency parameter

[doganarif]

Summary

Adds optional auth_dependency parameter to the Radar class that allows users to secure the dashboard and API endpoints with any FastAPI dependency function.

Changes

• Add auth_dependency parameter to Radar.init()
• Apply auth dependency to API router via dependencies parameter
• Apply auth dependency to dashboard route via dependencies parameter
• Add comprehensive documentation with examples (HTTP Basic, Bearer, Custom)
• Add commented example in example_app.py showing HTTP Basic auth usage

Features

• Maximum flexibility: Works with any FastAPI dependency (OAuth2, JWT, API keys, custom logic)
• Zero overhead: When auth_dependency=None, behaves exactly as before (no performance impact)
• Backward compatible: Existing code continues to work without any changes
• Simple to use: Just pass your auth function to the auth_dependency parameter

Testing

• Verified backward compatibility (no auth_dependency)
• Verified auth_dependency parameter works correctly
• Documentation added with multiple examples

Closes #27

Summary by Sourcery

Introduce an auth_dependency option to the Radar class to protect both the monitoring API and dashboard via FastAPI dependencies, while preserving existing behavior when no authentication is configured and providing detailed documentation with examples.

New Features:

• Add optional auth_dependency parameter to Radar to secure dashboard and API endpoints using any FastAPI dependency

Enhancements:

• Ensure zero performance impact when auth_dependency is None
• Maintain backward compatibility with existing Radar usage

Documentation:

• Augment README and example_app with comprehensive authentication examples (HTTP Basic, Bearer, and custom)

---

Summary by cubic

Add an optional auth_dependency to Radar to secure the dashboard and API endpoints with any FastAPI dependency. Default behavior stays the same when not set.

• New Features
  • Added auth_dependency parameter to Radar.init.
  • Applied the dependency to the API router and dashboard route via FastAPI dependencies.
  • Expanded README and added minimal example apps (HTTP Basic, Bearer token, custom).

^{Written for commit c7297a1. Summary will update automatically on new commits.}

[sourcery-ai]

Reviewer's Guide

The PR introduces an optional auth_dependency parameter to the Radar class, propagates this dependency to both API and dashboard endpoints via FastAPI’s dependencies system, and updates documentation and examples to illustrate usage.

Sequence diagram for request authentication with auth_dependency

sequenceDiagram
actor User
participant FastAPI
participant Radar
participant "auth_dependency"
User->>FastAPI: Request to /__radar or /__radar/api
FastAPI->>Radar: Route request
Radar->>"auth_dependency": Execute authentication dependency (if set)
"auth_dependency"-->>Radar: Authentication result
Radar->>FastAPI: Serve dashboard/API if authenticated
FastAPI-->>User: Response

Loading

Class diagram for updated Radar class with auth_dependency

classDiagram
class Radar {
    +app
    +db_engine
    +dashboard_path
    +exclude_paths
    +slow_query_threshold
    +theme
    +service_name
    +include_in_schema
    +db_path
    +auth_dependency
    +query_capture
    +__init__(app, db_engine, dashboard_path, exclude_paths, slow_query_threshold, theme, service_name, include_in_schema, db_path, auth_dependency)
    +_setup_api(include_in_schema)
    +_setup_dashboard(include_in_schema)
}
Radar --> "1" create_api_router : uses

Loading

Class diagram for updated create_api_router function with auth_dependency

classDiagram
class create_api_router {
    +get_session_context
    +auth_dependency
    +returns: APIRouter
}
create_api_router --> APIRouter : returns

Loading

File-Level Changes

Change	Details	Files
Introduce auth_dependency in Radar class and apply it to dashboard routes	Add auth_dependency parameter to Radar.init Store auth_dependency on the Radar instance Pass auth_dependency into create_api_router in _setup_api Import Depends and apply auth_dependency to dashboard GET route via dependencies list	fastapi_radar/radar.py
Extend API router creation to accept and enforce auth_dependency	Update create_api_router signature to accept auth_dependency Build dependencies list inside create_api_router Attach dependencies list to APIRouter via dependencies parameter	fastapi_radar/api.py
Update documentation and examples to cover auth_dependency usage	Add auth_dependency parameter section and usage notes in README.md Provide HTTP Basic, Bearer, and custom FastAPI dependency examples Include commented example for HTTP Basic auth in example_app.py	README.md example_app.py

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#27	Enable setting authentication for FastAPI-Radar endpoints (dashboard and API) via a configurable mechanism.	✅
#27	Document how to use the authentication mechanism, including examples for common authentication methods.	✅

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[cubic-dev-ai]

No issues found across 4 files