feat(BA-4838): add NoAuth strategy and BackendAIClientRegistry to webserver#9595
Open
feat(BA-4838): add NoAuth strategy and BackendAIClientRegistry to webserver#9595
Conversation
fregataa
added a commit
that referenced
this pull request
Mar 3, 2026
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a persistent v2 anonymous Backend.AI client on the webserver app and refactors forwarding-header construction into a reusable helper, aligning request proxying behavior across different HTTP callers.
Changes:
- Extract
build_forwarding_headers(request)inweb/auth.pyand refactorfill_forwarding_hdrs_to_api_session()to use it. - Add
anon_client_ctx()inweb/server.pyto create/close a persistentBackendAIAnonymousClient(v2) and register it onapp["anon_client"]viaAsyncExitStack. - Add a changelog entry documenting the new persistent anon client and header builder extraction.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
src/ai/backend/web/server.py |
Adds an async context manager to create/close a v2 anonymous client and registers it on the app lifecycle. |
src/ai/backend/web/auth.py |
Introduces build_forwarding_headers() and refactors existing session header population to use it. |
changes/9595.feature.md |
Documents the new persistent v2 anonymous client and forwarding header helper extraction. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jopemachine
reviewed
Mar 3, 2026
fregataa
added a commit
that referenced
this pull request
Mar 3, 2026
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fregataa
force-pushed
the
feature/BA-4838
branch
2 times, most recently
from
15d42ea to
db1555c
Compare
fregataa
changed the title
fregataa
added a commit
that referenced
this pull request
Mar 5, 2026
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fregataa
force-pushed
the
feature/BA-4838
branch
from
e6b1205 to
f2330ce
Compare
jopemachine
reviewed
Mar 5, 2026
fregataa
force-pushed
the
feature/BA-4838
branch
from
f2330ce to
6498dd7
Compare
Extract build_forwarding_headers() as a pure function in web/auth.py, refactor fill_forwarding_hdrs_to_api_session() to use it, and add anon_client_ctx() context manager registered as app["anon_client"]. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…aders - Create aiohttp.ClientSession with TCPConnector(limit=connection_limit) for the anonymous client to match webserver concurrency settings - Fix docstring in build_forwarding_headers() to accurately describe usage - Remove redundant `if _headers:` guard since the dict is always non-empty Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…oAuth strategy - Add NoAuth(AuthStrategy) that returns empty headers from sign() - Replace anon_client_ctx/app["anon_client"] with client_registry_ctx/app["client_registry"] - Use BackendAIClientRegistry.create() as a single facade for auth and anon clients Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ndler - Add extra_headers support to BackendAIAuthClient._request() and typed_request() - Add extra_headers passthrough to AuthClient.update_password_no_auth() - Replace v1 APISession-based anonymous call with registry.auth.update_password_no_auth() Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clarify that the registry uses NoAuth strategy by reflecting it in the name. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fregataa
force-pushed
the
feature/BA-4838
branch
from
6498dd7 to
28394b2
Compare
jopemachine
reviewed
Mar 6, 2026
| @@ -0,0 +1 @@ | |||
| Register a persistent `BackendAIClientRegistry` on the webserver app (`app["client_registry"]`) using the new `NoAuth` strategy, and extract `build_forwarding_headers()` as a reusable pure function for building proxy forwarding headers. | |||
Member
There was a problem hiding this comment.
It seems news fragment also should be updated
jopemachine
reviewed
Mar 6, 2026
| manager rather than crash internally. | ||
| """ | ||
|
|
||
| def sign( |
Member
There was a problem hiding this comment.
Suggested change
| def sign( | |
| @override | |
| def sign( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
NoAuth(AuthStrategy)toclient/v2/auth.pythat returns empty headers fromsign(), for use by the webserver which has no real keypairanon_client_ctx/app["anon_client"]withclient_registry_ctx/app["client_registry"]usingBackendAIClientRegistry.create(config, NoAuth())build_forwarding_headers()as a reusable pure function and refactorfill_forwarding_hdrs_to_api_session()to use it internallyTest plan
app["client_registry"]is accessible and properly initializedResolves BA-4838
🤖 Generated with Claude Code