vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-05-22 19:47:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
eigent/backend/app/__init__.py
Tong Chen 6c827a3d06
refactor: establish Brain-centered architecture and frontend/backend separation foundations (#1597) 
Co-authored-by: Douglas <douglas.ym.lai@gmail.com>
Co-authored-by: Douglas Lai <115660088+Douglasymlai@users.noreply.github.com>
2026-05-01 17:03:33 +08:00

83 lines
2.8 KiB
Python
Raw Permalink Blame History

# ========= Copyright 2025-2026 @ Eigent.ai All Rights Reserved. =========
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ========= Copyright 2025-2026 @ Eigent.ai All Rights Reserved. =========
import os
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from starlette.middleware.base import BaseHTTPMiddleware
# Initialize FastAPI with title
api = FastAPI(title="Eigent Multi-Agent System API")
@api.get("/")
def root():
"""Root endpoint - confirms this is the Brain backend."""
return {"service": "eigent-brain", "docs": "/docs", "health": "/health"}
_cors_raw = os.environ.get("EIGENT_CORS_ORIGINS", "")
_allowed_origins = [o.strip() for o in _cors_raw.split(",") if o.strip()]
_default_frame_ancestors = [
"'self'",
"http://localhost:*",
"http://127.0.0.1:*",
"https://localhost:*",
"https://127.0.0.1:*",
]
_frame_ancestors = " ".join(
dict.fromkeys(
[
*_default_frame_ancestors,
*[origin for origin in _allowed_origins if origin != "*"],
]
)
)
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request, call_next):
response = await call_next(request)
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
path = request.url.path
is_file_preview = path.startswith(
"/files/preview/"
) or path.startswith("/api/v1/files/preview/")
if is_file_preview:
if "X-Frame-Options" in response.headers:
del response.headers["X-Frame-Options"]
response.headers["Content-Security-Policy"] = (
f"frame-ancestors {_frame_ancestors};"
)
else:
response.headers["X-Frame-Options"] = "DENY"
return response
api.add_middleware(
CORSMiddleware,
allow_origins=_allowed_origins or ["*"],
allow_credentials=bool(_allowed_origins),
allow_methods=["*"],
allow_headers=["*"],
expose_headers=["X-Session-ID"],
)
api.add_middleware(SecurityHeadersMiddleware)
# Phase 2: Channel/Session header parsing (X-Channel, X-Session-ID, X-User-ID)
from app.router_layer import ChannelSessionMiddleware
api.add_middleware(ChannelSessionMiddleware)
Reference in a new issue View git blame Copy permalink