Skip to content

Refactor authentication to API key-based system and optimize architecture#12

Merged
sanjeevafk merged 3 commits into
mainfrom
dev
Apr 22, 2026
Merged

Refactor authentication to API key-based system and optimize architecture#12
sanjeevafk merged 3 commits into
mainfrom
dev

Conversation

@sanjeevafk

@sanjeevafk sanjeevafk commented Apr 22, 2026

Copy link
Copy Markdown
Owner

This pull request makes significant changes to the authentication system and general configuration of the DepthAPI backend, focusing on removing legacy authentication logic, simplifying the codebase, and updating branding and security settings. The most important changes are summarized below:

Authentication and Security Refactoring:

  • Removed all legacy authentication logic, including JWT verification, admin checks, user existence enforcement, and pro status caching from api/auth.py, leaving only Supabase client initialization. This substantially simplifies authentication and offloads responsibility to external systems or other parts of the codebase. [1] [2]
  • Removed sensitive and unused configuration variables (supabase_jwt_secret, supabase_auth_webhook_secret) from api/config.py, reducing potential security risks.

Branding and Configuration Updates:

  • Updated application branding from "KnowBear" to "DepthAPI" throughout api/main.py, including API title, description, version, and allowed CORS origins. [1] [2] [3]
  • Changed the default allowed CORS origins to the new DepthAPI domains and improved the logic for resolving allowed origins. [1] [2]

Security Header Adjustments:

  • Simplified and tightened security headers in api/main.py, removing unused or redundant directives and references to old domains.

Cleanup and Removal of Unused Files:

  • Removed Dockerfiles related to the frontend and frontend testing, indicating a change in deployment or build strategy. (Dockerfile.frontend, Dockerfile.frontend.test) [1] [2]

These changes collectively modernize and streamline the backend, improve maintainability, and align the project with the new DepthAPI branding.

@sanjeevafk
refactor(auth): migrate to API key-based authentication and unified r…
716461c 
…ate limiting. Purged legacy JWT logic, re-scoped Redis namespaces, and optimized service layer orchestration for headless architecture.
@sanjeevafk
chore: remove obsolete project documentation and design files
bdc53a8
@sanjeevafk
feat: purge legacy consumer artifacts and refactor database schema to…
555f4a9 
… support API key-based scoping
@vercel

vercel Bot commented Apr 22, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
knowbear Error Error Apr 22, 2026 5:32pm

@sanjeevafk sanjeevafk merged commit 548421e into main Apr 22, 2026
3 of 6 checks passed
sanjeevafk added a commit that referenced this pull request May 24, 2026
@sanjeevafk
Refactor authentication to API key-based system and optimize architec…
f174eba 
…ture (#12)

* refactor(auth): migrate to API key-based authentication and unified rate limiting. Purged legacy JWT logic, re-scoped Redis namespaces, and optimized service layer orchestration for headless architecture.

* feat: purge legacy consumer artifacts and refactor database schema to support API key-based scoping
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sanjeevafk