Spaces:

aigchacker
/

a1d-mcp-server

Running

App Files Files Community

yuxh1996 commited on 6 days ago

Commit

98727e9

1 Parent(s): c1359fb

Enhance API key retrieval and validation for MCP clients

Browse files

Files changed (1) hide show

app.py +27 -13

app.py CHANGED Viewed

@@ -16,38 +16,50 @@ def get_api_client():
     """Get API client with current API key"""
     # Try to get API key from multiple sources
     api_key = None
     # 1. Try from request headers (for MCP clients)
     try:
         request = gr.request()
         if request and hasattr(request, 'headers'):
-            api_key = get_api_key_from_headers(dict(request.headers))
-    except:
-        pass
     # 2. Check if running on Hugging Face Space
     is_space = os.getenv("SPACE_ID") is not None
     space_api_key = os.getenv("A1D_API_KEY")
     # 3. Determine if this is a web browser request or MCP client request
     is_web_request = False
-    try:
-        request = gr.request()
-        if request and hasattr(request, 'headers'):
-            user_agent = request.headers.get('user-agent', '').lower()
-            # Web browsers typically have 'mozilla' in user agent
-            is_web_request = 'mozilla' in user_agent or 'chrome' in user_agent or 'safari' in user_agent
-    except:
-        is_web_request = True  # Default to web request if we can't determine
     # 4. Use Space API key ONLY for web browser requests on Hugging Face Space
     if not api_key and is_space and space_api_key and is_web_request:
         print("📡 Using API key from Space environment variable (web demo)")
         return A1DAPIClient(space_api_key)
-    # 5. For MCP clients, API key is mandatory
     if not api_key:
-        raise ValueError(
             "🔑 API key is required for MCP clients!\n\n"
             "Please provide API_KEY in request headers.\n"
             "Get your API key at https://a1d.ai\n\n"
@@ -69,6 +81,8 @@ def get_api_client():
             '  }\n'
             '}'
         )
     print("🔑 Using API key from MCP client headers")
     return A1DAPIClient(api_key)

     """Get API client with current API key"""
     # Try to get API key from multiple sources
     api_key = None
+    user_agent = ""
     # 1. Try from request headers (for MCP clients)
     try:
         request = gr.request()
         if request and hasattr(request, 'headers'):
+            headers = dict(request.headers)
+            api_key = get_api_key_from_headers(headers)
+            user_agent = headers.get('user-agent', '')
+            print(f"🔍 Request headers found - User-Agent: {user_agent}")
+            print(
+                f"🔍 API key from headers: {'Found' if api_key else 'Not found'}")
+    except Exception as e:
+        print(f"🔍 No request context available: {e}")
     # 2. Check if running on Hugging Face Space
     is_space = os.getenv("SPACE_ID") is not None
     space_api_key = os.getenv("A1D_API_KEY")
+    print(
+        f"🔍 Environment check - Is Space: {is_space}, Space API key: {'Found' if space_api_key else 'Not found'}")
     # 3. Determine if this is a web browser request or MCP client request
     is_web_request = False
+    if user_agent:
+        user_agent_lower = user_agent.lower()
+        # Web browsers typically have 'mozilla' in user agent
+        is_web_request = ('mozilla' in user_agent_lower or
+                          'chrome' in user_agent_lower or
+                          'safari' in user_agent_lower or
+                          'edge' in user_agent_lower)
+        print(f"🔍 Request type detection - Is web request: {is_web_request}")
+    else:
+        # If no user agent, assume it's NOT a web request (likely MCP client)
+        is_web_request = False
+        print("🔍 No User-Agent found - assuming MCP client request")
     # 4. Use Space API key ONLY for web browser requests on Hugging Face Space
     if not api_key and is_space and space_api_key and is_web_request:
         print("📡 Using API key from Space environment variable (web demo)")
         return A1DAPIClient(space_api_key)
+    # 5. For MCP clients or when no Space API key available, user API key is mandatory
     if not api_key:
+        error_msg = (
             "🔑 API key is required for MCP clients!\n\n"
             "Please provide API_KEY in request headers.\n"
             "Get your API key at https://a1d.ai\n\n"
             '  }\n'
             '}'
         )
+        print(f"❌ API key validation failed: {error_msg}")
+        raise ValueError(error_msg)
     print("🔑 Using API key from MCP client headers")
     return A1DAPIClient(api_key)