feat: implement local authentication mode and update related components

2026-02-11 19:10:23 +05:30
parent 0ff645f795
commit 06ff1a9720
23 changed files with 563 additions and 93 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -3,7 +3,7 @@
 from __future__ import annotations

 from pathlib import Path
-from typing import Self
+from typing import Literal, Self

 from pydantic import Field, model_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict
@@ -26,8 +26,12 @@ class Settings(BaseSettings):
    environment: str = "dev"
    database_url: str = "postgresql+psycopg://postgres:postgres@localhost:5432/openclaw_agency"

+    # Auth mode: "clerk" for Clerk JWT auth, "local" for shared bearer token auth.
+    auth_mode: Literal["clerk", "local"]
+    local_auth_token: str = ""
+
    # Clerk auth (auth only; roles stored in DB)
-    clerk_secret_key: str = Field(min_length=1)
+    clerk_secret_key: str = ""
    clerk_api_url: str = "https://api.clerk.com"
    clerk_verify_iat: bool = True
    clerk_leeway: float = 10.0
@@ -47,8 +51,16 @@ class Settings(BaseSettings):

    @model_validator(mode="after")
    def _defaults(self) -> Self:
-        if not self.clerk_secret_key.strip():
-            raise ValueError("CLERK_SECRET_KEY must be set and non-empty.")
+        if self.auth_mode == "clerk":
+            if not self.clerk_secret_key.strip():
+                raise ValueError(
+                    "CLERK_SECRET_KEY must be set and non-empty when AUTH_MODE=clerk.",
+                )
+        elif self.auth_mode == "local":
+            if not self.local_auth_token.strip():
+                raise ValueError(
+                    "LOCAL_AUTH_TOKEN must be set and non-empty when AUTH_MODE=local.",
+                )
        # In dev, default to applying Alembic migrations at startup to avoid
        # schema drift (e.g. missing newly-added columns).
        if "db_auto_migrate" not in self.model_fields_set and self.environment == "dev":