server: add PUBLIC_MODE settings to allow listing for anonymous user

server/env.example

@@ -25,6 +25,15 @@
 #AUTH_FIEF_CLIENT_SECRET=xxx
 
 
+## =======================================================
+## Public mode
+## =======================================================
+## If set to true, anonymous transcripts will be
+## accessible to anybody.
+
+#PUBLIC_MODE=false
+
+
 ## =======================================================
 ## Transcription backend
 ##

server/reflector/settings.py

@@ -87,5 +87,9 @@ class Settings(BaseSettings):
     AUTH_FIEF_CLIENT_ID: str | None = None
     AUTH_FIEF_CLIENT_SECRET: str | None = None
 
+    # API public mode
+    # if set, all anonymous record will be public
+    PUBLIC_MODE: bool = False
+
 
 settings = Settings()

server/reflector/views/transcripts.py

@@ -214,12 +214,13 @@ class DeletionStatus(BaseModel):
 
 @router.get("/transcripts", response_model=Page[GetTranscript])
 async def transcripts_list(
-    user: auth.UserInfo = Depends(auth.current_user),
+    user: Annotated[Optional[auth.UserInfo], Depends(auth.current_user_optional)],
 ):
-    if not user:
+    if not user and not settings.PUBLIC_MODE:
         raise HTTPException(status_code=401, detail="Not authenticated")
 
-    return paginate(await transcripts_controller.get_all(user_id=user["sub"]))
+    user_id = user["sub"] if user else None
+    return paginate(await transcripts_controller.get_all(user_id=user_id))
 
 
 @router.post("/transcripts", response_model=GetTranscript)
@@ -367,8 +368,13 @@ ws_manager = WebsocketManager()
 
 
 @router.websocket("/transcripts/{transcript_id}/events")
-async def transcript_events_websocket(transcript_id: str, websocket: WebSocket):
-    transcript = await transcripts_controller.get_by_id(transcript_id)
+async def transcript_events_websocket(
+    transcript_id: str,
+    websocket: WebSocket,
+    user: Annotated[Optional[auth.UserInfo], Depends(auth.current_user_optional)],
+):
+    user_id = user["sub"] if user else None
+    transcript = await transcripts_controller.get_by_id(transcript_id, user_id=user_id)
     if not transcript:
         raise HTTPException(status_code=404, detail="Transcript not found")
 

server/tests/test_transcripts.py

@@ -49,11 +49,21 @@ async def test_transcripts_list_anonymous():
     # XXX this test is a bit fragile, as it depends on the storage which
     #     is shared between tests
     from reflector.app import app
+    from reflector.settings import settings
 
     async with AsyncClient(app=app, base_url="http://test/v1") as ac:
         response = await ac.get("/transcripts")
         assert response.status_code == 401
 
+    # if public mode, it should be allowed
+    try:
+        settings.PUBLIC_MODE = True
+        async with AsyncClient(app=app, base_url="http://test/v1") as ac:
+            response = await ac.get("/transcripts")
+            assert response.status_code == 200
+    finally:
+        settings.PUBLIC_MODE = False
+
 
 @pytest.fixture
 @pytest.mark.asyncio