feat: auth bypass for dev and testing

ENVIRONMENT must be "local" and DISABLE_AUTH set for this to be active. Both of these default to production values to prevent this being enabled accidentally.

Resolves #5

src/auth/service.py

@@ -28,6 +28,9 @@ from src.organisation.dependencies import org_model_dependency
 oidc = OpenIdConnect(openIdConnectUrl=auth_settings.OIDC_CONFIG)
 oidc_dependency = Annotated[str, Depends(oidc)]
 
+def get_dev_user():
+	return {"db_id": 1}
+
 
 async def get_current_user(oidc_auth_string: oidc_dependency) -> dict[str, Any]:
 	config_url = urlopen(auth_settings.OIDC_CONFIG)

src/config.py

@@ -23,6 +23,7 @@ class Config(CustomBaseSettings):
     APP_VERSION: str = "0.1"
     ENVIRONMENT: Environment = Environment.PRODUCTION
     SECRET_KEY: SecretStr = ""
+    DISABLE_AUTH: bool = False
 
     CORS_ORIGINS: list[str] = ["*"]
     CORS_ORIGINS_REGEX: str | None = None

src/main.py

@@ -12,6 +12,7 @@ from src.config import settings
 from src.api import api_router
 
 from src.auth.config import auth_settings
+from src.auth.service import get_current_user, get_dev_user
 
 
 @asynccontextmanager
@@ -22,8 +23,8 @@ async def lifespan(_application: FastAPI) -> AsyncGenerator:
 
 
 if settings.ENVIRONMENT.is_deployed:
-	# Do this only on prod
+	# Just a precaution, should be False anyway
-	pass
+	settings.DISABLE_AUTH = False
 
 
 tags_metadata = [
@@ -57,4 +58,8 @@ app.add_middleware(
 	allow_headers=settings.CORS_HEADERS,
 )
 
+if settings.ENVIRONMENT == "local" and settings.DISABLE_AUTH:
+	app.dependency_overrides[get_current_user] = get_dev_user
+
+
 app.include_router(api_router)