From a31c6ce3f9c352dfe683cc7fa26e1cf630e105e1 Mon Sep 17 00:00:00 2001
From: Willem Melching <willem.melching@gmail.com>
Date: Thu, 30 Sep 2021 20:13:46 +0200
Subject: [PATCH] tools: make auth optional for public routes (#22386)

* tools: make auth optional for public routes

* handle 403

* show warning from c++ replay
---
 selfdrive/ui/qt/api.cc   | 10 ++++++++--
 tools/lib/api.py         |  4 +---
 tools/lib/auth_config.py |  4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/selfdrive/ui/qt/api.cc b/selfdrive/ui/qt/api.cc
index 90ba5fd53..0c344056f 100644
--- a/selfdrive/ui/qt/api.cc
+++ b/selfdrive/ui/qt/api.cc
@@ -92,7 +92,10 @@ void HttpRequest::sendRequest(const QString &requestURL, const HttpRequest::Meth
 
   QNetworkRequest request;
   request.setUrl(QUrl(requestURL));
-  request.setRawHeader(QByteArray("Authorization"), ("JWT " + token).toUtf8());
+
+  if (!token.isEmpty()) {
+    request.setRawHeader(QByteArray("Authorization"), ("JWT " + token).toUtf8());
+  }
 
   if (method == HttpRequest::Method::GET) {
     reply = networkAccessManager->get(request);
@@ -119,8 +122,11 @@ void HttpRequest::requestFinished() {
       success = true;
       emit receivedResponse(response);
     } else {
-      qDebug() << reply->errorString();
       emit failedResponse(reply->errorString());
+
+      if (reply->error() == QNetworkReply::ContentAccessDenied || reply->error() == QNetworkReply::AuthenticationRequiredError) {
+        qWarning() << ">>  Unauthorized. Authenticate with tools/lib/auth.py  <<";
+      }
     }
   } else {
     networkAccessManager->clearAccessCache();
diff --git a/tools/lib/api.py b/tools/lib/api.py
index 3323a0316..6ff9242f2 100644
--- a/tools/lib/api.py
+++ b/tools/lib/api.py
@@ -1,6 +1,5 @@
 import os
 import requests
-from tools.lib.auth_config import clear_token
 API_HOST = os.getenv('API_HOST', 'https://api.commadotai.com')
 
 class CommaApi():
@@ -14,8 +13,7 @@ class CommaApi():
     resp = self.session.request(method, API_HOST + '/' + endpoint, **kwargs)
     resp_json = resp.json()
     if isinstance(resp_json, dict) and resp_json.get('error'):
-      if resp.status_code == 401:
-        clear_token()
+      if resp.status_code in [401, 403]:
         raise UnauthorizedError('Unauthorized. Authenticate with tools/lib/auth.py')
 
       e = APIError(str(resp.status_code) + ":" + resp_json.get('description', str(resp_json['error'])))
diff --git a/tools/lib/auth_config.py b/tools/lib/auth_config.py
index 4863430c7..1699d94e5 100644
--- a/tools/lib/auth_config.py
+++ b/tools/lib/auth_config.py
@@ -21,8 +21,8 @@ def get_token():
     with open(os.path.join(CONFIG_DIR, 'auth.json')) as f:
       auth = json.load(f)
       return auth['access_token']
-  except Exception as e:
-    raise MissingAuthConfigError('Authenticate with tools/lib/auth.py') from e
+  except Exception:
+    return None
 
 
 def set_token(token):