From 9302283e866056e09cec39a0a5976195c819fe79 Mon Sep 17 00:00:00 2001 From: giles Date: Tue, 3 Feb 2026 00:23:14 +0000 Subject: [PATCH] Add admin token support to runs list endpoint --- app/routers/runs.py | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/app/routers/runs.py b/app/routers/runs.py index d151fbf..7111f04 100644 --- a/app/routers/runs.py +++ b/app/routers/runs.py @@ -515,11 +515,25 @@ async def list_runs( offset: int = 0, limit: int = 20, run_service: RunService = Depends(get_run_service), - ctx: UserContext = Depends(require_auth), + ctx: UserContext = Depends(get_current_user), ): """List all runs for the current user.""" + import os - runs = await run_service.list_runs(ctx.actor_id, offset=offset, limit=limit) + # Check for admin token if no user auth + admin_token = os.environ.get("ADMIN_TOKEN") + request_token = request.headers.get("X-Admin-Token") + admin_actor_id = request.headers.get("X-Actor-Id") + + if not ctx and (not admin_token or request_token != admin_token): + raise HTTPException(401, "Authentication required") + + # Use context actor_id or admin actor_id + actor_id = ctx.actor_id if ctx else admin_actor_id + if not actor_id: + raise HTTPException(400, "X-Actor-Id header required with admin token") + + runs = await run_service.list_runs(actor_id, offset=offset, limit=limit) has_more = len(runs) >= limit if wants_json(request): @@ -566,12 +580,12 @@ async def list_runs( run["input_previews"] = input_previews from ..dependencies import get_nav_counts - nav_counts = await get_nav_counts(ctx.actor_id) + nav_counts = await get_nav_counts(actor_id) templates = get_templates(request) return render(templates, "runs/list.html", request, runs=runs, - user=ctx, + user=ctx or {"actor_id": actor_id}, nav_counts=nav_counts, offset=offset, limit=limit,