Module: Braintrust::API::Internal::Auth

Defined in:
lib/braintrust/api/internal/auth.rb

Defined Under Namespace

Classes: AuthResult

Class Method Summary collapse

Class Method Details

.login(api_key:, app_url:, org_name: nil) ⇒ AuthResult

Login to Braintrust API

Parameters:

  • api_key (String)

    Braintrust API key

  • app_url (String)

    Braintrust app URL

  • org_name (String, nil) (defaults to: nil)

    Optional org name to filter by

Returns:

Raises:



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/braintrust/api/internal/auth.rb', line 29

def self.(api_key:, app_url:, org_name: nil)
  # Test mode: return fake auth for test API key
  if api_key == "test-api-key"
    Log.debug("Login: using test API key, returning fake auth")
    return AuthResult.new(
      org_id: "test-org-id",
      org_name: org_name || "test-org",
      api_url: "https://api.ruby-sdk-fixture.com",
      proxy_url: "https://proxy.ruby-sdk-fixture.com"
    )
  end

  masked_key = mask_api_key(api_key)
  Log.debug("Login: attempting login with API key #{masked_key}, org #{org_name.inspect}, app URL #{app_url}")

  uri = URI("#{app_url}/api/apikey/login")
  request = Net::HTTP::Post.new(uri)
  request["Authorization"] = "Bearer #{api_key}"

  response = Braintrust::Internal::Http.with_redirects(uri, request)

  Log.debug("Login: received response [#{response.code}]")

  # Handle different status codes
  case response
  when Net::HTTPUnauthorized, Net::HTTPForbidden
    raise Error, "Invalid API key: [#{response.code}]"
  when Net::HTTPBadRequest
    raise Error, "Bad request: [#{response.code}] #{response.body}"
  when Net::HTTPClientError
    raise Error, "Client error: [#{response.code}] #{response.message}"
  when Net::HTTPServerError
    raise Error, "Server error: [#{response.code}] #{response.message}"
  when Net::HTTPSuccess
    # Success - continue processing
  else
    raise Error, "Unexpected response: [#{response.code}] #{response.message}"
  end

  data = JSON.parse(response.body)
  org_info_list = data["org_info"]

  if org_info_list.nil? || org_info_list.empty?
    raise Error, "No organizations found for API key"
  end

  # Select org: filter by org_name if present, else take first
  org_info = if org_name
    found = org_info_list.find { |org| org["name"] == org_name }
    if found
      Log.debug("Login: selected org '#{org_name}' (id: #{found["id"]})")
      found
    else
      available = org_info_list.map { |o| o["name"] }.join(", ")
      raise Error, "Organization '#{org_name}' not found. Available: #{available}"
    end
  else
    selected = org_info_list.first
    Log.debug("Login: selected first org '#{selected["name"]}' (id: #{selected["id"]})")
    selected
  end

  result = AuthResult.new(
    org_id: org_info["id"],
    org_name: org_info["name"],
    api_url: org_info["api_url"],
    proxy_url: org_info["proxy_url"]
  )

  Log.debug("Login: successfully logged in as org '#{result.org_name}' (#{result.org_id})")
  result
end

.mask_api_key(api_key) ⇒ Object

Mask API key for logging (show first 8 chars)



17
18
19
20
21
 
# File 'lib/braintrust/api/internal/auth.rb', line 17

def self.mask_api_key(api_key)
  return "nil" if api_key.nil?
  return api_key if api_key.length <= 8
  "#{api_key[0...8]}...#{api_key[-4..]}"
end