feat: DIA-1839: Add JWT auth for API tokens

label_studio/core/middleware.py

@@ -205,6 +205,7 @@
             or
             # scim assign request.user implicitly, check CustomSCIMAuthCheckMiddleware
             (hasattr(request, 'is_scim') and request.is_scim)
+            or (hasattr(request, 'is_jwt') and request.is_jwt)
         ):
             return
 
@@ -248,3 +249,38 @@
                 del response['Content-Security-Policy-Report-Only']
             delattr(response, '_override_report_only_csp')
         return response
+
+
+def get_user_jwt(request):
+    from django.contrib.auth.middleware import get_user
+    from rest_framework_simplejwt.authentication import JWTAuthentication
+    user = get_user(request)
+    if user.is_authenticated:
+        return user
+
+    jwt_authentication = JWTAuthentication()
+    auth_header = jwt_authentication.get_header(request)
+    if not auth_header:
+        return None
+    if isinstance(auth_header, str):
+        auth_header = auth_header.encode()
+
+    raw_token = jwt_authentication.get_raw_token(auth_header)
+    validated_token = jwt_authentication.get_validated_token(
+        raw_token
+    )
+    user = jwt_authentication.get_user(validated_token)
+    if user:
+        return user
+
+class JWTAuthenticationMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        from django.utils.functional import SimpleLazyObject
+        user = SimpleLazyObject(lambda: get_user_jwt(request))
+        if user:
+            request.user = user
+            request.is_jwt = True
+        return self.get_response(request)