From 6062445c12d0bb6ad472bc348e8ddf0531a37879 Mon Sep 17 00:00:00 2001
From: gahusb <bgg8988@gmail.com>
Date: Fri, 15 May 2026 08:56:03 +0900
Subject: [PATCH] =?UTF-8?q?fix(stock-webai):=20final=20review=20notes=20?=
 =?UTF-8?q?=E2=80=94=20env=20default=20+=201-time=20auth=20error=20log?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(1) docker-compose: ${WEBAI_API_KEY} → ${WEBAI_API_KEY:-} matches
project convention, avoids "variable not set" warning when NAS .env
lacks the key during initial deploy.

(2) auth.py: ERROR log when WEBAI_API_KEY env unset fires only on
first miss, then silent (module-level _WEBAI_AUTH_WARNED flag).
Flag resets when env becomes configured, so future regressions log
again. Eliminates log spam under web-ai polling (~3/min).

All 102 tests still pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 docker-compose.yml |  2 +-
 stock/app/auth.py  | 13 +++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8a76146..b7dfee3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,7 +43,7 @@ services:
       - OLLAMA_URL=${OLLAMA_URL:-http://192.168.45.59:11435}
       - OLLAMA_MODEL=${OLLAMA_MODEL:-qwen3:14b}
       - CORS_ALLOW_ORIGINS=${CORS_ALLOW_ORIGINS:-http://localhost:3007,http://localhost:8080}
-      - WEBAI_API_KEY=${WEBAI_API_KEY}
+      - WEBAI_API_KEY=${WEBAI_API_KEY:-}
     volumes:
       - ${RUNTIME_PATH}/data/stock:/app/data
     healthcheck:
diff --git a/stock/app/auth.py b/stock/app/auth.py
index 42174d6..e4b1dcb 100644
--- a/stock/app/auth.py
+++ b/stock/app/auth.py
@@ -6,6 +6,8 @@ from starlette.requests import Request
 
 logger = logging.getLogger("stock")
 
+_WEBAI_AUTH_WARNED = False
+
 
 def verify_webai_key(
     request: Request,
@@ -14,14 +16,21 @@ def verify_webai_key(
     """
     /api/webai/* 보호용 FastAPI dependency.
 
-    - WEBAI_API_KEY env 미설정 → 503 (다른 endpoint 무영향)
+    - WEBAI_API_KEY env 미설정 → 503 (다른 endpoint 무영향). 1회만 ERROR 로그.
     - 헤더 누락 또는 키 불일치 → 401 + logger.warning(ip)
     """
+    global _WEBAI_AUTH_WARNED
     configured = os.getenv("WEBAI_API_KEY", "").strip()
     if not configured:
-        logger.error("WEBAI_API_KEY not configured — refusing /api/webai/* request")
+        if not _WEBAI_AUTH_WARNED:
+            logger.error("WEBAI_API_KEY not configured — refusing /api/webai/* requests")
+            _WEBAI_AUTH_WARNED = True
         raise HTTPException(status_code=503, detail="webai auth not configured")
 
+    # env 가 다시 설정되면 flag 해제 → 미래 regression 시 다시 알림
+    if _WEBAI_AUTH_WARNED:
+        _WEBAI_AUTH_WARNED = False
+
     if not x_webai_key or x_webai_key != configured:
         remote = request.client.host if request.client else "?"
         logger.warning("auth_fail path=%s remote=%s", request.url.path, remote)