fix: use model_validator for API keys validation

Changed from field_validator to model_validator to properly access auth_enabled field during validation. This fixes the SettingsError when parsing mcp_api_keys from environment variables. Also improved handling of empty strings and None values.
2026-01-29 20:27:36 +01:00
parent 0d986eb78b
commit 0945f560ff
1 changed files with 11 additions and 10 deletions
--- a/src/aegis_gitea_mcp/config.py
+++ b/src/aegis_gitea_mcp/config.py
@@ -3,7 +3,7 @@
 from pathlib import Path
 from typing import List, Optional

-from pydantic import Field, HttpUrl, field_validator
+from pydantic import Field, HttpUrl, field_validator, model_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict


@@ -109,7 +109,12 @@ class Settings(BaseSettings):
    @classmethod
    def parse_api_keys(cls, v: object) -> List[str]:
        """Parse API keys from comma-separated string or list."""
+        if v is None:
+            return []
        if isinstance(v, str):
+            # Empty string returns empty list
+            if not v.strip():
+                return []
            # Split by comma and strip whitespace
            keys = [key.strip() for key in v.split(",") if key.strip()]
            return keys
@@ -117,28 +122,24 @@ class Settings(BaseSettings):
            return v
        return []

-    @field_validator("mcp_api_keys")
-    @classmethod
-    def validate_api_keys(cls, v: List[str], info) -> List[str]:
+    @model_validator(mode="after")
+    def validate_api_keys_if_auth_enabled(self) -> "Settings":
        """Validate API keys if authentication is enabled."""
-        # Get auth_enabled from values (it's already been processed)
-        auth_enabled = info.data.get("auth_enabled", True)
-        
-        if auth_enabled and not v:
+        if self.auth_enabled and not self.mcp_api_keys:
            raise ValueError(
                "At least one API key must be configured when auth_enabled=True. "
                "Set MCP_API_KEYS environment variable or disable auth with AUTH_ENABLED=false"
            )
        
        # Validate key format (at least 32 characters for security)
-        for key in v:
+        for key in self.mcp_api_keys:
            if len(key) < 32:
                raise ValueError(
                    f"API keys must be at least 32 characters long. "
                    f"Use scripts/generate_api_key.py to generate secure keys."
                )
        
-        return v
+        return self

    @property
    def gitea_base_url(self) -> str: