Spaces:
Sleeping
Sleeping
Commit
·
d9fa998
1
Parent(s):
fb20d97
feat: validate x-api-key only and remove client id
Browse files
app.py
CHANGED
|
@@ -20,7 +20,6 @@ from fastapi.openapi.docs import (
|
|
| 20 |
load_dotenv()
|
| 21 |
IS_DEV = os.environ.get('ENV', 'DEV') != 'PROD'
|
| 22 |
AWS_S3_BUCKET_NAME = os.getenv('AWS_S3_BUCKET_NAME', '')
|
| 23 |
-
CLIENT_ID = os.environ.get('CLIENT_ID')
|
| 24 |
X_API_KEY = os.environ.get('X_API_KEY')
|
| 25 |
|
| 26 |
logging.basicConfig(
|
|
@@ -68,7 +67,6 @@ def healthcheck():
|
|
| 68 |
@app.post("/image")
|
| 69 |
async def upload(
|
| 70 |
o: ImageObject,
|
| 71 |
-
client_id: str = Header(...),
|
| 72 |
x_request_user: str = Header(...),
|
| 73 |
x_api_key: str = Header(...)
|
| 74 |
):
|
|
@@ -76,7 +74,7 @@ async def upload(
|
|
| 76 |
logging.info("--------------------------------")
|
| 77 |
logging.info("Received request to upload image")
|
| 78 |
|
| 79 |
-
if is_valid(
|
| 80 |
key = f'{o.key}/{o.job_no}/{o.name}'
|
| 81 |
logging.info(f'Key for S3 upload: {key}')
|
| 82 |
if o.content is not None:
|
|
@@ -103,7 +101,6 @@ async def upload(
|
|
| 103 |
|
| 104 |
@app.post("/image-multiparts")
|
| 105 |
async def upload2(
|
| 106 |
-
client_id: str = Header(...),
|
| 107 |
x_request_user: str = Header(...),
|
| 108 |
x_api_key: str = Header(...),
|
| 109 |
job_no: Annotated[str, Form()] = '',
|
|
@@ -118,7 +115,7 @@ async def upload2(
|
|
| 118 |
logging.info("Received request to upload image")
|
| 119 |
|
| 120 |
# Validate headers
|
| 121 |
-
if not is_valid(
|
| 122 |
res.status = HTTPStatus.FORBIDDEN
|
| 123 |
res.error = "Invalid credentials"
|
| 124 |
return res.json()
|
|
@@ -147,8 +144,8 @@ async def upload2(
|
|
| 147 |
|
| 148 |
return res.json()
|
| 149 |
|
| 150 |
-
def is_valid(
|
| 151 |
-
return
|
| 152 |
|
| 153 |
if __name__=='__main__':
|
| 154 |
uvicorn.run('app:app', host='0.0.0.0', port=7860, reload=True)
|
|
|
|
| 20 |
load_dotenv()
|
| 21 |
IS_DEV = os.environ.get('ENV', 'DEV') != 'PROD'
|
| 22 |
AWS_S3_BUCKET_NAME = os.getenv('AWS_S3_BUCKET_NAME', '')
|
|
|
|
| 23 |
X_API_KEY = os.environ.get('X_API_KEY')
|
| 24 |
|
| 25 |
logging.basicConfig(
|
|
|
|
| 67 |
@app.post("/image")
|
| 68 |
async def upload(
|
| 69 |
o: ImageObject,
|
|
|
|
| 70 |
x_request_user: str = Header(...),
|
| 71 |
x_api_key: str = Header(...)
|
| 72 |
):
|
|
|
|
| 74 |
logging.info("--------------------------------")
|
| 75 |
logging.info("Received request to upload image")
|
| 76 |
|
| 77 |
+
if is_valid(x_api_key):
|
| 78 |
key = f'{o.key}/{o.job_no}/{o.name}'
|
| 79 |
logging.info(f'Key for S3 upload: {key}')
|
| 80 |
if o.content is not None:
|
|
|
|
| 101 |
|
| 102 |
@app.post("/image-multiparts")
|
| 103 |
async def upload2(
|
|
|
|
| 104 |
x_request_user: str = Header(...),
|
| 105 |
x_api_key: str = Header(...),
|
| 106 |
job_no: Annotated[str, Form()] = '',
|
|
|
|
| 115 |
logging.info("Received request to upload image")
|
| 116 |
|
| 117 |
# Validate headers
|
| 118 |
+
if not is_valid(x_api_key):
|
| 119 |
res.status = HTTPStatus.FORBIDDEN
|
| 120 |
res.error = "Invalid credentials"
|
| 121 |
return res.json()
|
|
|
|
| 144 |
|
| 145 |
return res.json()
|
| 146 |
|
| 147 |
+
def is_valid(p):
|
| 148 |
+
return p == X_API_KEY
|
| 149 |
|
| 150 |
if __name__=='__main__':
|
| 151 |
uvicorn.run('app:app', host='0.0.0.0', port=7860, reload=True)
|