dm/sfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'security'

Browse Source
This commit is contained in:
dm
2025-09-04 11:47:29 +03:00
parent 1032c08a40 19b2afcb43
commit ba48ff5c1c
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/api.py
View File

@@ -8,11 +8,12 @@ from io import BytesIO
from . import db
from dotenv import load_dotenv
import os
import hmac
load_dotenv()
FILES_DIR = os.getenv("FILES_DIR")
API_KEY = os.getenv("API_KEY")
API_KEY_HASH = os.getenv("API_KEY_HASH")
api_key_header = APIKeyHeader(name="X-API-Key")
FTP_URL = os.getenv("FTP_URL")
@@ -21,8 +22,10 @@ FTP_PASSWORD = os.getenv("FTP_PASSWORD")
CACHE_DIR = "cache"
def verify_api_key(api_key: str = Security(api_key_header)):
if api_key != API_KEY:
raise HTTPException(status_code=403, detail="Forbidden")
api_key_hashed = hashlib.sha256(api_key.encode()).hexdigest()
if not hmac.compare_digest(api_key_hashed, API_KEY_HASH):
raise HTTPException(status_code=403, detail="Forbidden. (╥﹏╥)")
return api_key
def compute_hash(data: bytes, algorithm="sha256") -> str: