Merge branch 'security'
This commit is contained in:
dm
2
.env
2
.env
@@ -1,5 +1,5 @@
|
|||||||
FILES_DIR="./files"
|
FILES_DIR="./files"
|
||||||
API_KEY="aboba"
|
API_KEY_HASH="a6c79a27049109e472b246b5dfbe08aedff1e9e2259597e54032dbad4958d4ad"
|
||||||
FILES_PADDING="5"
|
FILES_PADDING="5"
|
||||||
DATABASE_NAME="files.db"
|
DATABASE_NAME="files.db"
|
||||||
FTP_URL="ftp"
|
FTP_URL="ftp"
|
||||||
|
|||||||
@@ -8,11 +8,12 @@ from io import BytesIO
|
|||||||
from . import db
|
from . import db
|
||||||
from dotenv import load_dotenv
|
from dotenv import load_dotenv
|
||||||
import os
|
import os
|
||||||
|
import hmac
|
||||||
|
|
||||||
load_dotenv()
|
load_dotenv()
|
||||||
|
|
||||||
FILES_DIR = os.getenv("FILES_DIR")
|
FILES_DIR = os.getenv("FILES_DIR")
|
||||||
API_KEY = os.getenv("API_KEY")
|
API_KEY_HASH = os.getenv("API_KEY_HASH")
|
||||||
api_key_header = APIKeyHeader(name="X-API-Key")
|
api_key_header = APIKeyHeader(name="X-API-Key")
|
||||||
|
|
||||||
FTP_URL = os.getenv("FTP_URL")
|
FTP_URL = os.getenv("FTP_URL")
|
||||||
@@ -21,8 +22,10 @@ FTP_PASSWORD = os.getenv("FTP_PASSWORD")
|
|||||||
CACHE_DIR = "cache"
|
CACHE_DIR = "cache"
|
||||||
|
|
||||||
def verify_api_key(api_key: str = Security(api_key_header)):
|
def verify_api_key(api_key: str = Security(api_key_header)):
|
||||||
if api_key != API_KEY:
|
api_key_hashed = hashlib.sha256(api_key.encode()).hexdigest()
|
||||||
raise HTTPException(status_code=403, detail="Forbidden")
|
if not hmac.compare_digest(api_key_hashed, API_KEY_HASH):
|
||||||
|
raise HTTPException(status_code=403, detail="Forbidden. (╥﹏╥)")
|
||||||
|
|
||||||
return api_key
|
return api_key
|
||||||
|
|
||||||
def compute_hash(data: bytes, algorithm="sha256") -> str:
|
def compute_hash(data: bytes, algorithm="sha256") -> str:
|
||||||
|
|||||||
Reference in New Issue
Block a user