From e491b5b19d77e45bfa05ccbb7f64e4369891aa75 Mon Sep 17 00:00:00 2001
From: dm <>
Date: Tue, 26 Aug 2025 20:27:11 +0300
Subject: [PATCH] added api via headers, now only one, need updete for
 multiuser

---
 app/api.py | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/app/api.py b/app/api.py
index 165b32e..3efb1a1 100644
--- a/app/api.py
+++ b/app/api.py
@@ -1,13 +1,22 @@
-from fastapi import FastAPI, File, UploadFile, HTTPException
+from fastapi import FastAPI, File, UploadFile, Depends, HTTPException, Security
 from fastapi.responses import FileResponse, PlainTextResponse
+from fastapi.security import APIKeyHeader
 from sqlalchemy import exists
 import hashlib
 from . import db
-import os
 from dotenv import load_dotenv
-import os 
+import os
+
 load_dotenv()
+
 FILES_DIR = os.getenv("FILES_DIR")
+API_KEY = os.getenv("API_KEY")
+api_key_header = APIKeyHeader(name="X-API-Key")
+
+def verify_api_key(api_key: str = Security(api_key_header)):
+    if api_key != API_KEY:
+        raise HTTPException(status_code=403, detail="Forbidden")
+    return api_key
 
 def compute_hash(data: bytes, algorithm="sha256") -> str:
     h = hashlib.new(algorithm)
@@ -18,11 +27,11 @@ app = FastAPI()
 
 
 @app.get("/")
-def root():
+async def root():
     return {"message": "hiii from sfs"}
 
 @app.post("/file")
-async def save_file(file: UploadFile = File(...)):
+async def save_file(file: UploadFile = File(...), api_key: str = Depends(verify_api_key)):
     contents = await file.read()
     
     hash = compute_hash(contents)
@@ -43,7 +52,7 @@ async def save_file(file: UploadFile = File(...)):
         return {"status": "file_exists", "filename": existed_url}
 
 @app.get("/file/{filename}")
-def get_file(filename: str, raw: bool = False):
+async def get_file(filename: str, raw: bool = False, api_key: str = Depends(verify_api_key)):
     file_path = os.path.join(FILES_DIR, filename)
 
     if not os.path.exists(file_path):
@@ -56,7 +65,7 @@ def get_file(filename: str, raw: bool = False):
 
 
 @app.delete("/file/{filename}")
-def delete_file(filename: str):
+async def delete_file(filename: str, api_key: str = Depends(verify_api_key)):
     if db.remove_file(filename):
         file_path = f"{FILES_DIR}/{filename}"
         if os.path.exists(file_path):
@@ -65,7 +74,7 @@ def delete_file(filename: str):
     return {"status": "error", "message": "no file like that"}
 
 @app.get("/files/")
-def get_list_of_files():
+async def get_list_of_files(api_key: str = Depends(verify_api_key)):
     files = db.get_all_files()
     return [
         {
@@ -79,5 +88,5 @@ def get_list_of_files():
     ]
 
 @app.get("/healthchecker")
-def healthchecker():
+async def healthchecker(api_key: str = Depends(verify_api_key)):
     return {"message": "Howdy :3"}