Ways to configure validations/restrictions for http:// urls

[jfbourgon]

Titiler offers a way to configure the specific private and public buckets we want to use inside s3:// urls through the CDK config.py file. This currently translates to LambdaPermission in CloudFormation templates.

Is there a way to configure similar whitelist for http:// (https://) urls that could eventually be translated inside APIGateway Request validation, Lambda validation or something else.

[vincentsarago]

@jfbourgon I'm not sure to understand. if you want to filter what input dataset url a user can use within the TiTiler application you could simply use a custom path_dependency dependency.

from titiler.core.factory import TilerFactory
from titiler.core.errors import DEFAULT_STATUS_CODES, add_exception_handlers

from fastapi import FastAPI


white_list = [
    "https://mydata.io/",
    "https://yourdata.io/",
]

# Custom Path dependency which can `decode` a base64 url
def DatasetPathParams(
    url: str = Query(..., description="Dataset URL"),
) -> str:
    """Create dataset path from args"""
    if not any([url.startswith(x) for x in white_list]):
        raise HTTPException(status_code=404, detail="Invalid Input URL")
    return url

app = FastAPI(title="My simple app")

cog = TilerFactory(path_dependency=DatasetPathParams)
app.include_router(cog.router, tags=["Cloud Optimized GeoTIFF"])

add_exception_handlers(app, DEFAULT_STATUS_CODES)


@app.get("/healthz", description="Health Check", tags=["Health Check"])
def ping():
    """Health check."""
    return {"ping": "pong!"}

[jfbourgon]

Thanks @vincentsarago, we currently deployed Titiler as AWS API Gateway + AWS Lambda but wanted to ensure that we could whitelist the URLs.

We were unsure if such validation was already implemented through configuration or if it would be preferable to alter the code of our Titiler endpoint as you suggested.