Skip to content

Commit

Permalink
Check for client secret before serving anything
Browse files Browse the repository at this point in the history
  • Loading branch information
@emdoyle
emdoyle committed Jul 23, 2024
1 parent e50269d commit ad32fdc
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 1 deletion.
20 changes: 19 additions & 1 deletion api/src/app.py
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,29 @@
from __future__ import annotations
from typing import Any

from fastapi import FastAPI
from fastapi import FastAPI, HTTPException, Request, Response

from src import settings
from src.deploy.routes import router as deploy_router

app = FastAPI()


AUTH_EXEMPT = ["/healthcheck"]


@app.middleware("http")
async def auth_check(request: Request, call_next: Any):
print(settings.CLIENT_SECRET, request.headers.get("X-Client-Secret"))
if (
request.url.path not in AUTH_EXEMPT
and settings.CLIENT_SECRET != request.headers.get("X-Client-Secret")
):
return Response(status_code=403)

return await call_next(request)


@app.get("/healthcheck")
def healthcheck():
return {"ok": True}
Expand Down
2 changes: 2 additions & 0 deletions api/src/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,5 @@

LAMBDA_ROLE_ARN = env.str("LAMBDA_ROLE_ARN")
AWS_DEFAULT_REGION = env.str("AWS_DEFAULT_REGION", "us-east-1")

CLIENT_SECRET = env.str("CLIENT_SECRET")

0 comments on commit ad32fdc

Please sign in to comment.