From ad32fdc87d0146a2b9495ccb036f58fe076ca831 Mon Sep 17 00:00:00 2001
From: Evan Doyle <evanmdoyle@gmail.com>
Date: Mon, 22 Jul 2024 18:11:01 -0700
Subject: [PATCH] Check for client secret before serving anything

---
 api/src/app.py      | 20 +++++++++++++++++++-
 api/src/settings.py |  2 ++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/api/src/app.py b/api/src/app.py
index 52a0acf..d8d2071 100644
--- a/api/src/app.py
+++ b/api/src/app.py
@@ -1,11 +1,29 @@
 from __future__ import annotations
+from typing import Any
 
-from fastapi import FastAPI
+from fastapi import FastAPI, HTTPException, Request, Response
 
+from src import settings
 from src.deploy.routes import router as deploy_router
 
 app = FastAPI()
 
+
+AUTH_EXEMPT = ["/healthcheck"]
+
+
+@app.middleware("http")
+async def auth_check(request: Request, call_next: Any):
+    print(settings.CLIENT_SECRET, request.headers.get("X-Client-Secret"))
+    if (
+        request.url.path not in AUTH_EXEMPT
+        and settings.CLIENT_SECRET != request.headers.get("X-Client-Secret")
+    ):
+        return Response(status_code=403)
+
+    return await call_next(request)
+
+
 @app.get("/healthcheck")
 def healthcheck():
     return {"ok": True}
diff --git a/api/src/settings.py b/api/src/settings.py
index 6e50bf2..40b878e 100644
--- a/api/src/settings.py
+++ b/api/src/settings.py
@@ -15,3 +15,5 @@
 
 LAMBDA_ROLE_ARN = env.str("LAMBDA_ROLE_ARN")
 AWS_DEFAULT_REGION = env.str("AWS_DEFAULT_REGION", "us-east-1")
+
+CLIENT_SECRET = env.str("CLIENT_SECRET")