From 7b400dc7efea9f40b4a6af9a86ab89dbd228db87 Mon Sep 17 00:00:00 2001
From: Robert Goldmann <deadlocker@gmx.de>
Date: Sat, 16 Jan 2021 12:38:17 +0100
Subject: [PATCH] added authorization:
- create/delete device
---
src/Dependencies.py | 13 +++++++++++++
src/main.py | 8 +++++---
src/routers/DeviceRouter.py | 12 +++++++-----
3 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/src/Dependencies.py b/src/Dependencies.py
index a96609f..022aee1 100644
--- a/src/Dependencies.py
+++ b/src/Dependencies.py
@@ -1,3 +1,7 @@
+from fastapi import Security, HTTPException
+from fastapi.security import APIKeyHeader
+from starlette.status import HTTP_403_FORBIDDEN
+
from logic.databaseNew.Database import SessionLocal
@@ -7,3 +11,12 @@ def get_database():
yield db
finally:
db.close()
+
+
+API_KEY_HEADER = APIKeyHeader(name='apiKey')
+
+
+async def check_api_key(apiKey: str = Security(API_KEY_HEADER)):
+ from main import API_KEY
+ if apiKey != API_KEY:
+ raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail='apiKey invalid')
diff --git a/src/main.py b/src/main.py
index a6ca603..90aa9e7 100644
--- a/src/main.py
+++ b/src/main.py
@@ -14,13 +14,15 @@ Models.Base.metadata.create_all(bind=engine)
with open('version.json', 'r', encoding='UTF-8') as f:
version = json.load(f)['version']
+with open('../settings.json', 'r', encoding='UTF-8') as f:
+ settings = json.load(f)
+
+API_KEY = settings['api']['key']
+
app = FastAPI(title=Constants.APP_NAME,
version=version['name'],
description='The StorageLeaf API')
app.include_router(DeviceRouter.router)
-with open('../settings.json', 'r', encoding='UTF-8') as f:
- settings = json.load(f)
-
if __name__ == '__main__':
uvicorn.run(app, host=settings['server']['listen'], port=settings['server']['port'])
diff --git a/src/routers/DeviceRouter.py b/src/routers/DeviceRouter.py
index 4b509e9..9471e50 100644
--- a/src/routers/DeviceRouter.py
+++ b/src/routers/DeviceRouter.py
@@ -3,7 +3,7 @@ from typing import List
from fastapi import APIRouter, HTTPException, Depends
from sqlalchemy.orm import Session
-from Dependencies import get_database
+from Dependencies import get_database, check_api_key
from logic.databaseNew import Schemas, Crud
from logic.databaseNew.Schemas import Status
@@ -32,8 +32,9 @@ async def read_device(deviceId: int, db: Session = Depends(get_database)):
@router.post('/', response_model=Schemas.Device,
summary='Adds a new device',
- responses={400: {'description': 'Device with this name already exists'}})
-async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
+ responses={400: {'description': 'Device with this name already exists'}},
+ dependencies=[Depends(check_api_key)])
+async def create_device(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
createdDevice = Crud.get_device_by_name(db, device.name)
if createdDevice:
raise HTTPException(status_code=400, detail='Device with this name already exists')
@@ -42,8 +43,9 @@ async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_da
@router.delete('/{deviceId}', response_model=Status,
summary='Gets a specific device',
- responses={404: {'description': 'Device not found'}})
-async def read_device(deviceId: int, db: Session = Depends(get_database)):
+ responses={404: {'description': 'Device not found'}},
+ dependencies=[Depends(check_api_key)])
+async def delete_device(deviceId: int, db: Session = Depends(get_database)):
device = Crud.get_device(db, deviceId=deviceId)
if device is None:
raise HTTPException(status_code=404, detail='Device not found')
--
GitLab