From 46c487be5df5fafccc30e43e5e5b9d670d12c63c Mon Sep 17 00:00:00 2001 From: Logan Williams Date: Tue, 6 Jun 2023 18:44:45 +0000 Subject: [PATCH] Restore sheet_service endpoint --- src/main.py | 10 +++++++++- src/requirements.txt | 2 +- src/security.py | 16 ++++++++++++++++ 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/src/main.py b/src/main.py index 420ff0a..9f68bd3 100644 --- a/src/main.py +++ b/src/main.py @@ -17,7 +17,7 @@ from worker import create_archive_task, create_sheet_task, celery, insert_result from db import crud, models, schemas from db.database import engine, SessionLocal from sqlalchemy.orm import Session -from security import get_bearer_auth, get_basic_auth, bearer_security +from security import get_bearer_auth, get_basic_auth, get_server_auth, bearer_security from auto_archiver import Metadata load_dotenv() @@ -140,6 +140,14 @@ def archive_sheet(sheet:schemas.SubmitSheet, email = Depends(get_bearer_auth)): task = create_sheet_task.delay(sheet.json()) return JSONResponse({"id": task.id}) +@app.post("/sheet_service", status_code=201) +def archive_sheet_service(sheet:schemas.SubmitSheet, basic_auth = Depends(get_server_auth)): + logger.info(f"SHEET TASK for {sheet=}") + if not sheet.sheet_name and not sheet.sheet_id: + raise HTTPException(status_code=422, detail=f"sheet name or id is required") + task = create_sheet_task.delay(sheet.json()) + return JSONResponse({"id": task.id}) + #----- endpoint to submit data archived elsewhere @app.post("/submit-archive", status_code=201) def submit_manual_archive(manual:schemas.SubmitManual, basic_auth = Depends(get_basic_auth)): diff --git a/src/requirements.txt b/src/requirements.txt index 65ce931..90d8343 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -11,7 +11,7 @@ async-generator==1.10 ; python_version >= '3.5' async-timeout==4.0.2 ; python_version >= '3.6' attrs==23.1.0 ; python_version >= '3.7' authlib==0.15.6 -auto-archiver==0.5.20 +auto-archiver==0.5.23 beautifulsoup4==4.12.2 ; python_full_version >= '3.6.0' billiard==3.6.4.0 blinker==1.6.2 ; python_version >= '3.7' diff --git a/src/security.py b/src/security.py index c63baa2..0eff247 100644 --- a/src/security.py +++ b/src/security.py @@ -69,3 +69,19 @@ async def get_basic_auth(credentials: HTTPBasicCredentials = Depends(basic_secur detail="Wrong auth credentials", headers={"WWW-Authenticate": "Basic"} ) + +# --------------------- Server-side Auth +SERVICE_PASSWORD = os.environ.get("SERVICE_PASSWORD", "") # min length is 20 chars + + +async def get_server_auth(credentials: HTTPBasicCredentials = Depends(basic_security)): + # validates that the Basic token in the case that it requires it + assert len(SERVICE_PASSWORD) >= 20, "Invalid SERVICE_PASSWORD, must be at least 20 chars" + current_password_bytes = credentials.password.encode("utf8") + is_correct_password = secrets.compare_digest(current_password_bytes, SERVICE_PASSWORD.encode("utf8")) + if is_correct_password: return True + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail="Wrong auth credentials", + headers={"WWW-Authenticate": "Basic"} + )