Restore sheet_service endpoint

2026-06-11 04:58:33 +03:00 · 2023-06-06 18:44:45 +00:00
parent 88be84127a
commit 46c487be5d
3 changed files with 26 additions and 2 deletions
--- a/src/main.py
+++ b/src/main.py
@@ -17,7 +17,7 @@ from worker import create_archive_task, create_sheet_task, celery, insert_result
 from db import crud, models, schemas
 from db.database import engine, SessionLocal
 from sqlalchemy.orm import Session
-from security import get_bearer_auth, get_basic_auth, bearer_security
+from security import get_bearer_auth, get_basic_auth, get_server_auth, bearer_security
 from auto_archiver import Metadata

 load_dotenv()
@@ -140,6 +140,14 @@ def archive_sheet(sheet:schemas.SubmitSheet, email = Depends(get_bearer_auth)):
    task = create_sheet_task.delay(sheet.json())
    return JSONResponse({"id": task.id})

+@app.post("/sheet_service", status_code=201)
+def archive_sheet_service(sheet:schemas.SubmitSheet, basic_auth = Depends(get_server_auth)):
+    logger.info(f"SHEET TASK for {sheet=}")
+    if not sheet.sheet_name and not sheet.sheet_id:
+        raise HTTPException(status_code=422, detail=f"sheet name or id is required")
+    task = create_sheet_task.delay(sheet.json())
+    return JSONResponse({"id": task.id})
+
 #----- endpoint to submit data archived elsewhere
@app.post("/submit-archive", status_code=201)
 def submit_manual_archive(manual:schemas.SubmitManual, basic_auth = Depends(get_basic_auth)):
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -11,7 +11,7 @@ async-generator==1.10 ; python_version >= '3.5'
 async-timeout==4.0.2 ; python_version >= '3.6'
 attrs==23.1.0 ; python_version >= '3.7'
 authlib==0.15.6
-auto-archiver==0.5.20
+auto-archiver==0.5.23
 beautifulsoup4==4.12.2 ; python_full_version >= '3.6.0'
 billiard==3.6.4.0
 blinker==1.6.2 ; python_version >= '3.7'
--- a/src/security.py
+++ b/src/security.py
@@ -69,3 +69,19 @@ async def get_basic_auth(credentials: HTTPBasicCredentials = Depends(basic_secur
        detail="Wrong auth credentials",
        headers={"WWW-Authenticate": "Basic"}
    )
+
+# --------------------- Server-side Auth
+SERVICE_PASSWORD = os.environ.get("SERVICE_PASSWORD", "")  # min length is 20 chars
+
+
+async def get_server_auth(credentials: HTTPBasicCredentials = Depends(basic_security)):
+    # validates that the Basic token in the case that it requires it
+    assert len(SERVICE_PASSWORD) >= 20, "Invalid SERVICE_PASSWORD, must be at least 20 chars"
+    current_password_bytes = credentials.password.encode("utf8")
+    is_correct_password = secrets.compare_digest(current_password_bytes, SERVICE_PASSWORD.encode("utf8"))
+    if is_correct_password: return True
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Wrong auth credentials",
+        headers={"WWW-Authenticate": "Basic"}
+    )