bellingcat/auto-archiver-api
1
0
Fork 0
mirror of https://github.com/bellingcat/auto-archiver-api.git synced 2026-06-11 04:58:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

Restore sheet_service endpoint

Browse Source
This commit is contained in:
Logan Williams
2023-06-06 18:44:45 +00:00
parent 88be84127a
commit 46c487be5d
3 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/security.py
View File

@@ -69,3 +69,19 @@ async def get_basic_auth(credentials: HTTPBasicCredentials = Depends(basic_secur
detail="Wrong auth credentials",
headers={"WWW-Authenticate": "Basic"}
)
# --------------------- Server-side Auth
SERVICE_PASSWORD = os.environ.get("SERVICE_PASSWORD", "") # min length is 20 chars
async def get_server_auth(credentials: HTTPBasicCredentials = Depends(basic_security)):
# validates that the Basic token in the case that it requires it
assert len(SERVICE_PASSWORD) >= 20, "Invalid SERVICE_PASSWORD, must be at least 20 chars"
current_password_bytes = credentials.password.encode("utf8")
is_correct_password = secrets.compare_digest(current_password_bytes, SERVICE_PASSWORD.encode("utf8"))
if is_correct_password: return True
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Wrong auth credentials",
headers={"WWW-Authenticate": "Basic"}
)