refactors settings and adds security tests

src/web/security.py

@@ -1,12 +1,12 @@
 from loguru import logger
-import requests, os, secrets
+import requests, secrets
 from fastapi import HTTPException, status, Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
-from shared.settings import Settings
+from shared.settings import get_settings
 
 ALLOW_ANY_EMAIL = "*"
 
-settings = Settings()
+settings = get_settings()
 bearer_security = HTTPBearer()
 
 
@@ -39,15 +39,15 @@ token_api_key_auth = api_key_auth(settings.API_BEARER_TOKEN)
 
 async def get_token_or_user_auth(credentials: HTTPAuthorizationCredentials = Depends(bearer_security)):
     # tries to use the static API_KEY and defaults to google JWT auth
-    access_token = credentials.credentials
-    if token_api_key_auth(access_token, auto_error=False): return ALLOW_ANY_EMAIL
+    if await token_api_key_auth(credentials, auto_error=False): return ALLOW_ANY_EMAIL
     return await get_user_auth(credentials)
 
 
 async def get_user_auth(credentials: HTTPAuthorizationCredentials = Depends(bearer_security)):
     # validates the Bearer token in the case that it requires it
     valid_user, info = authenticate_user(credentials.credentials)
-    if valid_user: return info
+    if valid_user:
+        return info
     logger.debug(f"TOKEN FAILURE: {valid_user=} {info=}")
     raise HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
@@ -73,5 +73,5 @@ def authenticate_user(access_token):
             return False, "Token expired"
         return True, j.get('email')
     except Exception as e:
-        logger.warning(f"EXCEPTION occurred: {e}")
-        return False, f"EXCEPTION occurred"
+        logger.warning(f"AUTH EXCEPTION occurred: {e}")
+        return False, "exception occurred"