bellingcat/auto-archiver-api
1
0
Fork 0
mirror of https://github.com/bellingcat/auto-archiver-api.git synced 2026-06-08 03:28:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

secure auth

Browse Source
This commit is contained in:
msramalho
2023-02-28 10:25:37 +01:00
parent 49c356f9e3
commit f4d843a607
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/main.py
View File

@@ -4,10 +4,11 @@ from fastapi.encoders import jsonable_encoder
from fastapi.responses import JSONResponse, FileResponse
from fastapi.staticfiles import StaticFiles
from fastapi.middleware.cors import CORSMiddleware
from fastapi.security import HTTPBasic, HTTPBasicCredentials
# from fastapi.templating import Jinja2Templates
# from pydantic.json import pydantic_encoder
from dotenv import load_dotenv
import traceback, os, requests, re
import traceback, os, requests, re, secrets
from loguru import logger
from worker import create_archive_task, celery
@@ -24,7 +25,7 @@ assert len(GOOGLE_CHROME_APP_ID)>10, "GOOGLE_CHROME_APP_ID env variable not set"
ALLOWED_EMAILS = set(os.environ.get("ALLOWED_EMAILS", "").split(","))
assert len(GOOGLE_CHROME_APP_ID)>=1, "at least one ALLOWED_EMAILS is required from the env variable"
ALLOWED_ORIGINS = os.environ.get("ALLOWED_ORIGINS", "chrome-extension://ondkcheoicfckabcnkdgbepofpjmjcmb,chrome-extension://ojcimmjndnlmmlgnjaeojoebaceokpdp").split(",")
VERSION = "0.1.7"
VERSION = "0.1.8"
app = FastAPI()
app.add_middleware(
@@ -99,14 +100,18 @@ def get_status(task_id, access_token:str, db: Session = Depends(get_db)):
# logic to allow access to 1 static file
SF = os.environ.get("STATIC_FILE", "")
SFP = os.environ.get("STATIC_FILE_PASSWORD", "") # min length is 20 chars
security = HTTPBasic()
if len(SF) > 1 and len(SFP) >= 20 and os.path.isfile(SF):
@app.get("/static-file")
def static_file(static_file_password:str):
if type(static_file_password) ==str and len(static_file_password)>=20 and static_file_password==SFP:
def static_file(credentials: HTTPBasicCredentials = Depends(security)):
current_password_bytes = credentials.password.encode("utf8")
is_correct_password = secrets.compare_digest(current_password_bytes, SFP.encode("utf8"))
if is_correct_password:
return FileResponse(SF, filename=os.path.basename(SF))
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Wrong static file access credentials"
detail="Wrong static file access credentials",
headers={"WWW-Authenticate": "Basic"}
)
@app.get("/")