From 93437c03312630510eafa5b751a2ba93e931a7b2 Mon Sep 17 00:00:00 2001
From: "arnaud.morvan@camptocamp.com" <arnaud.morvan@camptocamp.com>
Date: Mon, 17 Feb 2025 14:17:26 +0100
Subject: [PATCH] Disable debug route by default

---
 backend/maelstro/main.py | 72 +++++++++++++++++++++-------------------
 1 file changed, 37 insertions(+), 35 deletions(-)

diff --git a/backend/maelstro/main.py b/backend/maelstro/main.py
index 8bc89a1..ac937b5 100644
--- a/backend/maelstro/main.py
+++ b/backend/maelstro/main.py
@@ -2,6 +2,7 @@
 Main backend app setup
 """
 
+import os
 from typing import Annotated, Any
 from fastapi import (
     FastAPI,
@@ -27,6 +28,8 @@
 )
 from maelstro.common.models import SearchQuery
 
+DEBUG = os.getenv("DEBUG", "False").lower() == "true"
+
 
 app = FastAPI(root_path="/maelstro-backend")
 setup_exception_handlers(app)
@@ -68,41 +71,40 @@ def user_page(
     }
 
 
-# pylint: disable=fixme
-# TODO: deactivate for prod
-@app.head("/debug")
-@app.get("/debug")
-@app.put("/debug")
-@app.post("/debug")
-@app.delete("/debug")
-@app.options("/debug")
-@app.patch("/debug")
-async def debug_page(request: Request) -> dict[str, Any]:
-    """
-    Display details of query including headers.
-    This may be useful in development to check all the headers provided by the gateway.
-    This entrypoint should be deactivated in prod.
-    """
-    return {
-        **{
-            k: str(request.get(k))
-            for k in [
-                "method",
-                "type",
-                "asgi",
-                "http_version",
-                "server",
-                "client",
-                "scheme",
-                "url",
-                "base_url",
-                "root_path",
-            ]
-        },
-        "data": await request.body(),
-        "headers": dict(request.headers),
-        "query_params": request.query_params.multi_items(),
-    }
+if DEBUG:
+    @app.head("/debug")
+    @app.get("/debug")
+    @app.put("/debug")
+    @app.post("/debug")
+    @app.delete("/debug")
+    @app.options("/debug")
+    @app.patch("/debug")
+    async def debug_page(request: Request) -> dict[str, Any]:
+        """
+        Display details of query including headers.
+        This may be useful in development to check all the headers provided by the gateway.
+        This entrypoint should be deactivated in prod.
+        """
+        return {
+            **{
+                k: str(request.get(k))
+                for k in [
+                    "method",
+                    "type",
+                    "asgi",
+                    "http_version",
+                    "server",
+                    "client",
+                    "scheme",
+                    "url",
+                    "base_url",
+                    "root_path",
+                ]
+            },
+            "data": await request.body(),
+            "headers": dict(request.headers),
+            "query_params": request.query_params.multi_items(),
+        }
 
 
 @app.get("/check_config")