feat: add secrets for frontend to access methods

ppy-sb · Dec 7, 2023 · f26585a · f26585a
1 parent bb1c160
commit f26585a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/.env.example b/.env.example
@@ -73,3 +73,7 @@ AUTOMATICALLY_REPORT_PROBLEMS=False
 ##          read through what it enables.
 ##          you could put your server at risk.
 DEVELOPER_MODE=False
+
+# secrets settings
+TRUSTED_SECRET = ""
+LOCAL_ONLY = True
diff --git a/app/api/v2/common/secrets.py b/app/api/v2/common/secrets.py
@@ -0,0 +1,9 @@
+from fastapi import HTTPException, Request
+
+from app import settings
+
+def validate_secret(request: Request, secret: str | None):
+    if secret != settings.TRUSTED_SECRET:
+        raise HTTPException(status_code=403, detail="Invaild secret.")
+    if settings.LOCAL_ONLY and request.client.host not in ("127.0.0.1", "localhost"):
+        raise HTTPException(status_code=403, detail="Invaild request.")