From f26585a21371bd78f580b11aa8c2e71302da74af Mon Sep 17 00:00:00 2001
From: Usagi no Niku <chenbohan911@163.com>
Date: Thu, 7 Dec 2023 11:49:54 +0800
Subject: [PATCH] feat: add secrets for frontend to access methods

---
 .env.example                 | 4 ++++
 app/api/v2/common/secrets.py | 9 +++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 app/api/v2/common/secrets.py

diff --git a/.env.example b/.env.example
index 8da06f01..c66fee50 100644
--- a/.env.example
+++ b/.env.example
@@ -73,3 +73,7 @@ AUTOMATICALLY_REPORT_PROBLEMS=False
 ##          read through what it enables.
 ##          you could put your server at risk.
 DEVELOPER_MODE=False
+
+# secrets settings
+TRUSTED_SECRET = ""
+LOCAL_ONLY = True
diff --git a/app/api/v2/common/secrets.py b/app/api/v2/common/secrets.py
new file mode 100644
index 00000000..4e7fa167
--- /dev/null
+++ b/app/api/v2/common/secrets.py
@@ -0,0 +1,9 @@
+from fastapi import HTTPException, Request
+
+from app import settings
+
+def validate_secret(request: Request, secret: str | None):
+    if secret != settings.TRUSTED_SECRET:
+        raise HTTPException(status_code=403, detail="Invaild secret.")
+    if settings.LOCAL_ONLY and request.client.host not in ("127.0.0.1", "localhost"):
+        raise HTTPException(status_code=403, detail="Invaild request.")
\ No newline at end of file