backend api key

app/__init__.py

@@ -1,4 +1,7 @@
-from fastapi import FastAPI
+import os
+
+from fastapi import FastAPI, HTTPException, Security, status
+from fastapi.security import APIKeyHeader
 from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 from app.api.routes import router as api_router
@@ -13,6 +16,23 @@ app = FastAPI(
     version="1.0.0",
 )
 
+API_KEY_NAME = "X-API-Key"
+api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False)
+EXPECTED_API_KEY = os.getenv("BACKEND_API_KEY")
+
+async def verify_api_key(api_key: str = Security(api_key_header)):
+    if not EXPECTED_API_KEY:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Błąd serwera: Klucz API nie został skonfigurowany."
+        )
+    if api_key != EXPECTED_API_KEY:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Brak autoryzacji: Nieprawidłowy lub brakujący klucz API."
+        )
+    return api_key
+
 app.state.limiter = limiter
 app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
 app.include_router(api_router)

app/api/factcheck_router.py

@@ -1,4 +1,5 @@
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, Depends, HTTPException
+from app import verify_api_key
 from app.models.factcheck_schemas import FactCheckRequest, FactCheckResponse, FactCheckSource
 from app.services.factcheck_service import analyze_with_gemini_grounding
 
@@ -8,7 +9,8 @@ router = APIRouter()
     "/factcheck", 
     response_model=FactCheckResponse, 
     tags=["Fact-checking"],
-    summary="Zweryfikuj prawdziwość stwierdzenia"
+    summary="Zweryfikuj prawdziwość stwierdzenia",
+    dependencies=[Depends(verify_api_key)]
 )
 async def fact_check_endpoint(payload: FactCheckRequest):
     statement = payload.statement.strip()

app/api/routes.py

@@ -1,7 +1,8 @@
 import asyncio
 from collections import defaultdict
 import logging
-from fastapi import APIRouter, HTTPException, Request, status
+from fastapi import APIRouter, Depends, HTTPException, Request, status
+from app import verify_api_key
 from app.services.queue import get_queue_service
 from slowapi.errors import RateLimitExceeded
 from limits import parse
@@ -68,8 +69,7 @@ async def health_check() -> HealthResponse:
         models_status=models_status,
     )
 
-# Endpoint do zapisywania konfiguracji (wywoływany przez bota)
-@router.post("/guilds/{guild_id}/setup", tags=["Setup"])
+@router.post("/guilds/{guild_id}/setup", tags=["Setup"], dependencies=[Depends(verify_api_key)])
 async def save_discord_guild_setup(guild_id: str, payload: GuildConfigSchema):
     # Walidacja modeli z pliku ustawień
     settings = get_settings()
@@ -102,7 +102,7 @@ async def save_discord_guild_setup(guild_id: str, payload: GuildConfigSchema):
         "config": config_dict,
     }
 
-@router.get("/guilds/{guild_id}/config", tags=["Setup"])
+@router.get("/guilds/{guild_id}/config", tags=["Setup"], dependencies=[Depends(verify_api_key)])
 async def get_discord_guild_config(guild_id: str):
     """Zwraca zapisaną konfigurację dla konkretnego serwera Discord."""
     configs = _load_all_configs()
@@ -170,6 +170,7 @@ async def _execute_analysis(payload: AnalysisRequest, guild_id: str, settings) -
     },
     tags=["Analysis"],
     summary="Analyze content for deepfake detection",
+    dependencies=[Depends(verify_api_key)]
 )
 async def analyze(request: Request, payload: AnalysisRequest) -> AnalysisResponse:
     guild_id = payload.guild_id