add security

app/core/middleware.py

@@ -0,0 +1,20 @@
+from fastapi import FastAPI, Request, HTTPException
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import Response
+
+security = HTTPBasic()
+
+class BasicAuthMiddleware(BaseHTTPMiddleware):
+    def __init__(self, app: FastAPI, username: str, password: str):
+        super().__init__(app)
+        self.username = username
+        self.password = password
+
+    async def dispatch(self, request: Request, call_next):
+        if request.url.path.startswith("/docs") or request.url.path.startswith("/redoc"):
+            credentials: HTTPBasicCredentials = await security(request)
+            if not (credentials.username == self.username and credentials.password == self.password):
+                return Response("Unauthorized", status_code=401, headers={"WWW-Authenticate": "Basic"})
+        response = await call_next(request)
+        return response

app/main.py

@@ -19,6 +19,7 @@ from app.db.base import *
 from app.core.auth import *
 # from app.router.user import *
 from app.core.database import *
+from app.core.middleware import BasicAuthMiddleware
 
 
 # Load environment variables from .env file
@@ -51,6 +52,10 @@ async def lifespan(app: FastAPI):
         logger.error(e)
         
 app = FastAPI(lifespan=lifespan)
+
+
+
+app.add_middleware(BasicAuthMiddleware, username=os.getenv("fastapiusername"), password=os.getenv("fastapipassword"))
 # Allow CORS for specific origin with credentials
 origins = [
     os.getenv("client")