Spaces:
Sleeping
Sleeping
X-Secret-Key
Browse files- core/schemas.py +0 -3
- routers/auth.py +4 -4
- tests/test_integration.py +1 -1
core/schemas.py
CHANGED
|
@@ -8,8 +8,5 @@ class RegisterRequest(BaseModel):
|
|
| 8 |
user_id: str = Field(..., min_length=1, description="Temporary user ID from frontend")
|
| 9 |
email: EmailStr = Field(..., description="User email address")
|
| 10 |
|
| 11 |
-
class ValidateRequest(BaseModel):
|
| 12 |
-
secret_key: str = Field(..., min_length=35, description="Secret key starting with sk_")
|
| 13 |
-
|
| 14 |
class ResetRequest(BaseModel):
|
| 15 |
email: EmailStr = Field(..., description="User email address")
|
|
|
|
| 8 |
user_id: str = Field(..., min_length=1, description="Temporary user ID from frontend")
|
| 9 |
email: EmailStr = Field(..., description="User email address")
|
| 10 |
|
|
|
|
|
|
|
|
|
|
| 11 |
class ResetRequest(BaseModel):
|
| 12 |
email: EmailStr = Field(..., description="User email address")
|
routers/auth.py
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
from fastapi import APIRouter, Depends, HTTPException, status, Request, BackgroundTasks
|
| 2 |
from fastapi.responses import JSONResponse
|
| 3 |
from sqlalchemy.ext.asyncio import AsyncSession
|
| 4 |
from sqlalchemy import select
|
|
@@ -7,7 +7,7 @@ import uuid
|
|
| 7 |
|
| 8 |
from core.database import get_db
|
| 9 |
from core.models import User, AuditLog
|
| 10 |
-
from core.schemas import CheckRegistrationRequest, RegisterRequest,
|
| 11 |
from core.security import get_password_hash, verify_password, generate_secret_key
|
| 12 |
from services.email_service import send_email
|
| 13 |
from dependencies import check_rate_limit
|
|
@@ -121,9 +121,9 @@ Do not share this key with anyone."""
|
|
| 121 |
|
| 122 |
@router.post("/validate")
|
| 123 |
async def validate_key(
|
| 124 |
-
request: ValidateRequest,
|
| 125 |
req: Request,
|
| 126 |
background_tasks: BackgroundTasks,
|
|
|
|
| 127 |
db: AsyncSession = Depends(get_db)
|
| 128 |
):
|
| 129 |
"""
|
|
@@ -140,7 +140,7 @@ async def validate_key(
|
|
| 140 |
|
| 141 |
valid_user = None
|
| 142 |
for user in users:
|
| 143 |
-
if verify_password(
|
| 144 |
valid_user = user
|
| 145 |
break
|
| 146 |
|
|
|
|
| 1 |
+
from fastapi import APIRouter, Depends, HTTPException, status, Request, BackgroundTasks, Header
|
| 2 |
from fastapi.responses import JSONResponse
|
| 3 |
from sqlalchemy.ext.asyncio import AsyncSession
|
| 4 |
from sqlalchemy import select
|
|
|
|
| 7 |
|
| 8 |
from core.database import get_db
|
| 9 |
from core.models import User, AuditLog
|
| 10 |
+
from core.schemas import CheckRegistrationRequest, RegisterRequest, ResetRequest
|
| 11 |
from core.security import get_password_hash, verify_password, generate_secret_key
|
| 12 |
from services.email_service import send_email
|
| 13 |
from dependencies import check_rate_limit
|
|
|
|
| 121 |
|
| 122 |
@router.post("/validate")
|
| 123 |
async def validate_key(
|
|
|
|
| 124 |
req: Request,
|
| 125 |
background_tasks: BackgroundTasks,
|
| 126 |
+
x_secret_key: str = Header(..., alias="X-Secret-Key"),
|
| 127 |
db: AsyncSession = Depends(get_db)
|
| 128 |
):
|
| 129 |
"""
|
|
|
|
| 140 |
|
| 141 |
valid_user = None
|
| 142 |
for user in users:
|
| 143 |
+
if verify_password(x_secret_key, user.secret_key_hash):
|
| 144 |
valid_user = user
|
| 145 |
break
|
| 146 |
|
tests/test_integration.py
CHANGED
|
@@ -54,7 +54,7 @@ def test_credit_system_flow(mock_send_email, client):
|
|
| 54 |
})
|
| 55 |
|
| 56 |
# Validate
|
| 57 |
-
response = client.post("/auth/validate",
|
| 58 |
assert response.status_code == 200
|
| 59 |
assert response.json()["valid"] == True
|
| 60 |
assert response.json()["credits"] == 100
|
|
|
|
| 54 |
})
|
| 55 |
|
| 56 |
# Validate
|
| 57 |
+
response = client.post("/auth/validate", headers={"X-Secret-Key": "sk_test_key_1234567890123456789012345"})
|
| 58 |
assert response.status_code == 200
|
| 59 |
assert response.json()["valid"] == True
|
| 60 |
assert response.json()["credits"] == 100
|