Spaces:
Running
Running
File size: 2,080 Bytes
e4eb82b |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
"""
API Key authentication for the NLP API
"""
from fastapi import Security, HTTPException, status
from fastapi.security import APIKeyHeader
import os
from dotenv import load_dotenv
load_dotenv()
# API Key configuration
API_KEY_NAME = "X-API-Key"
API_KEY = os.getenv("API_KEY", "dev-key-12345-change-in-production")
# Create API Key header security scheme
api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False)
async def get_api_key(api_key: str = Security(api_key_header)):
"""
Validate API key from request header
Usage in routes:
@router.post("/protected")
async def protected_route(api_key: str = Depends(get_api_key)):
...
"""
if not api_key:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="API Key missing. Please provide X-API-Key header."
)
if api_key != API_KEY:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid API Key"
)
return api_key
# Optional: Multiple API keys with different permissions
API_KEYS = {
os.getenv("API_KEY_ADMIN", "admin-key-12345"): {
"name": "admin",
"rate_limit": "100/minute"
},
os.getenv("API_KEY_USER", "user-key-12345"): {
"name": "user",
"rate_limit": "20/minute"
},
os.getenv("API_KEY_DEV", "dev-key-12345"): {
"name": "dev",
"rate_limit": "1000/minute"
},
}
async def get_api_key_advanced(api_key: str = Security(api_key_header)):
"""
Advanced API key validation with user info
Returns user information along with validation
Useful for implementing per-user rate limits
"""
if not api_key:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="API Key missing"
)
if api_key not in API_KEYS:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid API Key"
)
return API_KEYS[api_key]
|