Hugging Face's logo

Spaces:
karim323
/
nlp-analysis-api
Running

App Files Community
nlp-analysis-api / lib /auth.py
karim323's picture
karim323
Add NLP Analysis API backend with FastAPI and transformers
e4eb82b
raw
history blame contribute delete
2.08 kB
 """
API Key authentication for the NLP API
"""
from fastapi import Security, HTTPException, status
from fastapi.security import APIKeyHeader
import os
from dotenv import load_dotenv
load_dotenv()
# API Key configuration
API_KEY_NAME = "X-API-Key"
API_KEY = os.getenv("API_KEY", "dev-key-12345-change-in-production")
# Create API Key header security scheme
api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False)
async def get_api_key(api_key: str = Security(api_key_header)):
"""
Validate API key from request header
Usage in routes:
@router.post("/protected")
async def protected_route(api_key: str = Depends(get_api_key)):
...
"""
if not api_key:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="API Key missing. Please provide X-API-Key header."
)
if api_key != API_KEY:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid API Key"
)
return api_key
# Optional: Multiple API keys with different permissions
API_KEYS = {
os.getenv("API_KEY_ADMIN", "admin-key-12345"): {
"name": "admin",
"rate_limit": "100/minute"
},
os.getenv("API_KEY_USER", "user-key-12345"): {
"name": "user",
"rate_limit": "20/minute"
},
os.getenv("API_KEY_DEV", "dev-key-12345"): {
"name": "dev",
"rate_limit": "1000/minute"
},
}
async def get_api_key_advanced(api_key: str = Security(api_key_header)):
"""
Advanced API key validation with user info
Returns user information along with validation
Useful for implementing per-user rate limits
"""
if not api_key:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="API Key missing"
)
if api_key not in API_KEYS:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid API Key"
)
return API_KEYS[api_key]