Spaces:

menorki
/

HTTPToolbox

Running

App Files Files Community

menorki commited on Oct 10

Commit

a3d4368

1 Parent(s): 8098f33

!

Browse files

Files changed (3) hide show

Dockerfile +13 -0
app.py +75 -0
requirements.txt +4 -0

Dockerfile ADDED Viewed

	@@ -0,0 +1,13 @@

+FROM python:3.9
+RUN useradd -m -u 1000 user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+WORKDIR /app
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+COPY --chown=user . /app
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

app.py ADDED Viewed

	@@ -0,0 +1,75 @@

+import os
+from fastapi import FastAPI, Request, HTTPException, Depends, Query
+from fastapi.responses import HTMLResponse, PlainTextResponse
+import httpx
+import uvicorn
+# --- Security Dependency ---
+# 1. Retrieve the server-side access key from the environment variable 'AK'
+ACCESS_KEY = os.environ.get("AK")
+async def verify_access_key(ak: str = Query(..., alias="AK")):
+    """
+    Dependency to secure endpoints by verifying the 'AK' query parameter
+    against the secret key stored in the environment.
+    """
+    if not ACCESS_KEY:
+        # Server-side configuration error if the secret is not set
+        raise HTTPException(
+            status_code=500,
+            detail="Access key is not configured on the server."
+        )
+    if ak != ACCESS_KEY:
+        # Client-side error for an invalid access key
+        raise HTTPException(
+            status_code=401,
+            detail="Unauthorized: Invalid access key provided."
+        )
+# --- FastAPI Application ---
+app = FastAPI(
+    title="URL Fetcher API",
+    description="A simple API to fetch URL content, with a protected endpoint."
+)
+@app.get("/ping", response_class=PlainTextResponse)
+async def ping():
+    """
+    An unprotected endpoint to check if the service is running.
+    Returns a simple 'pong' response.
+    """
+    return "pong"
+@app.get("/fetch_url", response_class=HTMLResponse, dependencies=[Depends(verify_access_key)])
+async def fetch_url_content(request: Request):
+    """
+    Fetches the HTML content of a URL from the 'url' query parameter.
+    This endpoint is protected and requires a valid 'AK' (access key).
+    """
+    target_url = request.query_params.get('url')
+    if not target_url:
+        raise HTTPException(
+            status_code=400,
+            detail="The 'url' query parameter is required."
+        )
+    async with httpx.AsyncClient(follow_redirects=True) as client:
+        try:
+            headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'}
+            response = await client.get(target_url, headers=headers)
+            response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
+            return HTMLResponse(content=response.text, status_code=response.status_code)
+        except httpx.RequestError as exc:
+            raise HTTPException(status_code=400, detail=f"An error occurred while requesting {exc.request.url!r}: {exc}")
+        except httpx.HTTPStatusError as exc:
+            raise HTTPException(status_code=exc.response.status_code, detail=f"Error response {exc.response.status_code} while requesting {exc.request.url!r}.")
+#if __name__ == "__main__":
+#    uvicorn.run(app, host="0.0.0.0", port=7860)

requirements.txt ADDED Viewed

	@@ -0,0 +1,4 @@

+uvicorn
+fastapi
+fake-useragent
+httpx