Spaces:
Running
Running
fix: remove hardcoded API keys and use HuggingFace secrets
Browse files- Remove all hardcoded OpenRouter and HF API keys
- Use environment variables OPENROUTER_API_KEY and HF_API_KEY
- Inject secrets via FastAPI server to client-side JavaScript
- Clean deployment ready for HuggingFace Spaces
app.py
CHANGED
|
@@ -1,6 +1,7 @@
|
|
| 1 |
from fastapi import FastAPI
|
| 2 |
-
from fastapi.responses import
|
| 3 |
from fastapi.staticfiles import StaticFiles
|
|
|
|
| 4 |
|
| 5 |
app = FastAPI()
|
| 6 |
|
|
@@ -9,7 +10,25 @@ app.mount("/src", StaticFiles(directory="src"), name="src")
|
|
| 9 |
|
| 10 |
@app.get("/")
|
| 11 |
async def read_root():
|
| 12 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
|
| 14 |
if __name__ == "__main__":
|
| 15 |
import uvicorn
|
|
|
|
| 1 |
from fastapi import FastAPI
|
| 2 |
+
from fastapi.responses import HTMLResponse
|
| 3 |
from fastapi.staticfiles import StaticFiles
|
| 4 |
+
import os
|
| 5 |
|
| 6 |
app = FastAPI()
|
| 7 |
|
|
|
|
| 10 |
|
| 11 |
@app.get("/")
|
| 12 |
async def read_root():
|
| 13 |
+
# Read the HTML file and inject environment variables
|
| 14 |
+
with open("index.html", "r") as f:
|
| 15 |
+
html_content = f.read()
|
| 16 |
+
|
| 17 |
+
# Inject environment variables as a script
|
| 18 |
+
openrouter_key = os.getenv("OPENROUTER_API_KEY", "")
|
| 19 |
+
hf_key = os.getenv("HF_API_KEY", "")
|
| 20 |
+
|
| 21 |
+
env_script = f"""
|
| 22 |
+
<script>
|
| 23 |
+
window.OPENROUTER_API_KEY = "{openrouter_key}";
|
| 24 |
+
window.HF_API_KEY = "{hf_key}";
|
| 25 |
+
</script>
|
| 26 |
+
"""
|
| 27 |
+
|
| 28 |
+
# Insert the script before closing head tag
|
| 29 |
+
html_content = html_content.replace("</head>", env_script + "</head>")
|
| 30 |
+
|
| 31 |
+
return HTMLResponse(content=html_content)
|
| 32 |
|
| 33 |
if __name__ == "__main__":
|
| 34 |
import uvicorn
|