Hugging Face's logo

Spaces:
tampee
/
mammogram-analyzer
Sleeping

App Files Community
tampee commited on
Commit
3fc3b69
·
1 Parent(s): f192d59

fix: read CORS allowed origins from ALLOWED_ORIGINS env secret

Browse files
Files changed (1) hide show
  1. app/main.py +27 -3
app/main.py CHANGED
@@ -5,7 +5,9 @@ import socket
5
  from urllib.parse import urlparse
6
 
7
  import requests as http_requests
8
- from fastapi import FastAPI, File, HTTPException, UploadFile
 
 
9
  from PIL import Image, UnidentifiedImageError
10
 
11
  from app.model import MammogramModel
@@ -17,7 +19,29 @@ ALLOWED_HOSTS: set[str] = {
17
  h.strip().lower() for h in _ALLOWED_HOSTS_ENV.split(",") if h.strip()
18
  }
19
 
 
 
 
 
 
 
 
 
 
 
 
20
  app = FastAPI(title="Mammogram Inference API", version="0.1.0")
 
 
 
 
 
 
 
 
 
 
 
21
  model = MammogramModel()
22
 
23
 
@@ -26,7 +50,7 @@ def health() -> dict:
26
  return {"status": "ok", "model_mode": model.mode, "model_version": model.version}
27
 
28
 
29
- @app.post("/predict", response_model=PredictResponse)
30
  async def predict(file: UploadFile = File(...)) -> PredictResponse:
31
  if not file.content_type or not file.content_type.startswith("image/"):
32
  raise HTTPException(status_code=400, detail="Upload must be an image file")
@@ -66,7 +90,7 @@ def _validate_url(url: str) -> str:
66
  return url
67
 
68
 
69
- @app.post("/analyze", response_model=PredictResponse)
70
  def analyze(body: AnalyzeRequest) -> PredictResponse:
71
  """Accept a public image URL, download it, and run inference."""
72
  _validate_url(body.image_url)
 
5
  from urllib.parse import urlparse
6
 
7
  import requests as http_requests
8
+ from fastapi import Depends, FastAPI, File, HTTPException, UploadFile
9
+ from fastapi.middleware.cors import CORSMiddleware
10
+ from fastapi.security import APIKeyHeader
11
  from PIL import Image, UnidentifiedImageError
12
 
13
  from app.model import MammogramModel
 
19
  h.strip().lower() for h in _ALLOWED_HOSTS_ENV.split(",") if h.strip()
20
  }
21
 
22
+ _API_KEY = os.getenv("API_KEY", "")
23
+ _api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
24
+
25
+
26
+ def _require_api_key(key: str | None = Depends(_api_key_header)) -> None:
27
+ if not _API_KEY:
28
+ return # API_KEY not configured — open in dev/mock mode
29
+ if key != _API_KEY:
30
+ raise HTTPException(status_code=401, detail="Invalid or missing API key")
31
+
32
+
33
  app = FastAPI(title="Mammogram Inference API", version="0.1.0")
34
+
35
+ _CORS_ORIGINS = [
36
+ o.strip() for o in os.getenv("ALLOWED_ORIGINS", "").split(",") if o.strip()
37
+ ]
38
+ app.add_middleware(
39
+ CORSMiddleware,
40
+ allow_origins=_CORS_ORIGINS,
41
+ allow_methods=["POST", "GET"],
42
+ allow_headers=["Content-Type", "X-API-Key"],
43
+ )
44
+
45
  model = MammogramModel()
46
 
47
 
 
50
  return {"status": "ok", "model_mode": model.mode, "model_version": model.version}
51
 
52
 
53
+ @app.post("/predict", response_model=PredictResponse, dependencies=[Depends(_require_api_key)])
54
  async def predict(file: UploadFile = File(...)) -> PredictResponse:
55
  if not file.content_type or not file.content_type.startswith("image/"):
56
  raise HTTPException(status_code=400, detail="Upload must be an image file")
 
90
  return url
91
 
92
 
93
+ @app.post("/analyze", response_model=PredictResponse, dependencies=[Depends(_require_api_key)])
94
  def analyze(body: AnalyzeRequest) -> PredictResponse:
95
  """Accept a public image URL, download it, and run inference."""
96
  _validate_url(body.image_url)