Update tensorus/api/security.py
Browse files- tensorus/api/security.py +7 -1
tensorus/api/security.py
CHANGED
|
@@ -7,6 +7,9 @@ from tensorus.config import settings
|
|
| 7 |
from tensorus.audit import log_audit_event
|
| 8 |
from jose import jwt, JWTError
|
| 9 |
import requests
|
|
|
|
|
|
|
|
|
|
| 10 |
|
| 11 |
|
| 12 |
class MutableAPIKeyHeader(APIKeyHeader):
|
|
@@ -34,6 +37,9 @@ async def verify_api_key(api_key: Optional[str] = Security(api_key_header_auth))
|
|
| 34 |
# Endpoints depending on this will be inaccessible unless keys are provided.
|
| 35 |
pass
|
| 36 |
if not api_key:
|
|
|
|
|
|
|
|
|
|
| 37 |
raise HTTPException(
|
| 38 |
status_code=status.HTTP_401_UNAUTHORIZED,
|
| 39 |
detail="Missing API Key"
|
|
@@ -130,4 +136,4 @@ async def verify_jwt_token(token: Optional[HTTPAuthorizationCredentials] = Secur
|
|
| 130 |
# @router.post("/another_route")
|
| 131 |
# async def another_route_function(api_key: str = Depends(verify_api_key)):
|
| 132 |
# # api_key variable now holds the validated key
|
| 133 |
-
# # ...
|
|
|
|
| 7 |
from tensorus.audit import log_audit_event
|
| 8 |
from jose import jwt, JWTError
|
| 9 |
import requests
|
| 10 |
+
import logging
|
| 11 |
+
|
| 12 |
+
logger = logging.getLogger(__name__)
|
| 13 |
|
| 14 |
|
| 15 |
class MutableAPIKeyHeader(APIKeyHeader):
|
|
|
|
| 37 |
# Endpoints depending on this will be inaccessible unless keys are provided.
|
| 38 |
pass
|
| 39 |
if not api_key:
|
| 40 |
+
if settings.API_DEV_MODE_ALLOW_NO_KEY:
|
| 41 |
+
logger.warning("API_DEV_MODE_ALLOW_NO_KEY enabled - bypassing API key check")
|
| 42 |
+
return "dev_mode_no_key"
|
| 43 |
raise HTTPException(
|
| 44 |
status_code=status.HTTP_401_UNAUTHORIZED,
|
| 45 |
detail="Missing API Key"
|
|
|
|
| 136 |
# @router.post("/another_route")
|
| 137 |
# async def another_route_function(api_key: str = Depends(verify_api_key)):
|
| 138 |
# # api_key variable now holds the validated key
|
| 139 |
+
# # ...
|