From f511f61fadf886115a30b0c63310a31e0c71bc2d Mon Sep 17 00:00:00 2001
From: Kurbanov Bulat <kurbanovbul@gmail.com>
Date: Sat, 13 Nov 2021 17:59:43 +0300
Subject: [PATCH] Add api key checking

---
 .gitignore                         |  1 +
 fastapi_file_server/app/depends.py |  9 +++++++++
 fastapi_file_server/app/views.py   | 13 ++++++++-----
 fastapi_file_server/core/auth.py   |  5 +++++
 4 files changed, 23 insertions(+), 5 deletions(-)
 create mode 100644 fastapi_file_server/app/depends.py
 create mode 100644 fastapi_file_server/core/auth.py

diff --git a/.gitignore b/.gitignore
index 38571ca..a9448a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,5 +6,6 @@ __pycache__
 
 .env
 *.session
+*.session-journal
 
 venv
diff --git a/fastapi_file_server/app/depends.py b/fastapi_file_server/app/depends.py
new file mode 100644
index 0000000..b99768e
--- /dev/null
+++ b/fastapi_file_server/app/depends.py
@@ -0,0 +1,9 @@
+from fastapi import Security, HTTPException, status
+
+from core.auth import default_security
+from core.config import env_config
+
+
+async def check_token(api_key: str = Security(default_security)):
+    if api_key != env_config.API_KEY:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Wrong api key!")
diff --git a/fastapi_file_server/app/views.py b/fastapi_file_server/app/views.py
index 44d90db..fc43e8d 100644
--- a/fastapi_file_server/app/views.py
+++ b/fastapi_file_server/app/views.py
@@ -1,27 +1,30 @@
-from fastapi import File, UploadFile
+from fastapi import File, UploadFile, Depends
 from starlette import status
 from fastapi import APIRouter, HTTPException
 
+from app.models import UploadedFile as UploadedFileDB
 from app.serializers import UploadedFile
-from app import models
 from app.services.file_uploader import FileUploader
+from app.depends import check_token
 
 
 router = APIRouter(
     prefix="/api/v1",
+    dependencies=[Depends(check_token)],
+    tags=["files"]
 )
 
 
 @router.get("/files", response_model=list[UploadedFile])
 async def get_files():
-    return await models.UploadedFile.objects.all()
+    return await UploadedFileDB.objects.all()
 
 
 @router.get("/files/{file_id}", response_model=UploadedFile, responses={
     404: {},
 })
 async def get_file(file_id: int):
-    uploaded_file = await models.UploadedFile.objects.get_or_none(id=file_id)
+    uploaded_file = await UploadedFileDB.objects.get_or_none(id=file_id)
 
     if not uploaded_file:
         raise HTTPException(status.HTTP_404_NOT_FOUND)
@@ -38,7 +41,7 @@ async def upload_file(file: UploadFile = File({})):
     400: {}
 })
 async def delete_file(file_id: int):
-    uploaded_file = await models.UploadedFile.objects.get_or_none(id=file_id)
+    uploaded_file = await UploadedFileDB.objects.get_or_none(id=file_id)
 
     if not uploaded_file:
         raise HTTPException(status.HTTP_400_BAD_REQUEST)
diff --git a/fastapi_file_server/core/auth.py b/fastapi_file_server/core/auth.py
new file mode 100644
index 0000000..18ea52d
--- /dev/null
+++ b/fastapi_file_server/core/auth.py
@@ -0,0 +1,5 @@
+from fastapi.security import APIKeyHeader
+from fastapi.security.utils import get_authorization_scheme_param
+
+
+default_security = APIKeyHeader(name="Authorization")