Skip to content

Commit

Permalink
Restrict APIs
Browse files Browse the repository at this point in the history
  • Loading branch information
bbedward committed Apr 8, 2024
1 parent 4a0e43c commit 4a935a2
Show file tree
Hide file tree
Showing 7 changed files with 66 additions and 0 deletions.
5 changes: 5 additions & 0 deletions kubernetes/bananobot/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@ spec:
secretKeyRef:
name: bananobot
key: wallet_id
- name: API_KEY
valueFrom:
secretKeyRef:
name: bananobot
key: api_key
volumeMounts:
- name: conf
mountPath: /config
Expand Down
4 changes: 4 additions & 0 deletions kubernetes/bananobot/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/configuration-snippet: |
location = /callback {
return 403;
}
spec:
tls:
- hosts:
Expand Down
5 changes: 5 additions & 0 deletions kubernetes/graham_banano/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@ spec:
secretKeyRef:
name: graham-banano
key: wallet_id
- name: API_KEY
valueFrom:
secretKeyRef:
name: graham-banano
key: api_key
volumeMounts:
- name: conf
mountPath: /config
Expand Down
4 changes: 4 additions & 0 deletions kubernetes/graham_banano/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/configuration-snippet: |
location = /callback {
return 403;
}
spec:
tls:
- hosts:
Expand Down
5 changes: 5 additions & 0 deletions kubernetes/nano/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ spec:
secretKeyRef:
name: graham-nano
key: wallet_id
- name: API_KEY
valueFrom:
secretKeyRef:
name: graham-nano
key: api_key
volumeMounts:
- name: conf
mountPath: /config
Expand Down
4 changes: 4 additions & 0 deletions kubernetes/nano/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/configuration-snippet: |
location = /callback {
return 403;
}
spec:
tls:
- hosts:
Expand Down
39 changes: 39 additions & 0 deletions server.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import rapidjson as json
import string
import random
import os
from typing import List
from db.models.transaction import Transaction

Expand Down Expand Up @@ -50,6 +51,17 @@ def format_js_iso(self, date: datetime.datetime) -> str:

async def get_active(self, request: web.Request) -> List[User]:
"""Return a list of active users"""
# Retrieve the API_KEY from environment variables
api_key = os.getenv('API_KEY')

# Get the Authorization header from the request
auth_header = request.headers.get('Authorization')

# Check if the Authorization header is present and matches the API_KEY
if not auth_header or auth_header != api_key:
# If not, return an HTTP 401 Unauthorized response
raise web.HTTPUnauthorized(reason="Invalid or missing API key.")

redis = await RedisDB.instance().get_redis()

if 'server_id' not in request.match_info:
Expand Down Expand Up @@ -100,6 +112,15 @@ async def get_active(self, request: web.Request) -> List[User]:
async def ufw(self, request: web.Request):
"""Return user info for specified wallet addresses
e.g. http://server/wfu/ban_16n5c7qozokx661rneikh6e3mf978mc46qqjen7a51pwzood155bwrha6sfj+ban_37z6omyukgpgttq7bdagweaxdrdm5wjy7tdm97ggtkobdetme3bmhfayjowj"""
api_key = os.getenv('API_KEY')

# Get the Authorization header from the request
auth_header = request.headers.get('Authorization')

# Check if the Authorization header is present and matches the API_KEY
if not auth_header or auth_header != api_key:
# If not, return an HTTP 401 Unauthorized response
raise web.HTTPUnauthorized(reason="Invalid or missing API key.")
if 'wallet' not in request.match_info:
return web.HTTPBadRequest(reason="wallet is required")
try:
Expand Down Expand Up @@ -130,6 +151,15 @@ async def ufw(self, request: web.Request):
async def wfu(self, request: web.Request):
"""Return user info for specified discord IDs
e.g. http://server/wfu/303599885800964097+412286270694359052"""
api_key = os.getenv('API_KEY')

# Get the Authorization header from the request
auth_header = request.headers.get('Authorization')

# Check if the Authorization header is present and matches the API_KEY
if not auth_header or auth_header != api_key:
# If not, return an HTTP 401 Unauthorized response
raise web.HTTPUnauthorized(reason="Invalid or missing API key.")
if 'user' not in request.match_info:
return web.HTTPBadRequest(reason="user(s) is required")
user_ids = []
Expand Down Expand Up @@ -161,6 +191,15 @@ async def wfu(self, request: web.Request):
)

async def users(self, request: web.Request):
api_key = os.getenv('API_KEY')

# Get the Authorization header from the request
auth_header = request.headers.get('Authorization')

# Check if the Authorization header is present and matches the API_KEY
if not auth_header or auth_header != api_key:
# If not, return an HTTP 401 Unauthorized response
raise web.HTTPUnauthorized(reason="Invalid or missing API key.")
cached = await RedisDB.instance().get("apiuserscache")
if cached is not None:
return web.json_response(
Expand Down

0 comments on commit 4a935a2

Please sign in to comment.