mirror of
https://github.com/NovaOSS/nova-api.git
synced 2024-11-25 18:33:57 +01:00
More secury (thanks �)
This commit is contained in:
parent
eb6ebd2112
commit
998139d4d8
|
@ -10,6 +10,7 @@ sys.path.append(project_root)
|
|||
|
||||
import os
|
||||
import json
|
||||
import hmac
|
||||
import fastapi
|
||||
|
||||
from dhooks import Webhook, Embed
|
||||
|
@ -31,7 +32,10 @@ async def check_core_auth(request):
|
|||
"""
|
||||
received_auth = request.headers.get('Authorization')
|
||||
|
||||
if received_auth != os.environ['CORE_API_KEY']:
|
||||
correct_core_api = os.environ['CORE_API_KEY']
|
||||
|
||||
# use hmac.compare_digest to prevent timing attacks
|
||||
if received_auth and hmac.compare_digest(received_auth, correct_core_api):
|
||||
return fastapi.Response(status_code=403, content='Invalid or no API key given.')
|
||||
|
||||
@router.get('/users')
|
||||
|
|
|
@ -44,12 +44,12 @@ async def handle(incoming_request):
|
|||
received_key = incoming_request.headers.get('Authorization')
|
||||
|
||||
if not received_key or not received_key.startswith('Bearer '):
|
||||
return await errors.error(401, 'No NovaAI API key given!', 'Add \'Authorization: Bearer nv-...\' to your request headers.')
|
||||
return await errors.error(403, 'No NovaAI API key given!', 'Add \'Authorization: Bearer nv-...\' to your request headers.')
|
||||
|
||||
user = await users.user_by_api_key(received_key.split('Bearer ')[1].strip())
|
||||
|
||||
if not user or not user['status']['active']:
|
||||
return await errors.error(401, 'Invalid or inactive NovaAI API key!', 'Create a new NovaOSS API key or reactivate your account.')
|
||||
return await errors.error(403, 'Invalid or inactive NovaAI API key!', 'Create a new NovaOSS API key or reactivate your account.')
|
||||
|
||||
ban_reason = user['status']['ban_reason']
|
||||
if ban_reason:
|
||||
|
|
Loading…
Reference in a new issue