38 lines
1.5 KiB
Python
38 lines
1.5 KiB
Python
from fastapi import Depends, HTTPException, Security
|
||
from fastapi.security.api_key import APIKeyHeader
|
||
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN
|
||
|
||
from src.common.logger import get_logger
|
||
from src.config.config import global_config as bot_config
|
||
|
||
logger = get_logger("security")
|
||
|
||
API_KEY_HEADER = "X-API-Key"
|
||
api_key_header_auth = APIKeyHeader(name=API_KEY_HEADER, auto_error=True)
|
||
|
||
|
||
async def get_api_key(api_key: str = Security(api_key_header_auth)) -> str:
|
||
"""
|
||
FastAPI 依赖项,用于验证API密钥。
|
||
从请求头中提取 X-API-Key 并验证它是否存在于配置的有效密钥列表中。
|
||
"""
|
||
assert bot_config is not None
|
||
valid_keys = bot_config.plugin_http_system.plugin_api_valid_keys
|
||
if not valid_keys:
|
||
logger.warning("API密钥认证已启用,但未配置任何有效的API密钥。所有请求都将被拒绝。")
|
||
raise HTTPException(
|
||
status_code=HTTP_401_UNAUTHORIZED,
|
||
detail="服务未正确配置API密钥",
|
||
)
|
||
if api_key not in valid_keys:
|
||
logger.warning(f"无效的API密钥: {api_key}")
|
||
raise HTTPException(
|
||
status_code=HTTP_403_FORBIDDEN,
|
||
detail="无效的API密钥",
|
||
)
|
||
return api_key
|
||
|
||
# 创建一个可重用的依赖项,供插件开发者在其需要验证的端点上使用
|
||
# 用法: @router.get("/protected_route", dependencies=[VerifiedDep])
|
||
# 或者: async def my_endpoint(_=VerifiedDep): ...
|
||
VerifiedDep = Depends(get_api_key) |