Add optional app-level basic auth via env vars
This commit is contained in:
27
web/app.py
27
web/app.py
@@ -8,9 +8,11 @@ import sys
|
||||
import tempfile
|
||||
from pathlib import Path
|
||||
import os
|
||||
import secrets
|
||||
|
||||
from fastapi import FastAPI, File, Form, Request, UploadFile
|
||||
from fastapi import Depends, FastAPI, File, Form, HTTPException, Request, UploadFile, status
|
||||
from fastapi.responses import FileResponse, HTMLResponse
|
||||
from fastapi.security import HTTPBasic, HTTPBasicCredentials
|
||||
from fastapi.templating import Jinja2Templates
|
||||
from starlette.background import BackgroundTask
|
||||
|
||||
@@ -22,10 +24,28 @@ from pdf_to_ics import create_ics_from_dienstplan, extract_dienstplan_data
|
||||
|
||||
app = FastAPI(title="PDF zu ICS Web")
|
||||
templates = Jinja2Templates(directory=str(Path(__file__).parent / "templates"))
|
||||
security = HTTPBasic()
|
||||
|
||||
|
||||
def require_auth(credentials: HTTPBasicCredentials = Depends(security)):
|
||||
expected_user = os.getenv("WEB_AUTH_USER")
|
||||
expected_password = os.getenv("WEB_AUTH_PASSWORD")
|
||||
|
||||
if not expected_user or not expected_password:
|
||||
return
|
||||
|
||||
valid_user = secrets.compare_digest(credentials.username, expected_user)
|
||||
valid_password = secrets.compare_digest(credentials.password, expected_password)
|
||||
if not (valid_user and valid_password):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Unauthorized",
|
||||
headers={"WWW-Authenticate": "Basic"},
|
||||
)
|
||||
|
||||
|
||||
@app.get("/", response_class=HTMLResponse)
|
||||
def index(request: Request):
|
||||
def index(request: Request, _: None = Depends(require_auth)):
|
||||
return templates.TemplateResponse(
|
||||
"index.html",
|
||||
{
|
||||
@@ -41,6 +61,7 @@ async def convert_pdf(
|
||||
file: UploadFile = File(...),
|
||||
exclude_rest: bool = Form(False),
|
||||
exclude_vacation: bool = Form(False),
|
||||
_: None = Depends(require_auth),
|
||||
):
|
||||
filename = file.filename or "dienstplan.pdf"
|
||||
if not filename.lower().endswith(".pdf"):
|
||||
@@ -107,5 +128,5 @@ async def convert_pdf(
|
||||
|
||||
|
||||
@app.get("/health")
|
||||
def health():
|
||||
def health(_: None = Depends(require_auth)):
|
||||
return {"status": "ok"}
|
||||
|
||||
Reference in New Issue
Block a user