admin/ORCID2SWORD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
02c65bb710ba3385c95b8e02aab713551239b92f
ORCID2SWORD/backend/app/security/export_auth.py
T

36 lines
1.0 KiB
Python
Raw Blame History

"""
Autorización para exportaciones.
Permite descargas desde la web (proxy inyecta X-API-Key) o con JWT de usuario,
pero bloquea llamadas directas anónimas sin credenciales.
"""
from __future__ import annotations
from fastapi import Depends, HTTPException, status
from app.db.models import Researcher
from app.security.api_key import api_key_header, is_valid_api_key
from app.security.jwt import get_optional_current_researcher
def require_export_access(
api_key: str | None = Depends(api_key_header),
current: Researcher | None = Depends(get_optional_current_researcher),
) -> Researcher | None:
if api_key is not None:
if not is_valid_api_key(api_key):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid API key",
)
return current
if current is not None:
return current
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or missing API key",
)
Reference in New Issue View Git Blame Copy Permalink