Merge pull request #247 from blockchain-insights/fix/api-sec-raise-exc

Validator API key fixes
blockchain-insights · Jun 5, 2024 · 41b0d41 · 41b0d41
2 parents 9614c71 + 663bb59
commit 41b0d41
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/insights/api/insight_api.py b/insights/api/insight_api.py
@@ -16,7 +16,6 @@
 from starlette.requests import Request
 import time
 
-from starlette.responses import JSONResponse
 from starlette.status import HTTP_403_FORBIDDEN
 
 import insights
@@ -209,7 +208,7 @@ async def get_response(request: Request, query: ChatMessageRequest = Body(..., e
             "network": "bitcoin",
             "prompt": "Return 3 transactions outgoing from my address bc1q4s8yps9my6hun2tpd5ke5xmvgdnxcm2qspnp9r"
         })) -> ChatMessageResponse:
-            if self.api_keys is not None:
+            if self.api_keys:
                 api_key_validator = self.get_api_key_validator()
                 await api_key_validator(request)
 
@@ -282,7 +281,7 @@ async def get_response_variant(request: Request, query: ChatMessageVariantReques
             "prompt": "Return 3 transactions outgoing from my address bc1q4s8yps9my6hun2tpd5ke5xmvgdnxcm2qspnp9r",
             "miner_hotkey": "5EExDvawjGyszzxF8ygvNqkM1w5M4hA82ydBjhx4cY2ut2yr"
         })) -> ChatMessageResponse:
-            if self.api_keys is not None:
+            if self.api_keys:
                 api_key_validator = self.get_api_key_validator()
                 await api_key_validator(request)
 
@@ -332,10 +331,10 @@ async def middleware(request: Request, call_next):
 
     def get_api_key_validator(self):
         async def validator(request: Request):
-            if self.api_keys is not None:
+            if self.api_keys:
                 api_key = request.headers.get("x-api-key")
                 if not api_key or not any(api_key in keys for keys in self.api_keys):
-                    return JSONResponse(status_code=HTTP_403_FORBIDDEN, content={"detail": "Forbidden"})
+                    raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Forbidden")
         return validator
 
     def start(self):