forked from mirrors/LibreTranslate
app: Fail when giving invalid API keys
When an API key is passed, fail in the case of an invalid API key even if an API key is not required. This allows the user to know that the API key is invalid. Otherwise, they work under the assumption that the API key is correct, even though it is not.
This commit is contained in:
parent
8962de8755
commit
933c96914b
1 changed files with 11 additions and 3 deletions
14
app/app.py
14
app/app.py
|
@ -174,11 +174,19 @@ def create_app(args):
|
||||||
if flood.has_violation(ip):
|
if flood.has_violation(ip):
|
||||||
flood.decrease(ip)
|
flood.decrease(ip)
|
||||||
|
|
||||||
if args.api_keys and args.require_api_key_origin:
|
if args.api_keys:
|
||||||
ak = get_req_api_key()
|
ak = get_req_api_key()
|
||||||
|
|
||||||
if (
|
if (
|
||||||
api_keys_db.lookup(ak) is None and request.headers.get("Origin") != args.require_api_key_origin
|
ak and api_keys_db.lookup(ak) is None
|
||||||
|
):
|
||||||
|
abort(
|
||||||
|
403,
|
||||||
|
description="Invalid API key",
|
||||||
|
)
|
||||||
|
elif (
|
||||||
|
args.require_api_key_origin
|
||||||
|
and api_keys_db.lookup(ak) is None
|
||||||
|
and request.headers.get("Origin") != args.require_api_key_origin
|
||||||
):
|
):
|
||||||
abort(
|
abort(
|
||||||
403,
|
403,
|
||||||
|
|
Loading…
Reference in a new issue