aboutsummaryrefslogtreecommitdiffstats
path: root/backend/middleware.py
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2020-12-16 23:27:25 +0000
committerGravatar Joe Banks <[email protected]>2020-12-16 23:27:25 +0000
commitcf65a5fd93da5b2144456eba9d3cf799c6562ba7 (patch)
tree8232ea76483953513e049b8c6868edc7fbbacb5a /backend/middleware.py
parentAdd optional production password for docs (diff)
Add password protection middleware
Diffstat (limited to 'backend/middleware.py')
-rw-r--r--backend/middleware.py14
1 files changed, 12 insertions, 2 deletions
diff --git a/backend/middleware.py b/backend/middleware.py
index 2267a9a..f74091b 100644
--- a/backend/middleware.py
+++ b/backend/middleware.py
@@ -4,9 +4,9 @@ import ssl
from motor.motor_asyncio import AsyncIOMotorClient
from starlette.middleware.base import BaseHTTPMiddleware
from starlette.requests import Request
-from starlette.responses import Response
+from starlette.responses import JSONResponse, Response
-from backend.constants import DATABASE_URL, MONGO_DATABASE
+from backend.constants import DATABASE_URL, DOCS_PASSWORD, MONGO_DATABASE
class DatabaseMiddleware(BaseHTTPMiddleware):
@@ -19,3 +19,13 @@ class DatabaseMiddleware(BaseHTTPMiddleware):
request.state.db = db
response = await call_next(request)
return response
+
+
+class ProtectedDocsMiddleware(BaseHTTPMiddleware):
+ async def dispatch(self, request: Request, call_next: t.Callable) -> Response:
+ if DOCS_PASSWORD and request.url.path.startswith("/docs"):
+ if request.cookies.get("docs_password") != DOCS_PASSWORD:
+ return JSONResponse({"status": "unauthorized"}, status_code=403)
+
+ resp = await call_next(request)
+ return resp
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-18 22:25:06 +0000