Spaces:
Running
Running
Update main.py
Browse files
main.py
CHANGED
|
@@ -138,32 +138,40 @@ def get_scraper():
|
|
| 138 |
return scraper_pool[int(time.time() * 1000) % MAX_SCRAPERS] # Simple round-robin
|
| 139 |
|
| 140 |
# API key validation - optimized to avoid string operations when possible
|
| 141 |
-
async def verify_api_key(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 142 |
if not api_key:
|
| 143 |
raise HTTPException(
|
| 144 |
status_code=HTTP_403_FORBIDDEN,
|
| 145 |
detail="No API key provided"
|
| 146 |
)
|
| 147 |
-
|
| 148 |
# Only clean if needed
|
| 149 |
if api_key.startswith('Bearer '):
|
| 150 |
api_key = api_key[7:] # Remove 'Bearer ' prefix
|
| 151 |
-
|
| 152 |
# Get API keys from environment
|
| 153 |
-
valid_api_keys = get_env_vars()
|
| 154 |
if not valid_api_keys or valid_api_keys == ['']:
|
| 155 |
raise HTTPException(
|
| 156 |
status_code=HTTP_403_FORBIDDEN,
|
| 157 |
detail="API keys not configured on server"
|
| 158 |
)
|
| 159 |
-
|
| 160 |
# Fast check with set operation
|
| 161 |
if api_key not in set(valid_api_keys):
|
| 162 |
raise HTTPException(
|
| 163 |
status_code=HTTP_403_FORBIDDEN,
|
| 164 |
detail="Invalid API key"
|
| 165 |
)
|
| 166 |
-
|
| 167 |
return True
|
| 168 |
|
| 169 |
# Pre-load and cache models.json
|
|
|
|
| 138 |
return scraper_pool[int(time.time() * 1000) % MAX_SCRAPERS] # Simple round-robin
|
| 139 |
|
| 140 |
# API key validation - optimized to avoid string operations when possible
|
| 141 |
+
async def verify_api_key(
|
| 142 |
+
request: Request,
|
| 143 |
+
api_key: str = Security(api_key_header)
|
| 144 |
+
) -> bool:
|
| 145 |
+
# Allow bypass if the referer is from /playground
|
| 146 |
+
referer = request.headers.get("referer", "")
|
| 147 |
+
if referer.startswith("https://parthsadaria-lokiai.hf.space/playground"):
|
| 148 |
+
return True
|
| 149 |
+
|
| 150 |
if not api_key:
|
| 151 |
raise HTTPException(
|
| 152 |
status_code=HTTP_403_FORBIDDEN,
|
| 153 |
detail="No API key provided"
|
| 154 |
)
|
| 155 |
+
|
| 156 |
# Only clean if needed
|
| 157 |
if api_key.startswith('Bearer '):
|
| 158 |
api_key = api_key[7:] # Remove 'Bearer ' prefix
|
| 159 |
+
|
| 160 |
# Get API keys from environment
|
| 161 |
+
valid_api_keys = get_env_vars().get('api_keys', [])
|
| 162 |
if not valid_api_keys or valid_api_keys == ['']:
|
| 163 |
raise HTTPException(
|
| 164 |
status_code=HTTP_403_FORBIDDEN,
|
| 165 |
detail="API keys not configured on server"
|
| 166 |
)
|
| 167 |
+
|
| 168 |
# Fast check with set operation
|
| 169 |
if api_key not in set(valid_api_keys):
|
| 170 |
raise HTTPException(
|
| 171 |
status_code=HTTP_403_FORBIDDEN,
|
| 172 |
detail="Invalid API key"
|
| 173 |
)
|
| 174 |
+
|
| 175 |
return True
|
| 176 |
|
| 177 |
# Pre-load and cache models.json
|