Update server.py
Browse files
server.py
CHANGED
@@ -416,23 +416,10 @@ def image_to_base64(image: Image, quality: int = 75) -> str:
|
|
416 |
img_str = base64.b64encode(buffer.getvalue()).decode("utf-8")
|
417 |
return img_str
|
418 |
|
419 |
-
ignore_auth = []
|
420 |
-
# Reads an API key from an already existing file. If that file doesn't exist, create it.
|
421 |
-
if args.secure:
|
422 |
-
try:
|
423 |
-
with open("api_key.txt", "r") as txt:
|
424 |
-
api_key = txt.read().replace('\n', '')
|
425 |
-
except:
|
426 |
-
api_key = secrets.token_hex(5)
|
427 |
-
with open("api_key.txt", "w") as txt:
|
428 |
-
txt.write(api_key)
|
429 |
-
|
430 |
-
print(f"Your API key is {api_key}")
|
431 |
-
elif args.share and args.secure != True:
|
432 |
-
print("WARNING: This instance is publicly exposed without an API key! It is highly recommended to restart with the \"--secure\" argument!")
|
433 |
-
else:
|
434 |
-
print("No API key given because you are running locally.")
|
435 |
|
|
|
|
|
|
|
436 |
|
437 |
def is_authorize_ignored(request):
|
438 |
view_func = app.view_functions.get(request.endpoint)
|
@@ -442,7 +429,6 @@ def is_authorize_ignored(request):
|
|
442 |
return True
|
443 |
return False
|
444 |
|
445 |
-
|
446 |
@app.before_request
|
447 |
def before_request():
|
448 |
# Request time measuring
|
@@ -451,14 +437,16 @@ def before_request():
|
|
451 |
# Checks if an API key is present and valid, otherwise return unauthorized
|
452 |
# The options check is required so CORS doesn't get angry
|
453 |
try:
|
454 |
-
if request.method != 'OPTIONS' and
|
455 |
print(f"WARNING: Unauthorized API key access from {request.remote_addr}")
|
|
|
|
|
456 |
response = jsonify({ 'error': '401: Invalid API key' })
|
457 |
response.status_code = 401
|
458 |
-
return
|
459 |
except Exception as e:
|
460 |
print(f"API key check error: {e}")
|
461 |
-
return "
|
462 |
|
463 |
|
464 |
@app.after_request
|
|
|
416 |
img_str = base64.b64encode(buffer.getvalue()).decode("utf-8")
|
417 |
return img_str
|
418 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
419 |
|
420 |
+
ignore_auth = []
|
421 |
+
# Hugging Face, Get password instead of text file.
|
422 |
+
api_key = os.environ.get("password")
|
423 |
|
424 |
def is_authorize_ignored(request):
|
425 |
view_func = app.view_functions.get(request.endpoint)
|
|
|
429 |
return True
|
430 |
return False
|
431 |
|
|
|
432 |
@app.before_request
|
433 |
def before_request():
|
434 |
# Request time measuring
|
|
|
437 |
# Checks if an API key is present and valid, otherwise return unauthorized
|
438 |
# The options check is required so CORS doesn't get angry
|
439 |
try:
|
440 |
+
if request.method != 'OPTIONS' and is_authorize_ignored(request) == False and getattr(request.authorization, 'token', '') != api_key:
|
441 |
print(f"WARNING: Unauthorized API key access from {request.remote_addr}")
|
442 |
+
if request.method == 'POST':
|
443 |
+
print(f"Incoming POST request with {request.headers.get('Authorization')}")
|
444 |
response = jsonify({ 'error': '401: Invalid API key' })
|
445 |
response.status_code = 401
|
446 |
+
return "https://(hf_name)-(space_name).hf.space/"
|
447 |
except Exception as e:
|
448 |
print(f"API key check error: {e}")
|
449 |
+
return "https://(hf_name)-(space_name).hf.space/"
|
450 |
|
451 |
|
452 |
@app.after_request
|