Update server.py
Browse files
server.py
CHANGED
|
@@ -543,23 +543,9 @@ def image_to_base64(image: Image, quality: int = 75) -> str:
|
|
| 543 |
img_str = base64.b64encode(buffer.getvalue()).decode("utf-8")
|
| 544 |
return img_str
|
| 545 |
|
| 546 |
-
ignore_auth = []
|
| 547 |
-
#
|
| 548 |
-
|
| 549 |
-
try:
|
| 550 |
-
with open("api_key.txt", "r") as txt:
|
| 551 |
-
api_key = txt.read().replace('\n', '')
|
| 552 |
-
except:
|
| 553 |
-
api_key = secrets.token_hex(5)
|
| 554 |
-
with open("api_key.txt", "w") as txt:
|
| 555 |
-
txt.write(api_key)
|
| 556 |
-
|
| 557 |
-
print(f"Your API key is {api_key}")
|
| 558 |
-
elif args.share and args.secure != True:
|
| 559 |
-
print("WARNING: This instance is publicly exposed without an API key! It is highly recommended to restart with the \"--secure\" argument!")
|
| 560 |
-
else:
|
| 561 |
-
print("No API key given because you are running locally.")
|
| 562 |
-
|
| 563 |
|
| 564 |
def is_authorize_ignored(request):
|
| 565 |
view_func = app.view_functions.get(request.endpoint)
|
|
@@ -569,7 +555,6 @@ def is_authorize_ignored(request):
|
|
| 569 |
return True
|
| 570 |
return False
|
| 571 |
|
| 572 |
-
|
| 573 |
@app.before_request
|
| 574 |
def before_request():
|
| 575 |
# Request time measuring
|
|
@@ -578,14 +563,16 @@ def before_request():
|
|
| 578 |
# Checks if an API key is present and valid, otherwise return unauthorized
|
| 579 |
# The options check is required so CORS doesn't get angry
|
| 580 |
try:
|
| 581 |
-
if request.method != 'OPTIONS' and
|
| 582 |
print(f"WARNING: Unauthorized API key access from {request.remote_addr}")
|
|
|
|
|
|
|
| 583 |
response = jsonify({ 'error': '401: Invalid API key' })
|
| 584 |
response.status_code = 401
|
| 585 |
-
return
|
| 586 |
except Exception as e:
|
| 587 |
print(f"API key check error: {e}")
|
| 588 |
-
return "
|
| 589 |
|
| 590 |
|
| 591 |
@app.after_request
|
|
|
|
| 543 |
img_str = base64.b64encode(buffer.getvalue()).decode("utf-8")
|
| 544 |
return img_str
|
| 545 |
|
| 546 |
+
ignore_auth = []
|
| 547 |
+
# Hugging Face, Get password instead of text file.
|
| 548 |
+
api_key = os.environ.get("password")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 549 |
|
| 550 |
def is_authorize_ignored(request):
|
| 551 |
view_func = app.view_functions.get(request.endpoint)
|
|
|
|
| 555 |
return True
|
| 556 |
return False
|
| 557 |
|
|
|
|
| 558 |
@app.before_request
|
| 559 |
def before_request():
|
| 560 |
# Request time measuring
|
|
|
|
| 563 |
# Checks if an API key is present and valid, otherwise return unauthorized
|
| 564 |
# The options check is required so CORS doesn't get angry
|
| 565 |
try:
|
| 566 |
+
if request.method != 'OPTIONS' and is_authorize_ignored(request) == False and getattr(request.authorization, 'token', '') != api_key:
|
| 567 |
print(f"WARNING: Unauthorized API key access from {request.remote_addr}")
|
| 568 |
+
if request.method == 'POST':
|
| 569 |
+
print(f"Incoming POST request with {request.headers.get('Authorization')}")
|
| 570 |
response = jsonify({ 'error': '401: Invalid API key' })
|
| 571 |
response.status_code = 401
|
| 572 |
+
return "https://(hf_name)-(space_name).hf.space/"
|
| 573 |
except Exception as e:
|
| 574 |
print(f"API key check error: {e}")
|
| 575 |
+
return "https://(hf_name)-(space_name).hf.space/"
|
| 576 |
|
| 577 |
|
| 578 |
@app.after_request
|