BI-5425 Allow for multiple PUBLIC_API_KEYs to enable its rotation (#429)

datalens-tech · Apr 16, 2024 · 4c847ec · 4c847ec
1 parent 7d529bd
commit 4c847ec
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/lib/dl_api_lib/dl_api_lib/aio/middlewares/public_api_key_middleware.py b/lib/dl_api_lib/dl_api_lib/aio/middlewares/public_api_key_middleware.py
@@ -15,9 +15,9 @@
 LOGGER = logging.getLogger(__name__)
 
 
-def public_api_key_middleware(api_key: str) -> AIOHTTPMiddleware:
-    if not isinstance(api_key, str):
-        raise TypeError(f"API key must be a string, not '{type(api_key)}'")
+def public_api_key_middleware(api_keys: tuple[str, ...]) -> AIOHTTPMiddleware:
+    if not isinstance(api_keys, tuple):
+        raise TypeError(f"API key must be a tuple, not '{type(api_keys)}'")
 
     @web.middleware
     @DSAPIRequest.use_dl_request
@@ -31,7 +31,7 @@ async def actual_public_api_key_middleware(dl_request: DSAPIRequest, handler: Ha
         if inbound_api_key is None:
             raise web.HTTPForbidden(reason="public api key required")
 
-        if inbound_api_key != api_key:
+        if inbound_api_key not in api_keys:
             LOGGER.info("Invalid API key, rejecting request...")
             raise web.HTTPForbidden(reason="invalid public api key")