feat: secure API

tanguynicolas · Jun 28, 2024 · 2f8f796 · 2f8f796
1 parent 74ed588
commit 2f8f796
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/infra/nginx/configurations/ctf-manager.conf b/infra/nginx/configurations/ctf-manager.conf
@@ -5,6 +5,17 @@ server {
     include includes/allow-cloudflare-ips;
     deny all;
 
+    # Exception for /team/*/flag
+    location ~* ^/team/.*/flag$ {
+        proxy_pass http://api:80;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Default location with Bearer token check
     location / {
         if ($http_authorization != "Bearer $bearer_token") {
             return 401;

diff --git a/src/main.py b/src/main.py
@@ -2,7 +2,7 @@
 from fastapi.responses import RedirectResponse
 
 from .database import init as init_db
-from .config import database_settings
+from .config import database_settings, kafka_settings
 from .organization.router import router as organization_router
 from .players.router import router as players_router
 
@@ -24,7 +24,9 @@ def alive():
 @app.get("/info")
 def info():
     return{
-        "Database URL": database_settings.url
+        "Database DB name": database_settings.db_name,
+        "Kafka enablement": kafka_settings.enable,
+        "Kafka topic name": kafka_settings.topic
     }
 
 app.include_router(organization_router, prefix="/team", tags=["organization"])