app: Fail when giving invalid API keys

When an API key is passed, fail in the case of an invalid API key even if an API key is not required. This allows the user to know that the API key is invalid. Otherwise, they work under the assumption that the API key is correct, even though it is not.
2022-02-20 13:36:29 +05:30 · 2022-02-20 13:36:29 +05:30 · 933c96914b
parent 8962de8755
commit 933c96914b
1 changed files with 11 additions and 3 deletions
--- a/app/app.py
+++ b/app/app.py
@ -174,11 +174,19 @@ def create_app(args):
                if flood.has_violation(ip):
                    flood.decrease(ip)

-            if args.api_keys and args.require_api_key_origin:
+            if args.api_keys:
                ak = get_req_api_key()
-
                if (
-                        api_keys_db.lookup(ak) is None and request.headers.get("Origin") != args.require_api_key_origin
+                    ak and api_keys_db.lookup(ak) is None
+                ):
+                    abort(
+                        403,
+                        description="Invalid API key",
+                    )
+                elif (
+                    args.require_api_key_origin
+                    and api_keys_db.lookup(ak) is None
+                    and request.headers.get("Origin") != args.require_api_key_origin
                ):
                    abort(
                        403,