Spaces:
Running
Running
Update server.py
Browse files
server.py
CHANGED
|
@@ -416,23 +416,10 @@ def image_to_base64(image: Image, quality: int = 75) -> str:
|
|
| 416 |
img_str = base64.b64encode(buffer.getvalue()).decode("utf-8")
|
| 417 |
return img_str
|
| 418 |
|
| 419 |
-
ignore_auth = []
|
| 420 |
-
# Reads an API key from an already existing file. If that file doesn't exist, create it.
|
| 421 |
-
if args.secure:
|
| 422 |
-
try:
|
| 423 |
-
with open("api_key.txt", "r") as txt:
|
| 424 |
-
api_key = txt.read().replace('\n', '')
|
| 425 |
-
except:
|
| 426 |
-
api_key = secrets.token_hex(5)
|
| 427 |
-
with open("api_key.txt", "w") as txt:
|
| 428 |
-
txt.write(api_key)
|
| 429 |
-
|
| 430 |
-
print(f"Your API key is {api_key}")
|
| 431 |
-
elif args.share and args.secure != True:
|
| 432 |
-
print("WARNING: This instance is publicly exposed without an API key! It is highly recommended to restart with the \"--secure\" argument!")
|
| 433 |
-
else:
|
| 434 |
-
print("No API key given because you are running locally.")
|
| 435 |
|
|
|
|
|
|
|
|
|
|
| 436 |
|
| 437 |
def is_authorize_ignored(request):
|
| 438 |
view_func = app.view_functions.get(request.endpoint)
|
|
@@ -442,7 +429,6 @@ def is_authorize_ignored(request):
|
|
| 442 |
return True
|
| 443 |
return False
|
| 444 |
|
| 445 |
-
|
| 446 |
@app.before_request
|
| 447 |
def before_request():
|
| 448 |
# Request time measuring
|
|
@@ -451,14 +437,16 @@ def before_request():
|
|
| 451 |
# Checks if an API key is present and valid, otherwise return unauthorized
|
| 452 |
# The options check is required so CORS doesn't get angry
|
| 453 |
try:
|
| 454 |
-
if request.method != 'OPTIONS' and
|
| 455 |
print(f"WARNING: Unauthorized API key access from {request.remote_addr}")
|
|
|
|
|
|
|
| 456 |
response = jsonify({ 'error': '401: Invalid API key' })
|
| 457 |
response.status_code = 401
|
| 458 |
-
return
|
| 459 |
except Exception as e:
|
| 460 |
print(f"API key check error: {e}")
|
| 461 |
-
return "
|
| 462 |
|
| 463 |
|
| 464 |
@app.after_request
|
|
|
|
| 416 |
img_str = base64.b64encode(buffer.getvalue()).decode("utf-8")
|
| 417 |
return img_str
|
| 418 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 419 |
|
| 420 |
+
ignore_auth = []
|
| 421 |
+
# Hugging Face, Get password instead of text file.
|
| 422 |
+
api_key = os.environ.get("password")
|
| 423 |
|
| 424 |
def is_authorize_ignored(request):
|
| 425 |
view_func = app.view_functions.get(request.endpoint)
|
|
|
|
| 429 |
return True
|
| 430 |
return False
|
| 431 |
|
|
|
|
| 432 |
@app.before_request
|
| 433 |
def before_request():
|
| 434 |
# Request time measuring
|
|
|
|
| 437 |
# Checks if an API key is present and valid, otherwise return unauthorized
|
| 438 |
# The options check is required so CORS doesn't get angry
|
| 439 |
try:
|
| 440 |
+
if request.method != 'OPTIONS' and is_authorize_ignored(request) == False and getattr(request.authorization, 'token', '') != api_key:
|
| 441 |
print(f"WARNING: Unauthorized API key access from {request.remote_addr}")
|
| 442 |
+
if request.method == 'POST':
|
| 443 |
+
print(f"Incoming POST request with {request.headers.get('Authorization')}")
|
| 444 |
response = jsonify({ 'error': '401: Invalid API key' })
|
| 445 |
response.status_code = 401
|
| 446 |
+
return "https://(hf_name)-(space_name).hf.space/"
|
| 447 |
except Exception as e:
|
| 448 |
print(f"API key check error: {e}")
|
| 449 |
+
return "https://(hf_name)-(space_name).hf.space/"
|
| 450 |
|
| 451 |
|
| 452 |
@app.after_request
|