fix: api-key generator and verify-api-key validated

app/security/auth_service.py

@@ -43,24 +43,32 @@ class AuthService:
             try:
                 decoded_data = base64.b64decode(encoded_data).decode()
                 data = json.loads(decoded_data)
+                logger.trace(f"Decoded data: {data}")
             except Exception as e:
                 raise HTTPException(
                     status_code=status.HTTP_401_UNAUTHORIZED,
                     detail=f"Invalid API key data format: {str(e)}",
                 )
 
+            # Debug için JSON verilerini logla
+            json_data = {"username": data["username"], "created_at": data["created_at"]}
+            json_str = json.dumps(json_data)
+            logger.trace(f"JSON data for signature: {json_str}")
+            logger.trace(f"Secret key: {self.secret.KEY}")
+
             expected_signature = hmac.new(
                 self.secret.KEY.encode(),
-                json.dumps(
-                    {"username": data["username"], "created_at": data["created_at"]}
-                ).encode(),
+                json_str.encode(),
                 hashlib.sha256,
             ).hexdigest()
 
+            logger.trace(f"Expected signature: {expected_signature}")
+            logger.trace(f"Received signature: {data['signature']}")
+
             if data["signature"] != expected_signature:
                 raise HTTPException(
                     status_code=status.HTTP_401_UNAUTHORIZED,
-                    detail="Invalid API key signature",
+                    detail=f"Invalid API key signature: {data['signature']} != {expected_signature}",
                 )
 
             result = data["username"]
@@ -80,10 +88,6 @@ class AuthService:
         logger.trace(f"BEGIN: api_key: {api_key}")
         username = self.decode_api_key(api_key)
 
-        # if username not in users or users[username] != api_key:
-        #     raise HTTPException(
-        #         status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials"
-        #     )
         result = username
         logger.trace(f"END: result: {result}")
         return result

scripts/api_key_genenerator.py

@@ -19,6 +19,9 @@ import argparse
 import hmac
 import hashlib
 from datetime import datetime
+from loguru import logger
+
+logger.add("logs/api_key_generator.log")
 
 def generate_api_key(username: str, secret_key: str) -> str:
     """
@@ -32,18 +35,27 @@ def generate_api_key(username: str, secret_key: str) -> str:
         str: Generated API_KEY (ACCESS_KEY, ACCESS_TOKEN)
     """
     # Create encoded API key with timestamp
+    timestamp = int(datetime.now().timestamp())
     data = {
         "username": username,
-        "created_at": int(datetime.now().timestamp())
+        "created_at": timestamp
     }
     
+    # Debug için JSON verilerini logla
+    json_data = {"username": username, "created_at": timestamp}
+    json_str = json.dumps(json_data)
+    logger.debug(f"JSON data for signature: {json_str}")
+    logger.debug(f"Secret key: {secret_key}")
+    
     # Add HMAC signature for additional security
     signature = hmac.new(
         secret_key.encode(),
-        json.dumps(data).encode(),
+        json_str.encode(),
         hashlib.sha256
     ).hexdigest()
     
+    logger.debug(f"Generated signature: {signature}")
+    
     data["signature"] = signature
     
     # Create API key
@@ -51,7 +63,23 @@ def generate_api_key(username: str, secret_key: str) -> str:
         json.dumps(data).encode()
     ).decode()
     
-    return api_key
+    return api_key, timestamp
+
+def save_api_key(username: str, api_key: str, timestamp: int):
+    """
+    Save API key to api_keys.txt file in the same format as the shell script.
+    
+    Args:
+        username (str): Username
+        api_key (str): Generated API key
+        timestamp (int): Creation timestamp
+    """
+    formatted_timestamp = datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d %H:%M:%S')
+    with open("api_keys.txt", "a") as f:
+        f.write(f"Username: {username}\n")
+        f.write(f"API Key: {api_key}\n")
+        f.write(f"Timestamp: {formatted_timestamp}\n")
+        f.write("--------------------------------\n")
 
 def main():
     parser = argparse.ArgumentParser(description="API Key Generator")
@@ -60,20 +88,22 @@ def main():
     args = parser.parse_args()
     
     try:
-        api_key = generate_api_key(args.username, args.secret_key)
+        api_key, timestamp = generate_api_key(args.username, args.secret_key)
+        
         print("\nAPI Key generated:")
         print(f"Username: {args.username}")
         print(f"API Key: {api_key}")
+        
+        # Save to api_keys.txt
+        save_api_key(args.username, api_key, timestamp)
+        print("\nAPI Key saved to api_keys.txt")
+        
         print("\nUsage example:")
         print('curl -X POST "http://localhost:8000/v1/chat/completions" \\')
         print(f'     -H "Authorization: Bearer {api_key}" \\')
         print('     -H "Content-Type: application/json" \\')
         print('     -d \'{"model": "gpt-3.5-turbo", "messages": [{"role": "user", "content": "Hello!"}]}\'')
     
-        # Save the API key to a file
-        with open("api_key.txt", "w") as f:
-            f.write(api_key)
-            print("\nAPI Key saved to api_key.txt")
     except argparse.ArgumentError as e:
         print("Please provide a username and secret key", file=sys.stderr)
         sys.exit(1)