Add api key checking

deployment.yaml

@@ -21,6 +21,8 @@ spec:
         - name: inventory-app
           image: inventory-app
           env:
+            - name: INVENTORY_API_KEY
+              value: "sptWL6XFxl4b8"
             - name: PYTHONUNBUFFERED
               value: "1"
             - name: RECAPTCHA_PUBLIC_KEY

inventory-app/api.py

@@ -1,4 +1,7 @@
+import os
+import re
 import const
+from functools import wraps
 from pymongo import MongoClient
 from flask import Blueprint, abort, g, make_response, redirect, render_template, request, jsonify
 from common import CustomForm, build_query, flatten, format_name, spam
@@ -6,6 +9,17 @@ from kubernetes import client, config
 
 page_api = Blueprint("api", __name__)
 db = MongoClient(const.MONGO_URI).get_default_database()
+api_key = os.getenv("INVENTORY_API_KEY")
+
+def check_api_key(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        request_key = request.headers.get('Authorization', False)
+        found_key = re.search(r"Basic (.*)", request_key).group(1)
+        if not found_key or found_key != api_key:
+            return "nope", 403
+        return f(*args, **kwargs)
+    return decorated_function
 
 def get_users():
     config.load_incluster_config()
@@ -17,12 +31,14 @@ def get_users():
     return resp
 
 @page_api.route("/users")
+@check_api_key
 def view_users():
     resp =  get_users()
     print(resp)
     return jsonify(resp)
 
 @page_api.route("/cards", methods=["POST"])
+@check_api_key
 def get_group_cards():
     groups = request.json.get("groups", False)
     if not groups: