diff --git a/inventory-app/api.py b/inventory-app/api.py index bc072d7..ec50075 100644 --- a/inventory-app/api.py +++ b/inventory-app/api.py @@ -9,7 +9,6 @@ from common import CustomForm, build_query, flatten, format_name, spam, User page_api = Blueprint("api", __name__) db = MongoClient(const.MONGO_URI).get_default_database() -api_key = os.getenv("INVENTORY_API_KEY") def check_api_key(f): @wraps(f) @@ -18,7 +17,7 @@ def check_api_key(f): if not request_key: return "nope", 403 found_key = re.search(r"Basic (.*)", request_key).group(1) - if not found_key or found_key != api_key: + if not found_key or found_key != const.INVENTORY_API_KEY: return "nope", 403 return f(*args, **kwargs) return decorated_function diff --git a/inventory-app/const.py b/inventory-app/const.py index 0c8a172..3fe5195 100644 --- a/inventory-app/const.py +++ b/inventory-app/const.py @@ -19,3 +19,4 @@ MONGO_URI = os.environ["MONGO_URI"] MEMBERS_HOST = os.environ["MEMBERS_HOST"] SLACK_VERIFICATION_TOKEN = os.environ["SLACK_VERIFICATION_TOKEN"] # used to verify (deprecated) incoming requests from slack SLACK_DOORLOG_CALLBACK = os.environ["SLACK_DOORLOG_CALLBACK"] # used for sending logs to private channel +INVENTORY_API_KEY = os.environ["INVENTORY_API_KEY"]