From 0119f06eff283506ca43d7256d3b536376104abf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Madis=20M=C3=A4gi?= <madis.magi@k-space.ee>
Date: Wed, 16 Aug 2023 20:39:40 +0300
Subject: [PATCH] Add authorized checking

---
 app/app.py      | 15 +++++++++++++++
 deployment.yaml |  2 ++
 2 files changed, 17 insertions(+)

diff --git a/app/app.py b/app/app.py
index e8b87a5..7c4144c 100755
--- a/app/app.py
+++ b/app/app.py
@@ -2,22 +2,37 @@
 import os
 import kopf
 import prometheus_async
+from functools import wraps
 from sanic import Sanic, response
 from sanic import exceptions
 
 app = Sanic("users-proxy")
 devenv = bool(os.getenv("DEV_ENV", False))
+api_key = os.environ["API_KEY"]
 users_lookup = {}
 
+def authorized():
+    def decorator(f):
+        @wraps(f)
+        async def decorated_function(request, *args, **kwargs):
+            if request.token and request.token == api_key:
+                return await f(request, *args, **kwargs)
+            else:
+                return response.json({"status": "not_authorized"}, 403)
+        return decorated_function
+    return decorator
+
 @app.route("/", methods=["GET"])
 async def get_index(request):
     return response.text("hello")
 
 @app.route("/users", methods=["GET"])
+@authorized()
 async def get_users(request):
     return response.json(list(users_lookup.values()))
 
 @app.route("/users/<username:str>", methods=["GET"])
+@authorized()
 async def get_single_user(request, username: str):
     user = users_lookup.get(username)
     if user:
diff --git a/deployment.yaml b/deployment.yaml
index d9185b0..70a96da 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -21,6 +21,8 @@ spec:
         - name: users-proxy
           image: users-proxy
           env:
+            - name: API_KEY
+              value: 'changeme'
             - name: DEV_ENV
               value: 'true'
           ports: