From 39ea730be557b256fa0855c758f70300c1ea8df3 Mon Sep 17 00:00:00 2001
From: kingbri <bdashore3@proton.me>
Date: Sun, 19 Nov 2023 23:53:07 -0500
Subject: [PATCH] Auth: Allow admin keys to work with api key routes

Admin keys are an administrator key, so it makes sense to allow it
for API key routes as well.

Signed-off-by: kingbri <bdashore3@proton.me>
---
 auth.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/auth.py b/auth.py
index ca987d1..7c9a284 100644
--- a/auth.py
+++ b/auth.py
@@ -16,6 +16,16 @@ class AuthKeys:
         self.api_key = api_key
         self.admin_key = admin_key
 
+    def verify_key(self, test_key: str, key_type: str):
+        # Match statements are only available in python 3.10 and up
+        if key_type == "admin_key":
+            return test_key == self.admin_key
+        elif key_type == "api_key":
+            # Admin keys are valid for all API calls
+            return test_key == self.api_key or test_key == self.admin_key
+        else:
+            return False
+
 auth_keys: Optional[AuthKeys] = None
 
 def load_auth_keys():
@@ -45,7 +55,7 @@ def load_auth_keys():
 
 def check_api_key(x_api_key: str = Header(None), authorization: str = Header(None)):
     if x_api_key:
-        if x_api_key in auth_keys.api_key:
+        if auth_keys.verify_key(split_key[1], "api_key"):
             return x_api_key
         else:
             raise HTTPException(401, "Invalid API key")
@@ -54,7 +64,7 @@ def check_api_key(x_api_key: str = Header(None), authorization: str = Header(Non
 
         if len(split_key) < 2:
             raise HTTPException(401, "Invalid API key")
-        elif split_key[0].lower() == "bearer" and split_key[1] == auth_keys.api_key:
+        elif split_key[0].lower() == "bearer" and auth_keys.verify_key(split_key[1], "api_key"):
             return authorization
         else:
             raise HTTPException(401, "Invalid API key")
@@ -63,7 +73,7 @@ def check_api_key(x_api_key: str = Header(None), authorization: str = Header(Non
 
 def check_admin_key(x_admin_key: str = Header(None), authorization: str = Header(None)):
     if x_admin_key:
-        if x_admin_key == auth_keys.admin_key:
+        if auth_keys.verify_key(split_key[1], "api_key"):
             return x_admin_key
         else:
             raise HTTPException(401, "Invalid admin key")
@@ -72,7 +82,7 @@ def check_admin_key(x_admin_key: str = Header(None), authorization: str = Header
 
         if len(split_key) < 2:
             raise HTTPException(401, "Invalid admin key")
-        elif split_key[0].lower() == "bearer" and split_key[1] == auth_keys.admin_key:
+        elif split_key[0].lower() == "bearer" and auth_keys.verify_key(split_key[1], "admin_key"):
             return authorization
         else:
             raise HTTPException(401, "Invalid admin key")