From 4e348dd99a6a0f1071197bfa8c1a35e187492d02 Mon Sep 17 00:00:00 2001 From: Dan Albert Date: Sun, 27 Feb 2022 22:38:00 -0800 Subject: [PATCH] Add a server setting for disabling the API key. Useful for development if you want to disable API key authentication for debugging the server without having to pull the generated key out of the log every time. --- game/server/app.py | 17 ++++++++++++++++- game/server/settings.py | 6 ++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/game/server/app.py b/game/server/app.py index 846d7083..6b3e4f67 100644 --- a/game/server/app.py +++ b/game/server/app.py @@ -1,4 +1,5 @@ from fastapi import Depends, FastAPI +from fastapi.middleware.cors import CORSMiddleware from . import ( controlpoints, @@ -10,8 +11,13 @@ from . import ( waypoints, ) from .security import ApiKeyManager +from .settings import ServerSettings -app = FastAPI(dependencies=[Depends(ApiKeyManager.verify)]) +dependencies = [] +if ServerSettings.get().require_api_key: + dependencies.append(Depends(ApiKeyManager.verify)) + +app = FastAPI(dependencies=dependencies) app.include_router(controlpoints.router) app.include_router(debuggeometries.router) app.include_router(eventstream.router) @@ -19,3 +25,12 @@ app.include_router(flights.router) app.include_router(mapzones.router) app.include_router(navmesh.router) app.include_router(waypoints.router) + + +if ServerSettings.get().cors_allow_debug_server: + app.add_middleware( + CORSMiddleware, + allow_origins=["http://localhost:3000"], + allow_methods=["*"], + allow_headers=["*"], + ) diff --git a/game/server/settings.py b/game/server/settings.py index 93f1277a..5574b125 100644 --- a/game/server/settings.py +++ b/game/server/settings.py @@ -22,6 +22,12 @@ class ServerSettings(BaseSettings): # If you for some reason change the port, you'll need to also update map.js. server_port: int = 5000 + # Disable to allow requests to be made to the backend without an API key. + require_api_key: bool = True + + # Enable to allow cross-origin requests from http://localhost:3000. + cors_allow_debug_server: bool = False + @classmethod @lru_cache def get(cls) -> ServerSettings: