Spaces:

dzenzzz
/

senatus-qdrant

Running

App Files Files Community

dzenzzz commited on 21 days ago

Commit

6152e61

1 Parent(s): df02cd1

adds middlewares

Browse files

Files changed (2) hide show

app.py +34 -3
config.py +16 -12

app.py CHANGED Viewed

@@ -1,12 +1,12 @@
 import asyncio
 import time
-from fastapi import FastAPI, Request
 from fastapi.responses import JSONResponse
 from starlette.status import HTTP_504_GATEWAY_TIMEOUT
 from neural_searcher import NeuralSearcher
 from huggingface_hub import login
-from config import HUGGING_FACE_API_KEY,COLLECTION_NAME
-import os
 login(HUGGING_FACE_API_KEY)
@@ -16,12 +16,43 @@ neural_searcher = NeuralSearcher(collection_name=COLLECTION_NAME)
 REQUEST_TIMEOUT_ERROR = 30
 @app.get("/api/search")
 async def search(q: str):
     data =  await neural_searcher.search(text=q)
     return data
 @app.middleware("http")
 async def timeout_middleware(request: Request, call_next):
     try:

 import asyncio
 import time
+from fastapi import FastAPI, Request, HTTPException
 from fastapi.responses import JSONResponse
 from starlette.status import HTTP_504_GATEWAY_TIMEOUT
 from neural_searcher import NeuralSearcher
+from fastapi.middleware.cors import CORSMiddleware
 from huggingface_hub import login
+from config import HUGGING_FACE_API_KEY,COLLECTION_NAME, ALLOWED_ORIGINS, API_KEY
 login(HUGGING_FACE_API_KEY)
 REQUEST_TIMEOUT_ERROR = 30
+ALLOWED_ORIGINS = [ALLOWED_ORIGINS]
+ALLOWED_API_KEY = API_KEY
 @app.get("/api/search")
 async def search(q: str):
     data =  await neural_searcher.search(text=q)
     return data
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=ALLOWED_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["GET"],
+    allow_headers=["*"],
+)
+@app.middleware("http")
+async def security_middleware(request: Request, call_next):
+    referer = request.headers.get("referer", "")
+    origin = request.headers.get("origin", "")
+    user_agent = request.headers.get("user-agent", "")
+    api_key = request.headers.get("X-API-KEY", "")
+    if not (referer.startswith(ALLOWED_ORIGINS[0]) or origin.startswith(ALLOWED_ORIGINS[0])):
+        raise HTTPException(status_code=403, detail="Access denied: Invalid source")
+    if not user_agent or "Mozilla" not in user_agent:
+        raise HTTPException(status_code=403, detail="Access denied: Suspicious client")
+    if api_key != ALLOWED_API_KEY:
+        raise HTTPException(status_code=403, detail="Access denied: Invalid API Key")
+    return await call_next(request)
 @app.middleware("http")
 async def timeout_middleware(request: Request, call_next):
     try:

config.py CHANGED Viewed

@@ -1,18 +1,22 @@
 import os
-from dotenv import find_dotenv, load_dotenv
-dotenv_path = find_dotenv()
-load_dotenv(dotenv_path)
-API_KEY = os.getenv("API_KEY")
-HOST = os.getenv("HOST")
-COLLECTION_NAME = os.getenv("COLLECTION_NAME")
-TEXT_FIELD_NAME = os.getenv("TEXT_FIELD_NAME")
-DENSE_MODEL = os.getenv("DENSE_MODEL")
-SPARSE_MODEL = os.getenv("SPARSE_MODEL")
-DENSE_MODEL_SHORT = os.getenv("DENSE_MODEL_SHORT")
-SPARSE_MODEL_SHORT = os.getenv("SPARSE_MODEL_SHORT")

 import os
+HUGGING_FACE_API_KEY = os.getenv('HUGGING_FACE_API_KEY')
+COLLECTION_NAME = os.getenv('COLLECTION_NAME')
+QDRANT_URL = os.getenv('QDRANT_URL')
+QDRANT_API_KEY = os.getenv('QDRANT_API_KEY')
+DENSE_MODEL = os.getenv('DENSE_MODEL')
+SPARSE_MODEL = os.getenv('SPARSE_MODEL')
+LATE_INTERACTION_MODEL = os.getenv('LATE_INTERACTION_MODEL')
+NER_MODEL = os.getenv('NER_MODEL')
+ALLOWED_ORIGINS = os.getenv('ALLOWED_ORIGINS')
+API_KEY = os.getenv('API_KEY')