Fix: API Key validation from database, Python 3.12 compatibility, persistent volumes

2026-01-29 01:25:11 +01:00
parent 008ef63bfd
commit c5ecd2ee76
5 changed files with 76 additions and 24 deletions
--- a/src/api/transcriptions.py
+++ b/src/api/transcriptions.py
@@ -14,6 +14,10 @@ from sqlalchemy.orm import Session
 router = APIRouter()


+from src.services.stats_service import hash_api_key
+from src.database.db import SessionLocal
+from src.database.models import ApiKey
+
 def verify_api_key(authorization: Optional[str] = Header(None)):
    """Verify API key from Authorization header"""
    if not authorization:
@@ -24,15 +28,27 @@ def verify_api_key(authorization: Optional[str] = Header(None)):
        raise HTTPException(status_code=401, detail="Invalid authorization format")
    
    api_key = authorization.replace("Bearer ", "").strip()
+    
+    # Check environment variable keys first
    valid_keys = settings.get_api_keys_list()
+    if api_key in valid_keys:
+        return api_key
    
-    if not valid_keys:
-        raise HTTPException(status_code=500, detail="No API keys configured")
+    # Check database keys
+    db = SessionLocal()
+    try:
+        key_hash = hash_api_key(api_key)
+        db_key = db.query(ApiKey).filter(
+            ApiKey.key_hash == key_hash,
+            ApiKey.is_active == True
+        ).first()
+        
+        if db_key:
+            return api_key
+    finally:
+        db.close()
    
-    if api_key not in valid_keys:
-        raise HTTPException(status_code=401, detail="Invalid API key")
-    
-    return api_key
+    raise HTTPException(status_code=401, detail="Invalid API key")


@router.get("/models")