aljaz/payments-rest-api
1
0
Fork 0
mirror of https://github.com/aljazceru/payments-rest-api.git synced 2025-12-21 23:44:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

adding simple authorization header

Browse Source
This commit is contained in:
Aljaz Ceru
2025-02-18 20:15:49 -06:00
parent 1d8ea56b65
commit 542567f916
1 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
lambda_function.py
View File

@@ -43,17 +43,17 @@ class SdkListener(EventListener):
class PaymentHandler: class PaymentHandler:
def __init__(self): def __init__(self):
self.api_key = self._get_ssm_parameter('/breez-test/api_key') self.breez_api_key = self._get_ssm_parameter('/breez-test/api_key')
self.seed_phrase = self._get_ssm_parameter('/breez-test/seed_phrase') self.seed_phrase = self._get_ssm_parameter('/breez-test/seed_phrase')
if not self.api_key: if not self.breez_api_key:
raise Exception("Missing Breez API key in Parameter Store") raise Exception("Missing Breez API key in Parameter Store")
if not self.seed_phrase: if not self.seed_phrase:
raise Exception("Missing seed phrase in Parameter Store") raise Exception("Missing seed phrase in Parameter Store")
logger.info("Retrieved encrypted parameters successfully") logger.info("Retrieved encrypted parameters successfully")
config = default_config(LiquidNetwork.MAINNET, self.api_key) config = default_config(LiquidNetwork.MAINNET, self.breez_api_key)
config.working_dir = '/tmp' config.working_dir = '/tmp'
connect_request = ConnectRequest(config=config, mnemonic=self.seed_phrase) connect_request = ConnectRequest(config=config, mnemonic=self.seed_phrase)
self.instance = connect(connect_request) self.instance = connect(connect_request)
@@ -196,10 +196,33 @@ class PaymentHandler:
except Exception as e: except Exception as e:
return {'statusCode': 500, 'body': json.dumps({'error': str(e)})} return {'statusCode': 500, 'body': json.dumps({'error': str(e)})}
def validate_api_key(event):
"""Validate the API key from the request headers"""
try:
api_key = event.get('headers', {}).get('x-api-key')
if not api_key:
logger.warning("No API key provided in request headers")
return False
# Get the stored API key from SSM
ssm = boto3.client('ssm')
stored_key = ssm.get_parameter(
Name='/breez-test/api_secret',
WithDecryption=True
)['Parameter']['Value']
return api_key == stored_key
except Exception as e:
logger.error(f"Error validating API key: {str(e)}", exc_info=True)
return False
@app.get("/list_payments") @app.get("/list_payments")
@tracer.capture_method @tracer.capture_method
def list_payments(): def list_payments():
try: try:
if not validate_api_key(app.current_event):
return {"statusCode": 401, "body": json.dumps({"error": "Unauthorized"})}
logger.info("Processing list_payments request") logger.info("Processing list_payments request")
handler = PaymentHandler() handler = PaymentHandler()
return handler.list_payments(app.current_event.query_string_parameters or {}) return handler.list_payments(app.current_event.query_string_parameters or {})
@@ -211,6 +234,9 @@ def list_payments():
@tracer.capture_method @tracer.capture_method
def receive_payment(): def receive_payment():
try: try:
if not validate_api_key(app.current_event):
return {"statusCode": 401, "body": json.dumps({"error": "Unauthorized"})}
body = app.current_event.json_body body = app.current_event.json_body
logger.info(f"Processing receive_payment request with body: {body}") logger.info(f"Processing receive_payment request with body: {body}")
@@ -227,6 +253,9 @@ def receive_payment():
@tracer.capture_method @tracer.capture_method
def send_payment(): def send_payment():
try: try:
if not validate_api_key(app.current_event):
return {"statusCode": 401, "body": json.dumps({"error": "Unauthorized"})}
body = app.current_event.json_body body = app.current_event.json_body
logger.info(f"Processing send_payment request with body: {body}") logger.info(f"Processing send_payment request with body: {body}")