cloud-api/src/iam/service.py

"""
Business logic reusable functions related to IAM

Exports:
 - service_key_dependency: bool: verifies request headers contain the correct api key for the service
"""
from typing import Annotated

from src.service.models import Service
from src.database import db_dependency
from src.schemas import ResourceName
from src.auth.exceptions import UnauthorizedException

from fastapi import Request, Depends


def valid_service_key(db: db_dependency, request: Request, rn: ResourceName) -> bool:
	api_key = request.headers.get("X-API-Key", None)
	if not api_key:
		raise UnauthorizedException("Missing API key")
	service = rn.service
	result = db.query(Service).filter(Service.name == service).filter(Service.api_key == api_key).first()
	if result is None:
		raise UnauthorizedException("Invalid API key")

	return True

service_key_dependency = Annotated[bool, Depends(valid_service_key)]
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00			`"""`
docs: iam docstrings Issue: #13 2026-05-28 13:22:24 +01:00			`Business logic reusable functions related to IAM`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00
docs: iam docstrings Issue: #13 2026-05-28 13:22:24 +01:00			`Exports:`
			`- service_key_dependency: bool: verifies request headers contain the correct api key for the service`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00			`"""`
			`from typing import Annotated`

			`from src.service.models import Service`
			`from src.database import db_dependency`
			`from src.schemas import ResourceName`
minor: renames and error messages 2026-06-04 14:53:35 +01:00			`from src.auth.exceptions import UnauthorizedException`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00
ruff: config and initial run 2026-06-08 10:45:38 +01:00			`from fastapi import Request, Depends`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00

			`def valid_service_key(db: db_dependency, request: Request, rn: ResourceName) -> bool:`
			`api_key = request.headers.get("X-API-Key", None)`
			`if not api_key:`
minor: renames and error messages 2026-06-04 14:53:35 +01:00			`raise UnauthorizedException("Missing API key")`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00			`service = rn.service`
			`result = db.query(Service).filter(Service.name == service).filter(Service.api_key == api_key).first()`
			`if result is None:`
minor: renames and error messages 2026-06-04 14:53:35 +01:00			`raise UnauthorizedException("Invalid API key")`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00
			`return True`

			`service_key_dependency = Annotated[bool, Depends(valid_service_key)]`