feat: added option for api auth

Author: Mesh-ach

src/webapp/authn.py

@@ -16,11 +16,6 @@
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
-oauth2_apikey_scheme = OAuth2PasswordBearer(
-    scheme_name="api_key_scheme",
-    tokenUrl="token-from-api-key",
-)
-
 api_key_header = APIKeyHeader(name="X-API-KEY", scheme_name="api-key", auto_error=False)
 # The INST value may be empty for Datakinder or cross-institution access.
 api_key_inst_header = APIKeyHeader(

src/webapp/main.py

@@ -98,18 +98,24 @@ def read_root() -> Any:
 async def access_token_from_api_key(
     sql_session: Annotated[Session, Depends(get_session)],
     form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+    api_key_enduser_tuple: str = Security(get_api_key),
 ) -> Token:
     """Generate a token from an API key."""
+    local_session.set(sql_session)
 
+    user = authenticate_api_key(api_key_enduser_tuple, local_session.get())
     valid = check_creds(form_data.username, form_data.password)
+    logger.info(f"api_key input: {api_key_enduser_tuple}")
+    logger.info(f"user: {user}")
+    logger.info(f"valid creds: {valid}")
 
-    if not valid:
+    if not user and not valid:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Invalid API key and credentials",
             headers={"WWW-Authenticate": "X-API-KEY"},
         )
-    email = form_data.username
+    email = user.email if user else form_data.username
     access_token_expires = timedelta(
         minutes=int(env_vars["ACCESS_TOKEN_EXPIRE_MINUTES"])
     )