Merge dev into main

Author: DinisCruz

README.md

@@ -1,6 +1,6 @@
 # OSBot-Fast-API
 
-![Current Release](https://img.shields.io/badge/release-v0.35.0-blue)
+![Current Release](https://img.shields.io/badge/release-v0.35.1-blue)
 ![Python](https://img.shields.io/badge/python-3.8+-green)
 ![FastAPI](https://img.shields.io/badge/FastAPI-0.100+-red)
 ![Type-Safe](https://img.shields.io/badge/Type--Safe-✓-brightgreen)

osbot_fast_api/api/Fast_API.py

@@ -218,7 +218,10 @@ def setup_static_routes_docs(self):
     def setup_middleware__api_key_check(self, env_var__api_key_name:str=ENV_VAR__FAST_API__AUTH__API_KEY__NAME, env_var__api_key_value:str=ENV_VAR__FAST_API__AUTH__API_KEY__VALUE):
         from osbot_fast_api.api.middlewares.Middleware__Check_API_Key import Middleware__Check_API_Key
         if self.config.enable_api_key:
-            self.app().add_middleware(Middleware__Check_API_Key, env_var__api_key__name=env_var__api_key_name, env_var__api_key__value=env_var__api_key_value)
+            self.app().add_middleware(Middleware__Check_API_Key,
+                                      env_var__api_key__name  = env_var__api_key_name  ,
+                                      env_var__api_key__value = env_var__api_key_value ,
+                                      allow_cors              = self.config.enable_cors)
         return self
 
     def setup_middleware__cors(self):               # todo: double check that this is working see bug test

osbot_fast_api/api/middlewares/Middleware__Check_API_Key.py

@@ -15,10 +15,14 @@
 
 class Middleware__Check_API_Key(BaseHTTPMiddleware):
 
-    def __init__(self, app, env_var__api_key__name, env_var__api_key__value):
+    def __init__(self, app, env_var__api_key__name,
+                       env_var__api_key__value    ,
+                       allow_cors : bool          = False):
+
         super().__init__(app)
         self.api_key__name  = get_env(env_var__api_key__name )
         self.api_key__value = get_env(env_var__api_key__value)
+        self.allow_cors     = allow_cors
 
     def return_error(self, error_message):
         content = to_json_str(status_error(error_message))
@@ -30,6 +34,8 @@ async def dispatch(self, request: Request, call_next) -> Response:
 
         if request.url.path in AUTH__EXCLUDED_PATHS:                                                 # allow for the seeing the docs and accessing the methods to set the cookie
             return await call_next(request)
+        if request.method == 'OPTIONS' and self.allow_cors:
+            return self.create_allow_cors_response(request=request)
 
         if not self.api_key__name:
             return self.return_error(ERROR_MESSAGE__NO_KEY_NAME_SETUP)
@@ -47,4 +53,13 @@ async def dispatch(self, request: Request, call_next) -> Response:
             return self.return_error(ERROR_MESSAGE__API_KEY_INVALID)
 
         response = await call_next(request)                                                         # If API key is valid, continue with the request
-        return response
+        return response
+
+
+    def create_allow_cors_response(self, request: Request):
+        origin = request.headers.get('origin', '*')
+        return Response(status_code = 204,
+                        headers     = { 'Access-Control-Allow-Origin'   : origin                                          ,
+                                        'Access-Control-Allow-Methods'  : 'GET, POST, PUT, DELETE, OPTIONS'               ,
+                                        'Access-Control-Allow-Headers'  : 'api-key__for__mgraph-ai__service, content-type',
+                                        'Access-Control-Max-Age'        : '86400'                                         })

osbot_fast_api/version

@@ -1 +1 @@
-v0.35.0
+v0.35.1

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name        = "osbot_fast_api"
-version     = "v0.35.0"
+version     = "v0.35.1"
 description = "OWASP Security Bot - Fast API"
 authors     = ["Dinis Cruz <dinis.cruz@owasp.org>"]
 license     = "MIT"

tests/unit/api/middlewares/test_MIddleware__Check_API_Key.py

@@ -27,7 +27,8 @@ def setUp(self):
 
     def test__init__(self):
         expected_middleware = { 'function_name': None                                                          ,
-                                'params'       : { 'env_var__api_key__name' : 'FAST_API__AUTH__API_KEY__NAME'  ,
+                                'params'       : { 'allow_cors'             : False                            ,
+                                                   'env_var__api_key__name' : 'FAST_API__AUTH__API_KEY__NAME'  ,
                                                    'env_var__api_key__value': 'FAST_API__AUTH__API_KEY__VALUE'},
                                  'type'        : 'Middleware__Check_API_Key'}
         with self.admin_fastapi  as _: