fix: Minor adjustments
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
46c4def4c5
commit
d873506c71
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: "Cryptpad"
|
title: "Cryptpad"
|
||||||
date: 2021-05-7T22:08:55+02:00
|
date: 2021-05-07T22:08:55+02:00
|
||||||
draft: true
|
draft: true
|
||||||
image: "uploads/ILMO_bordered.png"
|
image: "uploads/ILMO_bordered.png"
|
||||||
tags: [FOSS]
|
tags: [FOSS]
|
||||||
|
@ -31,7 +31,16 @@ So instead, we need a proxy that stores the access token securely and restricts
|
|||||||
|
|
||||||
## The proxy
|
## The proxy
|
||||||
|
|
||||||
I wrote a short #FastAPI server for that. It only implements one method
|
Such a proxie must
|
||||||
|
|
||||||
|
* offer the endpoint that provides the same data as the FediverseAPI
|
||||||
|
* authorize itself to the FediverseAPI via `access_token`
|
||||||
|
* restrict to read access of consenting accounts
|
||||||
|
|
||||||
|
The last point is really important, as we don't want to allow others to use this endpoint to scrape data unauthorized.
|
||||||
|
|
||||||
|
I wrote a short FastAPI server that offers this. It only implements one method
|
||||||
|
|
||||||
```
|
```
|
||||||
@app.get("/api/v1/accounts/{account_id}/statuses")
|
@app.get("/api/v1/accounts/{account_id}/statuses")
|
||||||
async def fetch_data(account_id):
|
async def fetch_data(account_id):
|
||||||
@ -39,15 +48,16 @@ async def fetch_data(account_id):
|
|||||||
raise HTTPException(status_code=401, detail="You can only use this proxy to access configured accounts")
|
raise HTTPException(status_code=401, detail="You can only use this proxy to access configured accounts")
|
||||||
|
|
||||||
headers = {"Authorization": f"Bearer {ACCESS_TOKEN}"}
|
headers = {"Authorization": f"Bearer {ACCESS_TOKEN}"}
|
||||||
try:
|
|
||||||
response = requests.get(f"{EXTERNAL_API_BASE_URL}/api/v1/accounts/{account_id}/statuses", headers=headers)
|
response = requests.get(f"{EXTERNAL_API_BASE_URL}/api/v1/accounts/{account_id}/statuses", headers=headers)
|
||||||
response.raise_for_status()
|
|
||||||
return response.json()
|
return response.json()
|
||||||
except requests.exceptions.RequestException as e:
|
|
||||||
raise HTTPException(status_code=502, detail=f"Error fetching data from API: {e}")
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Basically this is the whole API. I trimmed a few error checks and such. To deploy, I put it in a docker container and started it via docker-compose
|
Basically this is the whole API code, I only trimmed a few checks and error handling.
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
To deploy, I put it in a docker container and started it via docker-compose. Reverse proxing is handled by Traefik, I won't go into detail here.
|
||||||
|
|
||||||
```
|
```
|
||||||
services:
|
services:
|
||||||
fediproxy.example.org:
|
fediproxy.example.org:
|
||||||
@ -77,7 +87,7 @@ networks:
|
|||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
and added a short `.env` to configure.
|
I added a short `.env` to configure:
|
||||||
|
|
||||||
```
|
```
|
||||||
ACCESS_TOKEN=VERYSECRETTOKENTHATISDEFINETLYREAL
|
ACCESS_TOKEN=VERYSECRETTOKENTHATISDEFINETLYREAL
|
||||||
|
Loading…
Reference in New Issue
Block a user