change header auth to use X-ArchiveBox-API-Key so it doesnt conflict with other auth headers

2025-08-16 11:35:59 +02:00 · 2024-05-08 20:02:47 -07:00
parent 09360fd191
commit b90ba6c909
1 changed files with 9 additions and 9 deletions
--- a/archivebox/api/auth.py
+++ b/archivebox/api/auth.py
@@ -79,29 +79,29 @@ class UserPassAuthCheck:

 ### Django-Ninja-Provided Auth Methods

-class UsernameAndPasswordAuth(UserPassAuthCheck, HttpBasicAuth):
-    """Allow authenticating by passing username & password via HTTP Basic Authentication (not recommended)"""
+class HeaderTokenAuth(APITokenAuthCheck, APIKeyHeader):
+    """Allow authenticating by passing X-API-Key=xyz as a request header"""
+    param_name = "X-ArchiveBox-API-Key"
+
+class BearerTokenAuth(APITokenAuthCheck, HttpBearer):
+    """Allow authenticating by passing Bearer=xyz as a request header"""
    pass

 class QueryParamTokenAuth(APITokenAuthCheck, APIKeyQuery):
    """Allow authenticating by passing api_key=xyz as a GET/POST query parameter"""
    param_name = "api_key"

-class HeaderTokenAuth(APITokenAuthCheck, APIKeyHeader):
-    """Allow authenticating by passing X-API-Key=xyz as a request header"""
-    param_name = "X-API-Key"
-
-class BearerTokenAuth(APITokenAuthCheck, HttpBearer):
-    """Allow authenticating by passing Bearer=xyz as a request header"""
+class UsernameAndPasswordAuth(UserPassAuthCheck, HttpBasicAuth):
+    """Allow authenticating by passing username & password via HTTP Basic Authentication (not recommended)"""
    pass


 ### Enabled Auth Methods

 API_AUTH_METHODS = [
-    QueryParamTokenAuth(), 
    HeaderTokenAuth(),
    BearerTokenAuth(),
+    QueryParamTokenAuth(), 
    django_auth_superuser,
    UsernameAndPasswordAuth(),
 ]