From 737ebc115ba855fe1bf23425864196582a14f4ce Mon Sep 17 00:00:00 2001
From: Khalim Conn-Kowlessar <kconnkowlessar@gmail.com>
Date: Thu, 6 Jul 2023 10:42:27 +0100
Subject: [PATCH] Added api key authentication to example portoflio api

---
 backend/main.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 35db91d1..4f536437 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1,9 +1,23 @@
-from fastapi import FastAPI
+from fastapi import FastAPI, Depends, HTTPException, status
+from fastapi.security import APIKeyHeader
+
+API_KEY = "example-api-key"
+API_KEY_NAME = "X-API-KEY"
+
+api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False)
 
 app = FastAPI()
 
 
-@app.get("/portfolio/{portfolio_id}")
+async def validate_api_key(api_key_header: str = Depends(api_key_header)):
+    if api_key_header != API_KEY:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN, detail="Could not validate credentials"
+        )
+    return api_key_header
+
+
+@app.get("/portfolio/{portfolio_id}", dependencies=[Depends(validate_api_key)])
 async def get_portfolio(portfolio_id: int):
     return {
         "portfolio_id": portfolio_id,