From 7a550dd2f7fdf7e9be21f8120f6ecc33be531f18 Mon Sep 17 00:00:00 2001 From: pablohashescobar Date: Fri, 27 Oct 2023 14:02:03 +0530 Subject: [PATCH] dev: enable api key authentication --- apiserver/plane/license/api/views/checkout.py | 2 +- apiserver/plane/license/api/views/instance.py | 2 +- apiserver/plane/license/api/views/product.py | 10 ++++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/apiserver/plane/license/api/views/checkout.py b/apiserver/plane/license/api/views/checkout.py index 8ac3e2e53..ea72542b6 100644 --- a/apiserver/plane/license/api/views/checkout.py +++ b/apiserver/plane/license/api/views/checkout.py @@ -23,7 +23,7 @@ class CheckoutEndpoint(BaseAPIView): license = License.objects.first() if license is None: - return Response({"error": "Instance is not activated"}, status=status.HTTP_400_BAD_REQUEST) + return Response({"error": "Instance is not activated"}, status=status.HTTP_403_FORBIDDEN) price_id = request.data.get("price_id", False) diff --git a/apiserver/plane/license/api/views/instance.py b/apiserver/plane/license/api/views/instance.py index a34181539..6abcd5471 100644 --- a/apiserver/plane/license/api/views/instance.py +++ b/apiserver/plane/license/api/views/instance.py @@ -68,7 +68,7 @@ class InstanceEndpoint(BaseAPIView): license = License.objects.first() if license is None: - return Response({"activated": False}, status=status.HTTP_200_OK) + return Response({"activated": False}, status=status.HTTP_403_FORBIDDEN) data = { "instance_id": license.instance_id, diff --git a/apiserver/plane/license/api/views/product.py b/apiserver/plane/license/api/views/product.py index b8e37d839..23ef83b25 100644 --- a/apiserver/plane/license/api/views/product.py +++ b/apiserver/plane/license/api/views/product.py @@ -20,17 +20,19 @@ class ProductEndpoint(BaseAPIView): if license is None: return Response( {"error": "Instance is not activated"}, - status=status.HTTP_400_BAD_REQUEST, + status=status.HTTP_403_FORBIDDEN, ) # # Request the licensing engine + headers = { + "x-api-key": license.api_key, + } response = requests.get( f"{LICENSE_ENGINE_BASE_URL}/api/products", - headers={ - "X-Api-Key": license.api_key, - }, + headers=headers, ) + if response.status_code == 200: return Response(response.json(), status=status.HTTP_200_OK) return Response(