Forbid authentication with revoked keys

This commit is contained in:
imperosol 2025-05-26 07:42:44 +02:00
parent e765fcc96e
commit dda9e6ac04

View File

@ -14,7 +14,7 @@ class ApiKeyAuth(APIKeyHeader):
hasher = get_hasher() hasher = get_hasher()
hashed_key = hasher.encode(key) hashed_key = hasher.encode(key)
try: try:
key_obj = ApiKey.objects.get(hashed_key=hashed_key) key_obj = ApiKey.objects.get(revoked=False, hashed_key=hashed_key)
except ApiKey.DoesNotExist: except ApiKey.DoesNotExist:
return None return None
return key_obj.client return key_obj.client