Merge pull request #17 from CanDIG/daisieh/candig-api

daisieh · web-flow · commit c400a3004761 · 2026-03-12T10:16:03.000-07:00
add service-token check for candig-api
diff --git a/drs_server/authz.py b/drs_server/authz.py
@@ -80,7 +80,7 @@ def has_full_authz(request):
     """
     if is_testing(request):
         return True
-    if request_is_from_ingest(request) or request_is_from_query(request) or request_is_from_htsget(request):
+    if request_is_from_ingest(request) or request_is_from_query(request) or request_is_from_htsget(request) or request_is_from_candig_api(request):
         return True
     if "Authorization" in request.headers:
         try:
@@ -114,3 +114,8 @@ def request_is_from_htsget(request):
     if "X-Service-Token" in request.headers:
         return authx.auth.verify_service_token(service="htsget", token=request.headers["X-Service-Token"])
     return False
+
+def request_is_from_candig_api(request):
+    if "X-Service-Token" in request.headers:
+        return authx.auth.verify_service_token(service="candig-api", token=request.headers["X-Service-Token"])
+    return False
