fix(api): deny all API requests

mfocko · mfocko · commit d1ab3a634c46 · 2025-01-16T16:27:06.000+01:00
Fixes packit/packit-service#2529 Signed-off-by: Matej Focko <mfocko@redhat.com>
diff --git a/packit_dashboard/api/routes.py b/packit_dashboard/api/routes.py
@@ -0,0 +1,21 @@
+# Copyright Contributors to the Packit project.
+# SPDX-License-Identifier: MIT
+
+from logging import getLogger
+
+from flask import Blueprint
+from flask_cors import CORS
+
+
+logger = getLogger("packit_dashboard")
+api = Blueprint(
+    "api",
+    __name__,
+)
+CORS(api)
+
+
+@api.route("/api/", defaults={"path": ""})
+@api.route("/api/<path:path>")
+def drop(path):
+    return ("", 421)
diff --git a/packit_dashboard/app.py b/packit_dashboard/app.py
@@ -6,6 +6,7 @@
 from flask import Flask
 from flask_talisman import Talisman
 
+from packit_dashboard.api.routes import api
 from packit_dashboard.home.routes import home
 
 app = Flask(
@@ -16,6 +17,7 @@
 # Note: Declare any other flask blueprints or routes above this.
 # Routes declared below this will be rendered by React
 app.register_blueprint(home)
+app.register_blueprint(api)
 
 
 # Enable CSP and HSTS
