Work on header validation

app/lib_general.py

@@ -20,35 +20,49 @@ from app.db_sql import redis_lookup_id_random, sql_select
 
 
 # ### BEGIN ### API Lib General ### async get_token_header() ###
-async def get_token_header(x_token:str = Header(...)):
+async def get_token_header(x_token: str = Header(...)):
     if x_token != 'fake-super-secret-token':
         raise HTTPException(status_code=400, detail='X-Token header invalid')
 # ### END ### API Lib General ### async get_token_header() ###
 
 
 # ### BEGIN ### API Lib General ### async get_account_header() ###
-# Updated 2021-08-23
-async def get_account_header(x_account_id:str = Header(...)) -> dict:
-    log.setLevel(logging.WARNING) # DEBUG, INFO, WARN, WARNING, ERROR, EXCEPTION, CRITICAL
+# Updated 2022-01-05
+async def get_account_header(x_account_id: str = Header(..., min_length=11, max_length=22)) -> dict:
+    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
     log.debug(locals())
 
-    if len(x_account_id):
-        log.info(f'The x-account-id header has a value. x-account-id: {x_account_id}')
-        if account_id := redis_lookup_id_random(table_name='account', record_id_random=x_account_id):
-            log.setLevel(logging.DEBUG)
-            log.info('Found the account_id with the account_id_random value: '+x_account_id)
-            account = { 'id': account_id, 'id_random': x_account_id }
-        else:
-            log.warning('The x-account-id Account ID was not found or it was invalid...')
-            #raise HTTPException(status_code=500)
-            raise HTTPException(status_code=400) # or 404?
-            #return False
-    elif x_account_id == '':
-        log.info('The x-account-id header was empty.')
-        account = { 'id': None, 'id_random': None }
-        #account = { 'id': 0, 'id_random': 'abcdef123456' }
+    log.info(f'The x-account-id header has a value. x-account-id: {x_account_id}')
+
+    if account_id := redis_lookup_id_random(table_name='account', record_id_random=x_account_id):
+        log.setLevel(logging.DEBUG)
+        log.info(f'Found the x-account-id with the value: {x_account_id}')
+        account = { 'id': account_id, 'id_random': x_account_id }
+        log.debug(account)
+        return account
+    else:
+        log.warning(f'The x-account-id Account ID was not found. Account ID: {x_account_id}')
+        raise HTTPException(status_code=403, detail='The x-account-id Account ID was not found.') # Forbidden
+
+    # if len(x_account_id) >= 11 and len(x_account_id) <= 22:
+    #     log.info(f'The x-account-id header has a value. x-account-id: {x_account_id}')
+    #     if account_id := redis_lookup_id_random(table_name='account', record_id_random=x_account_id):
+    #         log.setLevel(logging.DEBUG)
+    #         log.info(f'Found the x-account-id with the value: {x_account_id}')
+    #         account = { 'id': account_id, 'id_random': x_account_id }
+    #         x_account_id = account_id
+    #     else:
+    #         log.warning(f'The x-account-id Account ID was not found. Account ID: {x_account_id}')
+    #         raise HTTPException(status_code=403, detail='The x-account-id Account ID was not found.') # Forbidden
+    # elif x_account_id == '':
+    #     log.info('The x-account-id header was empty.')
+    #     raise HTTPException(status_code=403, detail='The x-account-id header was empty.') # Forbidden
+    #     # account = { 'id': None, 'id_random': None }
+    # else:
+    #     log.info('The x-account-id header was not valid.')
+    #     raise HTTPException(status_code=403, detail='The x-account-id header was not valid.') # Forbidden
+
 
-    return account
 # ### END ### API Lib General ### async get_account_header() ###