feat: using secrets.compare_digest and making control flow clearer

mrtolkien · mrtolkien · commit 0a48b8bdbe8d · 2023-07-18T23:04:23.000+09:00
diff --git a/fastapi_simple_security/_security_secret.py b/fastapi_simple_security/_security_secret.py
@@ -64,21 +64,20 @@ async def secret_based_security(header_param: Optional[str] = Security(secret_he
         HTTPException if the authentication failed
     """
 
-    if header_param:
-        # We simply return True if the given secret-key has the right value
-        if compare_digest(header_param, secret.value):
-            return True
+    if not header_param:
+        raise HTTPException(
+            status_code=HTTP_403_FORBIDDEN,
+            detail="secret_key must be passed as a header field",
+        )
+
+    # We simply return True if the given secret-key has the right value
+    if not compare_digest(header_param, secret.value):
+        raise HTTPException(
+            status_code=HTTP_403_FORBIDDEN,
+            detail="Wrong secret key. If not set through environment variable \
+                'FASTAPI_SIMPLE_SECURITY_SECRET', it was "
+            "generated automatically at startup and appears in the server logs.",
+        )
 
-        # Error text with wrong header param
-        else:
-            error = (
-                "Wrong secret key. If not set through environment variable \
-                    'FASTAPI_SIMPLE_SECURITY_SECRET', it was "
-                "generated automatically at startup and appears in the server logs."
-            )
-
-    # Error text without header param
     else:
-        error = "secret_key must be passed as a header field"
-
-    raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail=error)
+        return True
