Add a secure weather route

tests/app/test_app.py

@@ -4,17 +4,19 @@
 from fastapi.testclient import TestClient
 
 from weatherapi import __version__ as version
-from weatherapi.app import HourlyForecast, app, get_weather
+from weatherapi.app import API_KEY, HourlyForecast, app, get_weather
 
 client = TestClient(app)
 
 
+CITY = "Chennai"
+
+
 class TestRoutes:
     @pytest.mark.asyncio
     async def test_get_weather(self) -> None:
-        city = "Chennai"
-        weather = await get_weather(city)
-        assert weather.city == city
+        weather = await get_weather(CITY)
+        assert weather.city == CITY
         assert weather.temperature > 0
 
         assert len(weather.daily_forecasts) > 0
@@ -32,10 +34,10 @@ async def test_get_weather(self) -> None:
         assert first_hourly_forecast.description is not None
 
     def test_weather_route(self) -> None:
-        response = client.get("/?city=Chennai")
+        response = client.get(f"/?city={CITY}")
         assert response.status_code == 200
         resp_json = response.json()
-        assert resp_json.get("city") == "Chennai"
+        assert resp_json.get("city") == CITY
         assert resp_json.get("temperature") > 0
 
         assert len(resp_json.get("daily_forecasts")) > 0
@@ -56,6 +58,18 @@ def test_weather_route(self) -> None:
         assert first_hourly_forecast.get("temperature") > 0  # type: ignore
         assert first_hourly_forecast.get("description") is not None
 
+    def test_secure_weather_route(self) -> None:
+        response = client.get(f"/secure?city={CITY}", headers={"x-key": "wrong_key"})
+        assert response.status_code == 403
+        resp_json = response.json()
+        assert resp_json.get("detail") == f"Invalid API Key; Try '{API_KEY}'"
+
+        response = client.get(f"/secure?city={CITY}", headers={"x-key": API_KEY})
+        assert response.status_code == 200
+        resp_json = response.json()
+        assert resp_json.get("city") == CITY
+        assert resp_json.get("temperature") > 0
+
     def test_openapi(self) -> None:
         expected = {
             "openapi": "3.1.0",
@@ -105,7 +119,50 @@ def test_openapi(self) -> None:
                             },
                         },
                     }
-                }
+                },
+                "/secure": {
+                    "get": {
+                        "summary": "Secure Get Weather Route",
+                        "description": "Get weather forecast for a given city with security",
+                        "operationId": "secure_get_weather_route_secure_get",
+                        "security": [{"APIKeyHeader": []}],
+                        "parameters": [
+                            {
+                                "name": "city",
+                                "in": "query",
+                                "required": True,
+                                "schema": {
+                                    "type": "string",
+                                    "description": "city for which forecast is requested",
+                                    "title": "City",
+                                },
+                                "description": "city for which forecast is requested",
+                            }
+                        ],
+                        "responses": {
+                            "200": {
+                                "description": "Successful Response",
+                                "content": {
+                                    "application/json": {
+                                        "schema": {
+                                            "$ref": "#/components/schemas/Weather"
+                                        }
+                                    }
+                                },
+                            },
+                            "422": {
+                                "description": "Validation Error",
+                                "content": {
+                                    "application/json": {
+                                        "schema": {
+                                            "$ref": "#/components/schemas/HTTPValidationError"
+                                        }
+                                    }
+                                },
+                            },
+                        },
+                    }
+                },
             },
             "components": {
                 "schemas": {
@@ -190,7 +247,10 @@ def test_openapi(self) -> None:
                         "required": ["city", "temperature", "daily_forecasts"],
                         "title": "Weather",
                     },
-                }
+                },
+                "securitySchemes": {
+                    "APIKeyHeader": {"type": "apiKey", "in": "header", "name": "x-key"}
+                },
             },
         }
         response = client.get("/openapi.json")

weatherapi/app.py

@@ -4,7 +4,8 @@
 from typing import Annotated, List
 
 import python_weather
-from fastapi import FastAPI, Query
+from fastapi import Depends, FastAPI, HTTPException, Query
+from fastapi.security import APIKeyHeader
 from pydantic import BaseModel
 
 from . import __version__
@@ -26,6 +27,9 @@
     title="WeatherAPI",
 )
 
+API_KEY = "secure weather key"  # pragma: allowlist secret
+header_scheme = APIKeyHeader(name="x-key")
+
 
 class HourlyForecast(BaseModel):
     forecast_time: datetime.time
@@ -83,3 +87,13 @@ async def get_weather_route(
     city: Annotated[str, Query(description="city for which forecast is requested")],
 ) -> Weather:
     return await get_weather(city)
+
+
+@app.get("/secure", description="Get weather forecast for a given city with security")
+async def secure_get_weather_route(
+    city: Annotated[str, Query(description="city for which forecast is requested")],
+    key: str = Depends(header_scheme),
+) -> Weather:
+    if key != API_KEY:
+        raise HTTPException(status_code=403, detail=f"Invalid API Key; Try '{API_KEY}'")
+    return await get_weather(city)