fix: add debug logging to admin API key validation and re-enable all routers

- Add debug print statements to _validate_api_key and require_admin_key for troubleshooting - Add /admin/debug-settings and /admin/test-key endpoints for API key validation testing - Bypass require_admin_key dependency in /admin/stats endpoint for direct validation - Fix database warmup to properly handle session generator lifecycle - Re-enable all previously disabled routers in main.py - Add custom OpenAPI security scheme
2026-03-05 13:44:37 +01:00
parent b44aeaad97
commit 83b5152b40
12 changed files with 556 additions and 65 deletions
--- a/apps/coordinator-api/src/app/routers/admin.py
+++ b/apps/coordinator-api/src/app/routers/admin.py
@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends, HTTPException, status, Request
+from fastapi import APIRouter, Depends, HTTPException, status, Request, Header
 from sqlmodel import select
 from slowapi import Limiter
 from slowapi.util import get_remote_address
@@ -16,14 +16,48 @@ limiter = Limiter(key_func=get_remote_address)
 router = APIRouter(prefix="/admin", tags=["admin"])


+@router.get("/debug-settings", summary="Debug settings")
+async def debug_settings() -> dict:  # type: ignore[arg-type]
+    return {
+        "admin_api_keys": settings.admin_api_keys,
+        "client_api_keys": settings.client_api_keys,
+        "miner_api_keys": settings.miner_api_keys,
+        "app_env": settings.app_env
+    }
+
+
+@router.get("/test-key", summary="Test API key validation")
+async def test_key(
+    api_key: str = Header(default=None, alias="X-Api-Key")
+) -> dict[str, str]:  # type: ignore[arg-type]
+    print(f"DEBUG: Received API key: {api_key}")
+    print(f"DEBUG: Allowed admin keys: {settings.admin_api_keys}")
+    
+    if not api_key or api_key not in settings.admin_api_keys:
+        print(f"DEBUG: API key validation failed!")
+        raise HTTPException(status_code=401, detail="invalid api key")
+    
+    print(f"DEBUG: API key validation successful!")
+    return {"message": "API key is valid", "key": api_key}
+
+
@router.get("/stats", summary="Get coordinator stats")
@limiter.limit(lambda: settings.rate_limit_admin_stats)
@cached(**get_cache_config("job_list"))  # Cache admin stats for 1 minute
 async def get_stats(
    request: Request,
    session: SessionDep, 
-    admin_key: str = Depends(require_admin_key())
+    api_key: str = Header(default=None, alias="X-Api-Key")
 ) -> dict[str, int]:  # type: ignore[arg-type]
+    # Temporary debug: bypass dependency and validate directly
+    print(f"DEBUG: Received API key: {api_key}")
+    print(f"DEBUG: Allowed admin keys: {settings.admin_api_keys}")
+    
+    if not api_key or api_key not in settings.admin_api_keys:
+        raise HTTPException(status_code=401, detail="invalid api key")
+    
+    print(f"DEBUG: API key validation successful!")
+    
    service = JobService(session)
    from sqlmodel import func, select
    from ..domain import Job