bump

2025-07-09 06:12:33 +00:00 · 2025-07-09 06:12:33 +00:00 · 701758e5c5
commit 701758e5c5
parent 071b472221
3 changed files with 21 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,6 @@
 .env
 .env.public
 .env.private
+.callback_uri
+.client_id
+.client_secret
--- a/app/main.py
+++ b/app/main.py
@ -1,5 +1,4 @@
 from collections import OrderedDict
-from dotenv import load_dotenv
 from fastapi import FastAPI, Query, Request, Response, status
 from fastapi.responses import RedirectResponse
 from uuid import uuid4
@ -10,15 +9,14 @@ import os

 UUIDPattern = "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
 UUIDQuery = Query(min_length=36, max_length=36, pattern=f"^{UUIDPattern}$")
-load_dotenv()
-client_id = os.environ['MONZO_CLIENT_ID']
-client_secret = os.environ['MONZO_CLIENT_SECRET']
-callback_uri = os.environ['MONZO_CALLBACK_URI']
+with open('/run/secrets/monzo-api_client-id') as file: client_id = file.read().rstrip()
+with open('/run/secrets/monzo-api_client-secret') as file: client_secret = file.read().rstrip()
+with open('/run/secrets/monzo-api_callback-uri') as file: callback_uri = file.read().rstrip()

 app = FastAPI(root_path='/monzo')

@app.get('/')
-def read_root(): return {'version': 'v0.0.9'}
+def read_root(): return {'version': 'v0.0.10'}


@app.get('/redirect', response_class=RedirectResponse)
@ -29,15 +27,15 @@ def read_redirect(res: Response):
        client_id=client_id,
        redirect_uri=callback_uri,
        state=state,
-        response_type="code",
+        response_type='code',
    ))
-    res.set_cookie(key="monzo-api:state", value=state)
+    res.set_cookie(key='monzo-api:state', value=state)
    return f"https://auth.monzo.com/?{query}"


@app.get('/callback')
 def read_callback(code: str, state: Annotated[str, UUIDQuery], req: Request, res: Response):
-    stored_state = req.cookies['monzo-api:state']
+    stored_state = req.cookies["monzo-api:state"]
    if (state != stored_state):
        res.status_code = status.HTTP_400_BAD_REQUEST
        return { 'error': True, 'data': f"Callback state '{state}' does not match stored state '{stored_state}'." }
@ -51,5 +49,5 @@ def read_callback(code: str, state: Annotated[str, UUIDQuery], req: Request, res
        'redirect_uri': callback_uri,
        'code': code,
    }
-    token = requests.post("https://api.monzo.com/oauth2/token", data=data)
+    token = requests.post('https://api.monzo.com/oauth2/token', data=data)
    return { 'error': False, 'data': token.json() }
--- a/compose.yml
+++ b/compose.yml
@ -1,11 +1,8 @@
 services:
  monzo-api:
-    image: git.wnd.sh/n/monzo-api:v0.0.9
+    image: git.wnd.sh/n/monzo-api:v0.0.10
    networks: [traefik-public]
-    environment:
-      - MONZO_CALLBACK_URI=https://api.wnd.sh/monzo/callback
-      - MONZO_CLIENT_ID=oauth2client_0000AtdcjWWYX35lpL2REI
-      - MONZO_CLIENT_SECRET=mnzconf.K78nqT+k2QKOlR6oSoF6CHLLSMII9SqWxg5smZfc5wgWDGH94HO1h338SEOFCH8rSy6EDKDtgFvA8qnkiQhpFA==
+    secrets: [monzo-api_client-id, monzo-api_client-secret, monzo-api_callback-uri]
    deploy:
      labels:
        - traefik.enable=true
@ -25,3 +22,11 @@ services:
 networks:
  traefik-public:
    external: true
+
+secrets:
+  monzo-api_client-id:
+    external: true
+  monzo-api_client-secret:
+    external: true
+  monzo-api_callback-uri:
+    external: true