dont look up user if no api key is given (#1185)

melange396 · web-flow · commit abe1b7fa7699 · 2023-05-31T14:18:56.000-04:00
* dont look up user if no api key is given
* disable recording of last key usage in redis (temporarily)
diff --git a/src/server/_common.py b/src/server/_common.py
@@ -162,6 +162,10 @@ def after_request_execute(response):
 
 @app.teardown_appcontext
 def teardown_db(exception=None):
+    # drop reference to "user" (if it exists)
+    if "user" in g:
+        g.pop("user")
+
     # close the db connection
     db = g.pop("db", None)
 
diff --git a/src/server/_security.py b/src/server/_security.py
@@ -81,7 +81,10 @@ def require_api_key() -> bool:
 def _get_current_user():
     if "user" not in g:
         api_key = resolve_auth_token()
-        g.user = User.find_user(api_key=api_key)
+        if api_key:
+            g.user = User.find_user(api_key=api_key)
+        else:
+            g.user = None
     return g.user
 
 
@@ -122,6 +125,8 @@ def decorated_function(*args, **kwargs):
 
 
 def update_key_last_time_used(user):
+    # TODO: reenable this once cc<-->aws latency issues are sorted out, or maybe do this call asynchronously
+    return
     if user:
         # update last usage for this user's api key to "now()"
         r = redis.Redis(host=REDIS_HOST, password=REDIS_PASSWORD)
