diff --git a/backend/src/aggregation/layer2/auth.py b/backend/src/aggregation/layer2/auth.py index 7256f3f..25bae8d 100644 --- a/backend/src/aggregation/layer2/auth.py +++ b/backend/src/aggregation/layer2/auth.py @@ -7,7 +7,7 @@ get_valid_db_user, get_valid_github_user, ) -from src.constants import OWNER, REPO, USER_WHITELIST +from src.constants import OWNER, REPO, USER_BLACKLIST, USER_WHITELIST from src.data.github.rest import RESTError from src.utils import alru_cache @@ -38,6 +38,10 @@ async def check_user_starred_repo( @alru_cache(ttl=timedelta(hours=1)) async def get_is_valid_user(user_id: str) -> Tuple[bool, str]: + if user_id.lower() in USER_BLACKLIST: + # TODO: change error message + return (False, "GitHub user not found") + if user_id.lower() in USER_WHITELIST: return (True, f"Valid user {user_id.lower()}") diff --git a/backend/src/aggregation/layer2/user.py b/backend/src/aggregation/layer2/user.py index 75fe831..cf25660 100644 --- a/backend/src/aggregation/layer2/user.py +++ b/backend/src/aggregation/layer2/user.py @@ -2,6 +2,7 @@ from typing import Optional, Tuple from src.aggregation.layer0 import get_user_data +from src.constants import USER_BLACKLIST from src.data.mongo.secret.functions import update_keys from src.data.mongo.user import PublicUserModel, get_public_user as db_get_public_user from src.data.mongo.user_months import get_user_months @@ -41,6 +42,9 @@ async def get_user( ) -> Tuple[ bool, Tuple[Optional[UserPackage], bool, Optional[UpdateUserBackgroundTask]] ]: + if user_id in USER_BLACKLIST: + return (False, (None, False, None)) + user: Optional[PublicUserModel] = await db_get_public_user(user_id) if user is None: return (False, (None, False, None)) diff --git a/backend/src/constants.py b/backend/src/constants.py index 3f8cf99..1a01c8d 100644 --- a/backend/src/constants.py +++ b/backend/src/constants.py @@ -67,6 +67,8 @@ "sindresorhus", ] +USER_BLACKLIST = ["kangmingtay", "ae7er"] + print("PROD", PROD) print("API_VERSION", API_VERSION) print()