Stripe Causing API Crash

[Shaneajm]

When starting the API with a test stripe key, the API gives a 401 Unauthorized error. However in Insomnia there's no issue.

INFO:     Started server process [15984]
INFO:     Waiting for application startup.
Memory cache being used, use redis for production.
ERROR:    Traceback (most recent call last):
  File "C:\Users\Shane\AppData\Local\Programs\Python\Python38\lib\site-packages\starlette\routing.py", line 542, in lifespan
    async for item in self.lifespan_context(app):
  File "C:\Users\Shane\AppData\Local\Programs\Python\Python38\lib\site-packages\starlette\routing.py", line 483, in default_lifespan
    await self.startup()
  File "C:\Users\Shane\AppData\Local\Programs\Python\Python38\lib\site-packages\starlette\routing.py", line 518, in startup
    await handler()
  File "G:\API\SQLMatches\__init__.py", line 321, in _startup
    await create_product_and_set(self.product_name)
  File "G:\API\SQLMatches\misc.py", line 143, in create_product_and_set
    data = await Sessions.stripe.create_product(name=product_name)
  File "G:\API\SQLMatches\stripe\__init__.py", line 171, in create_product
    data = await self._post("products", data={
  File "G:\API\SQLMatches\stripe\__init__.py", line 93, in _post
    return await self.__handle(resp)
  File "G:\API\SQLMatches\stripe\__init__.py", line 74, in __handle
    resp.raise_for_status()
  File "C:\Users\Shane\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\client_reqrep.py", line 1000, in raise_for_status
    raise ClientResponseError(
aiohttp.client_exceptions.ClientResponseError: 401, message='Unauthorized', url=URL('https://api.stripe.com/v1/products')

ERROR:    Application startup failed. Exiting.

Making the call to /v1/products works fine in Insomnia.

[WardPearce]

https://github.com/SQLMatches/API/blob/master/run.py#L43

API/SQLMatches/settings.py

Line 148 in 4d00946

Don't include 'sk_test_' or 'sk_live_'

Don't include 'sk_test_' or 'sk_live_'. I preferred to enable testing programmatically

[Shaneajm]

Looks like that fixed it. Hopefully my last question, when using the frontend I get this error on a refresh / when I sign in via Steam.

INFO:     127.0.0.1:61777 - "GET /api/community/ HTTP/1.1" 403 Forbidden
INFO:     127.0.0.1:61815 - "GET /api/steam/login?return=/ HTTP/1.1" 307 Temporary Redirect
INFO:     127.0.0.1:61828 - "GET /api/community/ HTTP/1.1" 403 Forbidden

Any ideas as to why it would throw this error?

[WardPearce]

You'll have to run the API & frontend under a reverse proxy like nginx in order for the sessions to work.

http {
  server {
    listen 80;
    client_max_body_size 4G;

    server_name localhost;

    location /api {
	  proxy_pass http://backend;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
    }

    location /webhook {
	  proxy_pass http://backend;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
    }

    location /ws {
      proxy_pass http://backend;
	  proxy_http_version 1.1;
	  proxy_set_header Upgrade $http_upgrade;
	  proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
	  proxy_read_timeout  36000s;
	  proxy_redirect off;
    }

    location / {
	  proxy_pass http://frontend;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
    }
  }

  upstream backend {
    server 127.0.0.1:8000;
  }

  upstream frontend {
    server localhost:8080;
  }
}

I'd use unix socket for production.
I'll be adding a deployment how to, to the readme later today.

[WardPearce]

I use the steam session to validate requests to the API, makes it more difficult for people to abuse our private APIs.