From 30b270be9ac9cf931b0efaac549ba0ad8112f547 Mon Sep 17 00:00:00 2001
From: Shahriyar Rzayev <rzayev.sehriyar@gmail.com>
Date: Thu, 30 Jan 2025 13:17:20 +0100
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Move=20duplicated=20code?=
 =?UTF-8?q?=20portion=20to=20a=20static=20method=20in=20the=20`APIKeyBase`?=
 =?UTF-8?q?=20super=20class=20(#3142)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Sofie Van Landeghem <svlandeg@users.noreply.github.com>
Co-authored-by: svlandeg <svlandeg@github.com>
---
 fastapi/security/api_key.py | 37 ++++++++++++-------------------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/fastapi/security/api_key.py b/fastapi/security/api_key.py
index d68bdb037..70c2dca8a 100644
--- a/fastapi/security/api_key.py
+++ b/fastapi/security/api_key.py
@@ -9,7 +9,15 @@ from typing_extensions import Annotated, Doc
 
 
 class APIKeyBase(SecurityBase):
-    pass
+    @staticmethod
+    def check_api_key(api_key: Optional[str], auto_error: bool) -> Optional[str]:
+        if not api_key:
+            if auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
+                )
+            return None
+        return api_key
 
 
 class APIKeyQuery(APIKeyBase):
@@ -101,14 +109,7 @@ class APIKeyQuery(APIKeyBase):
 
     async def __call__(self, request: Request) -> Optional[str]:
         api_key = request.query_params.get(self.model.name)
-        if not api_key:
-            if self.auto_error:
-                raise HTTPException(
-                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
-                )
-            else:
-                return None
-        return api_key
+        return self.check_api_key(api_key, self.auto_error)
 
 
 class APIKeyHeader(APIKeyBase):
@@ -196,14 +197,7 @@ class APIKeyHeader(APIKeyBase):
 
     async def __call__(self, request: Request) -> Optional[str]:
         api_key = request.headers.get(self.model.name)
-        if not api_key:
-            if self.auto_error:
-                raise HTTPException(
-                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
-                )
-            else:
-                return None
-        return api_key
+        return self.check_api_key(api_key, self.auto_error)
 
 
 class APIKeyCookie(APIKeyBase):
@@ -291,11 +285,4 @@ class APIKeyCookie(APIKeyBase):
 
     async def __call__(self, request: Request) -> Optional[str]:
         api_key = request.cookies.get(self.model.name)
-        if not api_key:
-            if self.auto_error:
-                raise HTTPException(
-                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
-                )
-            else:
-                return None
-        return api_key
+        return self.check_api_key(api_key, self.auto_error)