From 38185a1ff4a1a24134a579b5325df2bcb68653d5 Mon Sep 17 00:00:00 2001
From: kingbri <bdashore3@proton.me>
Date: Fri, 19 Jul 2024 10:08:57 -0400
Subject: [PATCH] Auth: Fix key check coalesce

Prefer the auth-specific headers before the generic authorization
header.

Signed-off-by: kingbri <bdashore3@proton.me>
---
 common/auth.py          | 2 +-
 endpoints/OAI/router.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/auth.py b/common/auth.py
index 7c0d83b..4f7c9f8 100644
--- a/common/auth.py
+++ b/common/auth.py
@@ -86,9 +86,9 @@ def get_key_permission(request: Request):
 
     # Hyphens are okay here
     test_key = coalesce(
-        request.headers.get("authorization"),
         request.headers.get("x-admin-key"),
         request.headers.get("x-api-key"),
+        request.headers.get("authorization"),
     )
 
     if test_key is None:
diff --git a/endpoints/OAI/router.py b/endpoints/OAI/router.py
index f3ab99f..1c0a7c6 100644
--- a/endpoints/OAI/router.py
+++ b/endpoints/OAI/router.py
@@ -432,9 +432,9 @@ async def key_permission(request: Request) -> AuthPermissionResponse:
     Gets the access level/permission of a provided key in headers.
 
     Priority:
-    - Authorization
     - X-admin-key
     - X-api-key
+    - Authorization
     """
 
     try: