import os import secrets from fastapi import Security, HTTPException, status from fastapi.security import APIKeyHeader API_KEY_NAME = "X-API-Key" _header_scheme = APIKeyHeader(name=API_KEY_NAME, auto_error=False) def _load_key() -> str: key = os.getenv("API_KEY") if not key: raise RuntimeError("API_KEY environment variable is not set") return key def verify_api_key(api_key: str = Security(_header_scheme)) -> str: expected = _load_key() if not api_key or not secrets.compare_digest(api_key, expected): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or missing API key", headers={"WWW-Authenticate": "X-API-Key"}, ) return api_key