Files
notepad-server/app/auth.py
T

26 lines
754 B
Python

import os
import secrets
from fastapi import Security, HTTPException, status
from fastapi.security import APIKeyHeader
API_KEY_NAME = "X-API-Key"
_header_scheme = APIKeyHeader(name=API_KEY_NAME, auto_error=False)
def _load_key() -> str:
key = os.getenv("API_KEY")
if not key:
raise RuntimeError("API_KEY environment variable is not set")
return key
def verify_api_key(api_key: str = Security(_header_scheme)) -> str:
expected = _load_key()
if not api_key or not secrets.compare_digest(api_key, expected):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or missing API key",
headers={"WWW-Authenticate": "X-API-Key"},
)
return api_key