ria-toolkit-oss/src/ria_toolkit_oss/server/auth.py

"""API key authentication dependency."""

from fastapi import Depends, HTTPException, Request, status
from fastapi.security import APIKeyHeader

_api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)


async def require_api_key(
    request: Request,
    api_key: str | None = Depends(_api_key_header),
) -> None:
    """FastAPI dependency that enforces X-API-Key header authentication.

    If no API key is configured on the server (empty string), all requests
    are allowed — this is intended for local development only.
    """
    expected: str = request.app.state.api_key
    if not expected:
        return  # dev mode: no key set, allow all
    if api_key != expected:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Invalid or missing API key",
        )
reformats and campaign additions 2026-03-11 10:27:18 -04:00			`"""API key authentication dependency."""`

			`from fastapi import Depends, HTTPException, Request, status`
			`from fastapi.security import APIKeyHeader`

			`_api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)`


			`async def require_api_key(`
			`request: Request,`
			`api_key: str \| None = Depends(_api_key_header),`
			`) -> None:`
			`"""FastAPI dependency that enforces X-API-Key header authentication.`

			`If no API key is configured on the server (empty string), all requests`
			`are allowed — this is intended for local development only.`
			`"""`
			`expected: str = request.app.state.api_key`
			`if not expected:`
			`return # dev mode: no key set, allow all`
			`if api_key != expected:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail="Invalid or missing API key",`
			`)`