ben
9a960e2f29
Some checks failed
Build Sphinx Docs Set / Build Docs (pull_request) Failing after 1s
Build Project / Build Project (3.10) (pull_request) Successful in 57s
Build Project / Build Project (3.11) (pull_request) Successful in 1m7s
Build Project / Build Project (3.12) (pull_request) Successful in 56s
Test with tox / Test with tox (3.12) (pull_request) Failing after 5m13s
Test with tox / Test with tox (3.11) (pull_request) Failing after 5m48s
Test with tox / Test with tox (3.10) (pull_request) Failing after 8m46s
37 lines
1.1 KiB
Python
37 lines
1.1 KiB
Python
"""API key authentication dependency."""
|
|
|
|
import hmac
|
|
import logging
|
|
|
|
from fastapi import Depends, HTTPException, Request, status
|
|
from fastapi.security import APIKeyHeader
|
|
|
|
_api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
async def require_api_key(
|
|
request: Request,
|
|
api_key: str | None = Depends(_api_key_header),
|
|
) -> None:
|
|
"""FastAPI dependency that enforces X-API-Key header authentication.
|
|
|
|
If no API key is configured on the server (empty string), all requests
|
|
are allowed — this is intended for local development only.
|
|
"""
|
|
expected: str = request.app.state.api_key
|
|
if not expected:
|
|
return # dev mode: no key set, allow all
|
|
if not hmac.compare_digest(api_key or "", expected):
|
|
client = getattr(request.client, "host", "unknown")
|
|
logger.warning(
|
|
"Authentication failure from %s — %s %s",
|
|
client,
|
|
request.method,
|
|
request.url.path,
|
|
)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Invalid or missing API key",
|
|
)
|