efe5d240ae
- 添加认证模块 (auth.py) - 添加 CRUD 基础操作 (crud.py) - 添加异常处理 (exceptions.py) - 添加日志模块 (logging.py) - 添加响应格式 (response.py) - 添加依赖注入 (dependencies.py) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
39 lines
1.1 KiB
Python
39 lines
1.1 KiB
Python
"""
|
|
API Key Authentication
|
|
API Key 认证中间件
|
|
"""
|
|
from typing import Optional
|
|
from fastapi import Header, HTTPException, Request
|
|
from fastapi.security import APIKeyHeader
|
|
|
|
from app.core.config import get_settings
|
|
|
|
settings = get_settings()
|
|
|
|
# API Key header
|
|
API_KEY_HEADER = APIKeyHeader(name="X-API-Key", auto_error=False)
|
|
|
|
|
|
async def verify_api_key(api_key: Optional[str] = Header(None)) -> str:
|
|
"""Verify API key from header"""
|
|
if not api_key:
|
|
raise HTTPException(status_code=401, detail="API key is required")
|
|
|
|
# In production, you would validate against a database or cache
|
|
# For development, we can use a simple validation
|
|
if settings.DEBUG and api_key == "dev-api-key":
|
|
return api_key
|
|
|
|
# TODO: Implement proper API key validation
|
|
# This is a placeholder - in production, validate against stored keys
|
|
if len(api_key) < 32:
|
|
raise HTTPException(status_code=401, detail="Invalid API key")
|
|
|
|
return api_key
|
|
|
|
|
|
def create_api_key() -> str:
|
|
"""Generate a new API key"""
|
|
import secrets
|
|
return secrets.token_hex(32)
|