46 lines
1.7 KiB
Python
46 lines
1.7 KiB
Python
from fastapi import HTTPException, status, Depends, Request
|
|
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
|
from config import settings
|
|
import logging
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
security = HTTPBearer(auto_error=False)
|
|
|
|
def verify_token(request: Request, credentials: HTTPAuthorizationCredentials = Depends(security)):
|
|
"""Verify the provided token matches the configured secret token, or allow no token for plugin compatibility"""
|
|
token = None
|
|
|
|
# Try Bearer token first
|
|
if credentials:
|
|
token = credentials.credentials
|
|
logger.info(f"Bearer token received: {token[:10]}...")
|
|
else:
|
|
# Try query parameter
|
|
token = request.query_params.get("token")
|
|
if token:
|
|
logger.info(f"Query token received: {token[:10]}...")
|
|
else:
|
|
# Try header without Bearer prefix
|
|
auth_header = request.headers.get("authorization")
|
|
if auth_header and not auth_header.startswith("Bearer "):
|
|
token = auth_header
|
|
logger.info(f"Direct auth header received: {token[:10]}...")
|
|
|
|
# If no token provided, allow access (authentication is optional)
|
|
if not token:
|
|
logger.info("No token provided - allowing access")
|
|
return None
|
|
|
|
# If token provided, verify it
|
|
if token != settings.SECRET_TOKEN:
|
|
logger.warning(f"Invalid token provided: {token[:10]}...")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid authentication token",
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
)
|
|
|
|
logger.info("Token verification successful")
|
|
return token
|