services/api/src/trading_api/dependencies/auth.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

"""Bearer token authentication dependency."""

import logging

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

from shared.config import Settings

logger = logging.getLogger(__name__)

_security = HTTPBearer(auto_error=False)
_settings = Settings()


async def verify_token(
    credentials: HTTPAuthorizationCredentials | None = Depends(_security),
) -> None:
    """Verify Bearer token. Skip auth if API_AUTH_TOKEN is not configured."""
    token = _settings.api_auth_token.get_secret_value()
    if not token:
        return  # Auth disabled in dev mode

    if credentials is None or credentials.credentials != token:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or missing authentication token",
            headers={"WWW-Authenticate": "Bearer"},
        )