| | """ |
| | Security middleware and utilities for Nur Brain |
| | """ |
| | from fastapi import HTTPException, Security, status |
| | from fastapi.security import APIKeyHeader |
| | from app.config import get_settings |
| |
|
| | |
| | api_key_header = APIKeyHeader(name="X-Nur-Internal-Key", auto_error=False) |
| |
|
| |
|
| | async def verify_internal_key( |
| | api_key: str = Security(api_key_header) |
| | ) -> str: |
| | """ |
| | Verify the internal API key from the header. |
| | This ensures only authorized services (The Body) can access The Brain. |
| | """ |
| | settings = get_settings() |
| | |
| | if api_key is None: |
| | raise HTTPException( |
| | status_code=status.HTTP_401_UNAUTHORIZED, |
| | detail="X-Nur-Internal-Key header is required", |
| | headers={"WWW-Authenticate": "ApiKey"} |
| | ) |
| | |
| | if api_key != settings.nur_internal_key: |
| | raise HTTPException( |
| | status_code=status.HTTP_403_FORBIDDEN, |
| | detail="Invalid internal key - Access denied" |
| | ) |
| | |
| | return api_key |
