"""Token authentication utilities.
DEPRECATED: Use shared.session_auth for new code.
This module kept for backward compatibility.
"""
import os
from fastapi import HTTPException, Request
def _get_admin_token() -> str:
"""Get admin token from env, checked dynamically."""
return os.getenv("BLOG_ADMIN_TOKEN") or os.getenv("ADMIN_TOKEN") or os.getenv("HOFFDESK_SECRET") or "changeme-please-update"
def verify_admin_token(request: Request) -> str:
"""Verify admin token from query param or header.
Checks X-Admin-Token header first, then ?token= query param.
Returns the token if valid, raises 401 if not.
DEPRECATED: Use require_auth from shared.session_auth instead.
"""
# Try Bearer token / X-Hoffdesk-Secret first (machine-to-machine)
from shared.session_auth import get_bearer_auth
bearer = get_bearer_auth(request)
if bearer:
return _get_admin_token()
# Fallback to legacy token param/header
token = request.headers.get("X-Admin-Token") or request.query_params.get("token")
if token != _get_admin_token():
raise HTTPException(status_code=401, detail="Unauthorized - invalid or missing token")
return token