auth.py

import hmac
import os
from typing import Union

from fastapi import Depends, HTTPException, status
from fastapi.security import APIKeyQuery

api_key = APIKeyQuery(name="token", auto_error=False)
client_token: str = os.getenv("CLIENT_TOKEN", "")


async def validate_token(
    token: Union[str, None] = Depends(api_key),
):
    if token is None:
        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "No token provided")
    if not hmac.compare_digest(token, client_token):
        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid token")
    return token