feat: security(CORS/API key), OpenAI-compatible endpoint, Paperless hook indexing; .env support

2025-08-13 07:36:27 +09:00
parent 325dde803d
commit d17ec57b2e
6 changed files with 164 additions and 6 deletions
--- a/server/security.py
+++ b/server/security.py
@@ -0,0 +1,17 @@
+from __future__ import annotations
+
+import os
+from fastapi import Header, HTTPException
+
+
+API_KEY_ENV = "API_KEY"
+
+
+def require_api_key(x_api_key: str | None = Header(default=None)) -> None:
+    expected = os.getenv(API_KEY_ENV, "")
+    if not expected:
+        # No API key configured → allow
+        return
+    if not x_api_key or x_api_key != expected:
+        raise HTTPException(status_code=401, detail="invalid_api_key")
+