AirGate/backend/apps/monitor/permissions.py

from rest_framework.permissions import BasePermission
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from django.conf import settings


class APIKeyUser:
    """Represents an external system authenticated via API Key"""
    pk = None
    id = None
    is_authenticated = True
    is_active = True
    is_staff = False
    is_superuser = False
    username = 'api_key_user'

    def __str__(self):
        return 'APIKeyUser'


class APIKeyAuthentication(BaseAuthentication):
    """Authenticate requests via X-API-Key header (for external systems like AirDrama)"""

    def authenticate(self, request):
        api_key = request.headers.get('X-API-Key', '')
        if not api_key:
            return None  # Let other auth methods try

        expected = settings.AIRGATE_API_KEY
        if not expected:
            return None

        if api_key != expected:
            raise AuthenticationFailed('API Key 无效')

        return (APIKeyUser(), None)


class IsAPIKeyAuth(BasePermission):
    """Permission check: require API Key authentication"""

    def has_permission(self, request, view):
        return isinstance(request.user, APIKeyUser)