AirGate/backend/apps/monitor/permissions.py

from rest_framework.permissions import BasePermission
from django.conf import settings


class IsAPIKeyAuth(BasePermission):
    """允许通过 X-API-Key 头认证（供外部系统如 AirDrama 调用）"""

    def has_permission(self, request, view):
        api_key = request.headers.get('X-API-Key', '')
        expected = settings.AIRGATE_API_KEY
        return bool(expected and api_key == expected)