"""中控调用实例 API 时的鉴权(Flask request 头 X-Hub-Token)。SSO 见 hub_sso.py。""" from __future__ import annotations import os from hub_sso import ( HUB_SSO_TTL_SEC, hub_bridge_token, mint_hub_sso_token, safe_next_path, verify_hub_sso_token, ) __all__ = [ "HUB_SSO_TTL_SEC", "hub_bridge_token", "mint_hub_sso_token", "safe_next_path", "verify_hub_sso_token", "request_allowed", ] def request_allowed(session_logged_in: bool, auth_disabled: bool) -> bool: if auth_disabled or session_logged_in: return True tok = hub_bridge_token() if not tok: return False try: from flask import request except ImportError: return False if request.headers.get("X-Hub-Token") == tok: return True return False