api_auth ======== .. py:module:: api_auth .. autoapi-nested-parse:: API key authentication for the public REST API. All v1 endpoints that require authentication should be decorated with @require_api_key. The decorator: 1. Reads the "Authorization: Bearer " header. 2. Looks up the key in the database. 3. Checks that the key is active and that the owner is not blocked. 4. Stamps the key's last_used timestamp. 5. Attaches request.api_user/request.api_key plus quota context fields. The decorator also applies @csrf_exempt so that programmatic clients do not need to obtain a CSRF cookie. Module Contents --------------- .. py:function:: require_api_key(view_func) Decorator that authenticates requests via a Bearer token. Usage: @require_api_key def my_view(request): user = request.api_user key = request.api_key quota_subject = request.api_quota_subject ... On success, the following attributes are attached: - request.api_user — the ApiUser record tied to this key - request.api_key — the ApiKey instance used for auth - request.api_quota_subject — Redis quota subject tied to this API key - request.api_daily_limit — effective daily limit for this key - request.api_request_ip — source IP of the current request - request.api_ip — legacy alias for the owner's registered IP