| 449 | self.send_error_json(ApiError(500, "internal server error", {"error": str(exc)})) |
| 450 | |
| 451 | def require_auth(self): |
| 452 | if not ADMIN_TOKEN: |
| 453 | raise ApiError(503, "management API is disabled; set ADMIN_TOKEN to enable it") |
| 454 | auth = self.headers.get("Authorization", "") |
| 455 | token = "" |
| 456 | if auth.lower().startswith("bearer "): |
| 457 | token = auth[7:].strip() |
| 458 | token = token or self.headers.get("X-Admin-Token", "").strip() |
| 459 | if token != ADMIN_TOKEN: |
| 460 | raise ApiError(401, "invalid or missing admin token") |
| 461 | |
| 462 | def do_GET(self): |
| 463 | self.route() |