MCPcopy
hub / github.com/learnhouse/learnhouse / validate_superadmin_api_token

Function validate_superadmin_api_token

apps/api/src/security/auth.py:542–566  ·  view source on GitHub ↗

Validate a cross-org superadmin API token (lh_sa_...). Returns a SuperadminAPITokenUser principal on success, None otherwise. The principal's `id` is the token id (not a user id) — code that needs the acting user must use `created_by_user_id`.

(
    token: str,
    db_session: AsyncSession,
)

Source from the content-addressed store, hash-verified

540
541
542async def validate_superadmin_api_token(
543 token: str,
544 db_session: AsyncSession,
545) -> Optional[SuperadminAPITokenUser]:
546 """Validate a cross-org superadmin API token (lh_sa_...).
547
548 Returns a SuperadminAPITokenUser principal on success, None otherwise.
549 The principal's `id` is the token id (not a user id) — code that needs
550 the acting user must use `created_by_user_id`.
551 """
552 from src.services.api_tokens.superadmin_api_tokens import (
553 validate_superadmin_token_for_auth,
554 )
555
556 api_token = await validate_superadmin_token_for_auth(token, db_session)
557 if not api_token:
558 return None
559
560 return SuperadminAPITokenUser(
561 id=api_token.id,
562 user_uuid=api_token.token_uuid,
563 username=f"superadmin_api_token_{api_token.name}",
564 token_name=api_token.name,
565 created_by_user_id=api_token.created_by_user_id,
566 )