Expand description
Admin endpoint authentication.
Reads the expected token from the ADMIN_TOKEN environment variable at
startup, or from a value supplied directly via init. If neither is
set, all admin endpoints refuse every request — they are effectively
disabled. This is the secure default: you must explicitly opt in.
Clients authenticate by sending X-Admin-Token: <value>. The comparison
is constant-time to avoid leaking the token via timing side channels.
Functions§
- init
- Seed the admin token before the server starts.
- require_
admin - Verify the request carries a valid admin token.