# tracklight_server/api/auth.py

from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
import os

# This is a simple example of a bearer token.
# In a real application, you would use a more secure method.
API_TOKEN = os.environ.get("TRACKLIGHT_API_TOKEN", "secret-token")

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

def verify_token(token: str = Depends(oauth2_scheme)):
    """Verifies the provided bearer token."""
    if token != API_TOKEN:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authentication credentials",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return token