Use APP_API_KEY for order auth

2026-01-30 12:12:40 +01:00
parent ec2d8945b3
commit 65ec9466eb
2 changed files with 3 additions and 4 deletions
--- a/wawi/app.py
+++ b/wawi/app.py
@@ -216,7 +216,7 @@ def api_key_required(fn):
    # Schützt API‑Endpoints per X-API-Key oder ?key= Parameter.
    @wraps(fn)
    def wrapper(*args, **kwargs):
-        expected = os.environ.get("APP_API_KEY", "")
+    expected = os.environ.get("APP_API_KEY", "")
        if not expected:
            return jsonify({"error": "API key not configured"}), 500
        provided = request.headers.get("X-API-Key") or request.args.get("key") or ""
@@ -561,7 +561,7 @@ def order():
    if rate_limited(ip):
        return jsonify({"error": "Zu viele Anfragen."}), 429

-    expected_key = os.environ.get("ORDER_API_KEY", "")
+    expected_key = os.environ.get("APP_API_KEY", "")
    if expected_key:
        provided = request.headers.get("X-Order-Key") or request.args.get("key") or ""
        if provided != expected_key: