libb.token_required

token_required(*, table=None, static_token=None, region=None, dynamodb_client=None, allow_query_key=False)[source]

Decorator: gate a Flask view on a registry token, failing closed.

Extracts the key from the request (see _extract_presented_key()) and authorizes it via libb.tokenauth.verify_token; an unauthorized request gets a 401. Suited to machine endpoints (MCP / API) behind the standard Flask tier.

Parameters:
  • table – DynamoDB registry table name (optional).

  • static_token – Constant-time break-glass token (optional).

  • region – AWS region for a default boto3 client (optional).

  • dynamodb_client – Injected boto3 DynamoDB client (optional).

  • allow_query_key – Accept the key from the ?key query arg.

Returns:

A view decorator.