def apikey_check(auth_header): if not auth_header.lower().startswith('apikey'): return apikey = auth_header.split(' ', 1).pop() role = Role.by_apikey(apikey) if role is None: return session['roles'] = [Role.SYSTEM_GUEST, Role.SYSTEM_USER, role.id] session['user'] = role.id session['is_admin'] = role.is_admin