Update app.py

app.py

@@ -367,15 +367,32 @@ class ChatRequest(BaseModel):
     model: str = "sonar"
     history: List[Any] = []
 
+# =====================================================
+# تعديل دالة التحقق لدعم X-API-Key مع الاحتفاظ بـ Bearer
+# =====================================================
 def verify_api_key(request: Request):
+    # الطريقة الأولى: Authorization: Bearer XXX
     auth = request.headers.get("Authorization")
-    if not auth or not auth.startswith("Bearer "):
-        raise HTTPException(status_code=401, detail="Missing or invalid Authorization header. Use: Bearer YOUR_KEY")
-    key = auth.replace("Bearer ", "")
-    if key != API_KEY:
-        raise HTTPException(status_code=403, detail="Invalid API key")
+    if auth and auth.startswith("Bearer "):
+        key = auth.replace("Bearer ", "")
+        if key == API_KEY:
+            return True
+    
+    # الطريقة الثانية: X-API-Key: XXX
+    x_api_key = request.headers.get("X-API-Key")
+    if x_api_key and x_api_key == API_KEY:
+        return True
+    
+    # لا يوجد مفتاح صالح
+    raise HTTPException(
+        status_code=401, 
+        detail="Invalid or missing API key. Use 'Authorization: Bearer KEY' or 'X-API-Key: KEY'"
+    )
+
+# =====================================================
+# نقاط النهاية (بدون تغيير)
+# =====================================================
 
-# ========== المسار الرئيسي (تمت الإضافة هنا) ==========
 @app.get("/")
 async def root():
     return {
@@ -387,7 +404,7 @@ async def root():
             "POST /chat": "إرسال رسالة والحصول على رد (يتطلب مفتاح)",
             "POST /chat/stream": "إرسال رسالة والحصول على رد متدفق (يتطلب مفتاح)"
         },
-        "authentication": "Bearer YOUR_API_KEY",
+        "authentication": "Bearer YOUR_API_KEY or X-API-Key: YOUR_API_KEY",
         "status": "✅ Server is working"
     }