"""Auth token generation and validation for spawn endpoint security."""

import secrets

# Auth token for spawn endpoint
_auth_token: str = ''


def generate_auth_token():
    """Generate a one-time auth token for this server instance."""
    global _auth_token
    _auth_token = secrets.token_urlsafe(32)
    return _auth_token


def validate_auth_token(request_token: str) -> bool:
    """Validate the Authorization header token."""
    return request_token == f'Bearer {_auth_token}'