Spaces:
Sleeping
Sleeping
| """ | |
| FastAPI dependencies for authentication and authorization. | |
| """ | |
| from typing import Optional | |
| from fastapi import Depends, HTTPException, status | |
| from fastapi.security import OAuth2PasswordBearer | |
| from sqlmodel import Session, select | |
| from src.db.database import get_session | |
| from src.db.models import User | |
| from src.auth.security import decode_access_token | |
| # OAuth2 scheme for extracting bearer tokens from Authorization header | |
| oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login") | |
| async def get_current_user( | |
| token: str = Depends(oauth2_scheme), | |
| session: Session = Depends(get_session) | |
| ) -> User: | |
| """ | |
| Get the currently authenticated user from JWT token. | |
| This dependency extracts the JWT token from the Authorization header, | |
| validates it, and retrieves the corresponding user from the database. | |
| Args: | |
| token: JWT token from Authorization header | |
| session: Database session | |
| Returns: | |
| User object if authentication is successful | |
| Raises: | |
| HTTPException: 401 Unauthorized if token is invalid or user not found | |
| Usage: | |
| @app.get("/protected") | |
| async def protected_route(current_user: User = Depends(get_current_user)): | |
| return {"message": f"Hello {current_user.username}"} | |
| """ | |
| credentials_exception = HTTPException( | |
| status_code=status.HTTP_401_UNAUTHORIZED, | |
| detail="Could not validate credentials", | |
| headers={"WWW-Authenticate": "Bearer"}, | |
| ) | |
| # Decode the token | |
| payload = decode_access_token(token) | |
| if payload is None: | |
| raise credentials_exception | |
| # Extract user email from token | |
| email: Optional[str] = payload.get("sub") | |
| if email is None: | |
| raise credentials_exception | |
| # Retrieve user from database | |
| statement = select(User).where(User.email == email) | |
| user = session.exec(statement).first() | |
| if user is None: | |
| raise credentials_exception | |
| return user | |
| async def get_current_active_user( | |
| current_user: User = Depends(get_current_user) | |
| ) -> User: | |
| """ | |
| Get the current active user (for future soft-delete support). | |
| Currently returns the user as-is, but can be extended to check | |
| for account status, email verification, banned users, etc. | |
| Args: | |
| current_user: User from get_current_user dependency | |
| Returns: | |
| User object if user is active | |
| Raises: | |
| HTTPException: 400 Bad Request if user is inactive | |
| Usage: | |
| @app.get("/protected") | |
| async def protected_route(user: User = Depends(get_current_active_user)): | |
| return {"message": f"Hello active user {user.username}"} | |
| """ | |
| # Future: Check if user.is_active, user.is_verified, etc. | |
| # if not current_user.is_active: | |
| # raise HTTPException(status_code=400, detail="Inactive user") | |
| return current_user | |