| from fastapi import Depends, HTTPException, status |
| from fastapi.security import OAuth2PasswordBearer |
| import jwt |
| from backend.core.config import settings |
| from backend.core.database import get_database |
|
|
| oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/verify-otp") |
|
|
| async def get_current_user(token: str = Depends(oauth2_scheme)): |
| credentials_exception = HTTPException( |
| status_code=status.HTTP_401_UNAUTHORIZED, |
| detail="Could not validate credentials", |
| headers={"WWW-Authenticate": "Bearer"}, |
| ) |
| try: |
| |
| payload = jwt.decode(token, settings.JWT_SECRET, algorithms=[settings.JWT_ALGORITHM]) |
| telegram_id: str = payload.get("sub") |
| if telegram_id is None: |
| raise credentials_exception |
| except jwt.PyJWTError: |
| raise credentials_exception |
| |
| |
| db = get_database() |
| user = await db["users"].find_one({"telegram_id": telegram_id}) |
| if user is None: |
| raise credentials_exception |
| |
| return user |
|
|
| async def get_admin_user(current_user: dict = Depends(get_current_user)): |
| """Dependency to enforce admin-only routes.""" |
| if not current_user.get("is_admin"): |
| raise HTTPException( |
| status_code=status.HTTP_403_FORBIDDEN, |
| detail="Not enough privileges to access this route" |
| ) |
| return current_user |
| |