test validation update

main.py

@@ -172,6 +172,56 @@ async def init_system_user():
             print("System user already exists, continuing...")
         else:
             raise e
+        
+async def validate_session(user_id: str, token: str, user_agent: str) -> Optional[dict]:
+    """
+    Validates the session for the given user_id, token, and user_agent.
+
+    Args:
+        user_id: The user ID associated with the session.
+        token: The token to validate.
+        user_agent: The user agent/device identifier.
+
+    Returns:
+        The session data if valid.
+
+    Raises:
+        HTTPException: If the session is invalid or the token is expired.
+    """
+    # Query to validate session by user_id, token, and device
+    session_query = (
+        supabase.table("sessions")
+        .select("*")
+        .eq("user_id", user_id)
+        .eq("token", token)
+        .eq("device", user_agent)
+        .execute()
+    )
+
+    # If no session found, raise unauthorized error
+    if not session_query.data:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
+        )
+
+    session = session_query.data[0]
+
+    # Get the current time (UTC) with timezone awareness
+    current_time = datetime.now(timezone.utc)
+
+    # Parse the 'expires' field from the session as an offset-aware datetime
+    session_expiry = datetime.fromisoformat(session["expires"])
+
+    # Check if the token has expired
+    if session_expiry <= current_time:
+        # Delete the session if expired
+        supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
+        )
+
+    return session
+
 
 @root_router.get("/", status_code=status.HTTP_200_OK)
 async def root():
@@ -260,40 +310,24 @@ async def logout(user_id: str, token: str):
 
 @auth_router.get("/validate", response_model=TokenResponse)
 async def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
-    # Query to validate session by user_id, token, and device
-    session_query = (
-        supabase.table("sessions")
-        .select("*")
-        .eq("user_id", user_id)
-        .eq("token", token)
-        .eq("device", user_agent)
-        .execute()
-    )
-
-    # If no session found, raise unauthorized error
-    if not session_query.data:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
-        )
-
-    session = session_query.data[0]
-    
-    # Get the current time (UTC) with timezone awareness
-    current_time = datetime.now(timezone.utc)
+    """
+    Route to validate a token based on user_id, token, and user agent.
 
-    # Parse the 'expires' field from the session as an offset-aware datetime
-    session_expiry = datetime.fromisoformat(session["expires"])
+    Args:
+        user_id: The user ID associated with the token.
+        token: The token to validate.
+        user_agent: The user agent (from request header).
 
-    # Check if the token has expired
-    if session_expiry <= current_time:
-        # Delete the session if expired
-        supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
-        )
+    Returns:
+        TokenResponse: The validated token response.
+    """
+    # Use the helper function to validate the session
+    await validate_session(user_id=user_id, token=token, user_agent=user_agent)
 
+    # Return the token if validation succeeds
     return TokenResponse(access_token=token)
 
+
 @auth_router.get("/search-users", response_model=List[str])
 async def search_users(query: str):
     users = supabase.table("users").select("username").ilike("username", f"%{query}%").execute()