| from fastapi import HTTPException | |
| from db import supabase | |
| import hashlib | |
| def _hash(key): return hashlib.sha256(key.encode()).hexdigest() | |
| async def verify_api_key(api_key: str) -> dict: | |
| if not api_key or not api_key.startswith("nacra-"): | |
| raise HTTPException(401, "Invalid API key. Keys start with nacra-") | |
| res = (supabase.table("users") | |
| .select("*") | |
| .eq("api_key_hash", _hash(api_key)) | |
| .eq("is_active", True) | |
| .execute()) | |
| if not res.data: | |
| raise HTTPException(401, "Invalid or inactive API key") | |
| return res.data[0] | |
| async def get_user(user_id: str) -> dict: | |
| res = supabase.table("users").select("*").eq("id", user_id).execute() | |
| if not res.data: raise HTTPException(404, "User not found") | |
| return res.data[0] | |