Spaces:

RocketFarmStudios
/

CPS-API

Sleeping

App Files Files Community

Ali2206 commited on May 22, 2025

Commit

081d154

verified ·

1 Parent(s): 51ace9a

Update core/security.py

Browse files

Files changed (1) hide show

core/security.py +45 -68

core/security.py CHANGED Viewed

@@ -1,80 +1,57 @@
 from datetime import datetime, timedelta
-from fastapi import HTTPException, status, Depends, Request
-from fastapi.security import OAuth2PasswordBearer
 from jose import jwt, JWTError
-from pydantic import BaseModel
-from typing import Optional
 import logging
-from core.config import settings
 logger = logging.getLogger(__name__)
-oauth2_scheme = OAuth2PasswordBearer(
-    tokenUrl=f"{settings.API_V1_STR}/auth/login",
-    scheme_name="JWT"
-)
-class TokenPayload(BaseModel):
-    sub: str
-    exp: int
-    iat: int
-    role: Optional[str] = None
-def create_access_token(*, data: dict, expires_delta: timedelta = None) -> str:
-    try:
-        to_encode = data.copy()
-        expire = datetime.utcnow() + (expires_delta or timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES))
-        to_encode.update({"exp": expire, "iat": datetime.utcnow()})
-        encoded_jwt = jwt.encode(
-            to_encode,
-            settings.SECRET_KEY,
-            algorithm=settings.ALGORITHM
-        )
-        logger.info(f"Token created for {data.get('sub')}")
-        return encoded_jwt
-    except Exception as e:
-        logger.error(f"Token creation failed: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Token creation failed"
-        )
-async def verify_token(token: str = Depends(oauth2_scheme)) -> TokenPayload:
-    credentials_exception = HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED,
-        detail="Could not validate credentials",
-        headers={"WWW-Authenticate": "Bearer"},
-    )
-    try:
-        if not token:
-            logger.error("Empty token provided")
-            raise credentials_exception
-        if token.startswith("Bearer "):
-            token = token[7:]
-            logger.debug("Removed 'Bearer ' prefix from token")
-        payload = jwt.decode(
-            token,
-            settings.SECRET_KEY,
-            algorithms=[settings.ALGORITHM]
-        )
-        token_data = TokenPayload(**payload)
-        if datetime.fromtimestamp(token_data.exp) < datetime.utcnow():
-            logger.error("Token expired")
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Token expired"
-            )
-        logger.info(f"Token verified for {token_data.sub}")
-        return token_data
     except JWTError as e:
-        logger.error(f"JWT validation failed: {str(e)}")
-        raise credentials_exception
-    except Exception as e:
-        logger.error(f"Unexpected token verification error: {str(e)}")
-        raise credentials_exception

 from datetime import datetime, timedelta
+from passlib.context import CryptContext
 from jose import jwt, JWTError
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
+from db.mongo import users_collection
 import logging
 logger = logging.getLogger(__name__)
+# OAuth2 setup
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login")
+# Password hashing context
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+# Hash a plain password
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+# Verify a plain password against the hash
+def verify_password(plain: str, hashed: str) -> bool:
+    return pwd_context.verify(plain, hashed)
+# Create a JWT access token
+def create_access_token(data: dict, expires_delta: timedelta = None):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
+    to_encode.update({"exp": expire})
+    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+# Get the current user from the JWT token
+async def get_current_user(token: str = Depends(oauth2_scheme)):
+    print("🔐 Token received:", token)
+    if not token:
+        print("❌ No token received")
+        raise HTTPException(status_code=401, detail="No token provided")
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        print("🧠 Token payload:", payload)
+        email = payload.get("sub")
+        if not email:
+            raise HTTPException(status_code=401, detail="Invalid token: missing subject")
     except JWTError as e:
+        print("❌ JWT decode error:", str(e))
+        raise HTTPException(status_code=401, detail="Could not validate token")
+    user = await users_collection.find_one({"email": email})
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    print("✅ Authenticated user:", user["email"])
+    return user