Spaces:

RocketFarmStudios
/

CPS-API

Sleeping

App Files Files Community

Ali2206 commited on May 22, 2025

Commit

740f610

verified ·

1 Parent(s): 904089c

Update core/security.py

Browse files

Files changed (1) hide show

core/security.py +45 -78

core/security.py CHANGED Viewed

@@ -1,94 +1,61 @@
 from datetime import datetime, timedelta
-from fastapi import HTTPException, status, Request, Depends
-from fastapi.security import OAuth2PasswordBearer
 from jose import jwt, JWTError
-from db.mongo import users_collection
 from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
 import logging
-from typing import Optional
 logger = logging.getLogger(__name__)
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login")
-def create_access_token(data: dict) -> str:
-    try:
-        to_encode = data.copy()
-        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
-        to_encode.update({"exp": expire})
-        encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
-        logger.info(f"Token created for {data.get('sub')}")
-        return encoded_jwt
-    except Exception as e:
-        logger.error(f"Token creation failed: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Token creation failed"
-        )
-async def validate_token(token: str) -> dict:
-    try:
-        if not token:
-            logger.error("Empty token provided")
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="No token provided"
-            )
-        # Handle cases where 'Bearer ' prefix might be present
-        if token.startswith("Bearer "):
-            token = token[7:]
-            logger.debug("Removed 'Bearer ' prefix from token")
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
         email = payload.get("sub")
         if not email:
-            logger.error("Token missing 'sub' claim")
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Invalid token format"
-            )
-        logger.info(f"Token validated for {email}")
-        return payload
-    except jwt.ExpiredSignatureError:
-        logger.error("Token expired")
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Token expired"
-        )
     except JWTError as e:
-        logger.error(f"Token validation failed: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Could not validate credentials"
-        )
-async def get_current_user(request: Request, token: str = Depends(oauth2_scheme)) -> dict:
-    logger.info(f"Incoming request headers: {dict(request.headers)}")
-    logger.info(f"Raw token received: {token[:15]}...")  # Log first 15 chars for security
-    try:
-        payload = await validate_token(token)
-        email = payload.get("sub")
-        user = await users_collection.find_one({"email": email})
-        if not user:
-            logger.error(f"User not found in DB: {email}")
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail="User not found"
-            )
-        logger.info(f"User authenticated: {email}")
-        return user
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"Unexpected error in get_current_user: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Internal server error"
-        )

 from datetime import datetime, timedelta
+from passlib.context import CryptContext
 from jose import jwt, JWTError
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
 from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
+from db.mongo import users_collection
 import logging
+from fastapi import Request
 logger = logging.getLogger(__name__)
+# OAuth2 setup
+oauth2_scheme = OAuth2PasswordBearer(
+    tokenUrl="/auth/login",  # Correct path
+    scheme_name="JWT"
+)
+# Password hashing context
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+# Hash a plain password
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+# Verify a plain password against the hash
+def verify_password(plain: str, hashed: str) -> bool:
+    return pwd_context.verify(plain, hashed)
+# Create a JWT access token
+def create_access_token(data: dict, expires_delta: timedelta = None):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
+    to_encode.update({"exp": expire})
+    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+# Get the current user from the JWT token
+async def get_current_user(request: Request, token: str = Depends(oauth2_scheme)):
+    print("🧪 Request headers:", dict(request.headers))
+    print("🔐 Raw token received:", token)
+    if not token:
+        print("❌ No token received")
+        raise HTTPException(status_code=401, detail="No token provided")
+    try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        print("🧠 Token payload:", payload)
         email = payload.get("sub")
         if not email:
+            raise HTTPException(status_code=401, detail="Invalid token: missing subject")
     except JWTError as e:
+        print("❌ JWT decode error:", str(e))
+        raise HTTPException(status_code=401, detail="Could not validate token")
+    user = await users_collection.find_one({"email": email})
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    print("✅ Authenticated user:", user["email"])
+    return user