Spaces:
Sleeping
Sleeping
Update core/security.py
Browse files- core/security.py +9 -6
core/security.py
CHANGED
|
@@ -1,17 +1,17 @@
|
|
| 1 |
from datetime import datetime, timedelta
|
| 2 |
from passlib.context import CryptContext
|
| 3 |
from jose import jwt, JWTError
|
| 4 |
-
from fastapi import Depends, HTTPException
|
| 5 |
from fastapi.security import OAuth2PasswordBearer
|
| 6 |
from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
|
| 7 |
-
from db.mongo import users_collection
|
|
|
|
|
|
|
|
|
|
| 8 |
|
| 9 |
# Password hashing context
|
| 10 |
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 11 |
|
| 12 |
-
# OAuth2 setup for token extraction
|
| 13 |
-
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/login")
|
| 14 |
-
|
| 15 |
# Hash a plain password
|
| 16 |
def hash_password(password: str) -> str:
|
| 17 |
return pwd_context.hash(password)
|
|
@@ -29,16 +29,19 @@ def create_access_token(data: dict, expires_delta: timedelta = None):
|
|
| 29 |
|
| 30 |
# Get the current user from the JWT token
|
| 31 |
async def get_current_user(token: str = Depends(oauth2_scheme)):
|
|
|
|
| 32 |
try:
|
| 33 |
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
| 34 |
email: str = payload.get("sub")
|
| 35 |
if email is None:
|
| 36 |
raise HTTPException(status_code=401, detail="Invalid token: subject missing")
|
| 37 |
-
except JWTError:
|
|
|
|
| 38 |
raise HTTPException(status_code=401, detail="Could not validate token")
|
| 39 |
|
| 40 |
user = await users_collection.find_one({"email": email})
|
| 41 |
if not user:
|
| 42 |
raise HTTPException(status_code=404, detail="User not found")
|
| 43 |
|
|
|
|
| 44 |
return user
|
|
|
|
| 1 |
from datetime import datetime, timedelta
|
| 2 |
from passlib.context import CryptContext
|
| 3 |
from jose import jwt, JWTError
|
| 4 |
+
from fastapi import Depends, HTTPException, status
|
| 5 |
from fastapi.security import OAuth2PasswordBearer
|
| 6 |
from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
|
| 7 |
+
from db.mongo import users_collection
|
| 8 |
+
|
| 9 |
+
# OAuth2 setup — adjust tokenUrl if your API has a prefix like /api
|
| 10 |
+
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/login") # or "/api/login" if using APIRouter(prefix="/api")
|
| 11 |
|
| 12 |
# Password hashing context
|
| 13 |
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 14 |
|
|
|
|
|
|
|
|
|
|
| 15 |
# Hash a plain password
|
| 16 |
def hash_password(password: str) -> str:
|
| 17 |
return pwd_context.hash(password)
|
|
|
|
| 29 |
|
| 30 |
# Get the current user from the JWT token
|
| 31 |
async def get_current_user(token: str = Depends(oauth2_scheme)):
|
| 32 |
+
print("🔐 Raw token received:", token)
|
| 33 |
try:
|
| 34 |
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
| 35 |
email: str = payload.get("sub")
|
| 36 |
if email is None:
|
| 37 |
raise HTTPException(status_code=401, detail="Invalid token: subject missing")
|
| 38 |
+
except JWTError as e:
|
| 39 |
+
print("❌ JWTError while decoding token:", str(e))
|
| 40 |
raise HTTPException(status_code=401, detail="Could not validate token")
|
| 41 |
|
| 42 |
user = await users_collection.find_one({"email": email})
|
| 43 |
if not user:
|
| 44 |
raise HTTPException(status_code=404, detail="User not found")
|
| 45 |
|
| 46 |
+
print("✅ Authenticated user:", user["email"])
|
| 47 |
return user
|