Update core/security.py

core/security.py

@@ -1,36 +1,31 @@
 from datetime import datetime, timedelta
-from passlib.context import CryptContext
+from fastapi import HTTPException, status, Request
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from jose import jwt, JWTError
-from fastapi import Depends, HTTPException, status, Request
-from fastapi.security import OAuth2PasswordBearer
-from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
-from db.mongo import users_collection
 import logging
 
 logger = logging.getLogger(__name__)
 
-# OAuth2 setup
-oauth2_scheme = OAuth2PasswordBearer(
-    tokenUrl="/auth/login",
-    scheme_name="JWT"
-)
-
-# Password hashing context
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
-def hash_password(password: str) -> str:
-    return pwd_context.hash(password)
-
-def verify_password(plain: str, hashed: str) -> bool:
-    return pwd_context.verify(plain, hashed)
-
-def create_access_token(data: dict, expires_delta: timedelta = None) -> str:
-    to_encode = data.copy()
-    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
-    to_encode.update({"exp": expire})
-    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
-
-async def get_current_user(request: Request, token: str = Depends(oauth2_scheme)):
+class JWTBearer(HTTPBearer):
+    def __init__(self, auto_error: bool = True):
+        super().__init__(auto_error=auto_error)
+
+    async def __call__(self, request: Request):
+        credentials: HTTPAuthorizationCredentials = await super().__call__(request)
+        if credentials:
+            if not credentials.scheme == "Bearer":
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail="Invalid authentication scheme"
+                )
+            return credentials.credentials
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Invalid authorization code"
+            )
+
+async def get_current_user(request: Request, token: str = Depends(JWTBearer())):
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
         detail="Could not validate credentials",
@@ -38,26 +33,18 @@ async def get_current_user(request: Request, token: str = Depends(oauth2_scheme)
     )
     
     try:
-        # First try to get token from Authorization header
-        if not token:
-            # Fallback to checking cookies if using session-based auth
-            token = request.cookies.get("access_token")
-            if not token:
-                logger.error("No token provided in headers or cookies")
-                raise credentials_exception
-
-        # Remove 'Bearer ' prefix if present
+        # Remove 'Bearer ' prefix if present (double-check)
         if token.startswith("Bearer "):
             token = token[7:]
-
+            
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
         email: str = payload.get("sub")
         if email is None:
-            logger.error("Token missing 'sub' claim")
+            logger.error("Token missing email in 'sub' claim")
             raise credentials_exception
 
     except JWTError as e:
-        logger.error(f"JWT validation error: {str(e)}")
+        logger.error(f"JWT validation failed: {str(e)}")
         raise credentials_exception
 
     user = await users_collection.find_one({"email": email})