Spaces:
Sleeping
Sleeping
'code'
Browse files- requirements.txt +1 -1
- src/utils/deps.py +21 -10
requirements.txt
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
alembic>=1.17.2
|
| 2 |
fastapi>=0.124.4
|
| 3 |
passlib[bcrypt]==1.7.4
|
| 4 |
-
bcrypt==4.
|
| 5 |
psycopg2-binary>=2.9.11
|
| 6 |
pydantic-settings>=2.12.0
|
| 7 |
pydantic[email]>=2.12.5
|
|
|
|
| 1 |
alembic>=1.17.2
|
| 2 |
fastapi>=0.124.4
|
| 3 |
passlib[bcrypt]==1.7.4
|
| 4 |
+
bcrypt==4.0.1
|
| 5 |
psycopg2-binary>=2.9.11
|
| 6 |
pydantic-settings>=2.12.0
|
| 7 |
pydantic[email]>=2.12.5
|
src/utils/deps.py
CHANGED
|
@@ -11,16 +11,27 @@ def get_current_user(
|
|
| 11 |
request: Request,
|
| 12 |
session: Session = Depends(get_session_dep)
|
| 13 |
) -> User:
|
| 14 |
-
"""Dependency to get the current authenticated user from JWT token in cookie.
|
| 15 |
-
|
| 16 |
-
|
| 17 |
-
|
| 18 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 19 |
token = request.cookies.get("access_token")
|
| 20 |
-
|
| 21 |
-
|
| 22 |
if not token:
|
| 23 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 24 |
raise HTTPException(
|
| 25 |
status_code=status.HTTP_401_UNAUTHORIZED,
|
| 26 |
detail="Not authenticated",
|
|
@@ -29,7 +40,7 @@ def get_current_user(
|
|
| 29 |
|
| 30 |
user_id = verify_user_id_from_token(token)
|
| 31 |
print(f"User ID from token: {user_id}")
|
| 32 |
-
|
| 33 |
if not user_id:
|
| 34 |
print("Invalid user ID from token")
|
| 35 |
raise HTTPException(
|
|
@@ -40,7 +51,7 @@ def get_current_user(
|
|
| 40 |
|
| 41 |
user = session.get(User, user_id)
|
| 42 |
print(f"User from database: {user}")
|
| 43 |
-
|
| 44 |
if not user:
|
| 45 |
print("User not found in database")
|
| 46 |
raise HTTPException(
|
|
|
|
| 11 |
request: Request,
|
| 12 |
session: Session = Depends(get_session_dep)
|
| 13 |
) -> User:
|
| 14 |
+
"""Dependency to get the current authenticated user from JWT token in cookie or Authorization header.
|
| 15 |
+
|
| 16 |
+
This accepts the token from either:
|
| 17 |
+
- an HttpOnly cookie named `access_token` (cookie-based flows)
|
| 18 |
+
- an Authorization Bearer header (e.g. `Authorization: Bearer <token>`) — helpful for cross-site frontends
|
| 19 |
+
"""
|
| 20 |
+
# Debug: Print all cookies (do not print token values)
|
| 21 |
+
print(f"All cookies received: { {k: '***' for k in request.cookies.keys()} }")
|
| 22 |
+
|
| 23 |
+
# Try cookie first (usual flow when cookies are allowed)
|
| 24 |
token = request.cookies.get("access_token")
|
| 25 |
+
|
| 26 |
+
# If no cookie token, fall back to Authorization header
|
| 27 |
if not token:
|
| 28 |
+
auth_header = request.headers.get("Authorization") or request.headers.get("authorization")
|
| 29 |
+
if auth_header and auth_header.lower().startswith("bearer "):
|
| 30 |
+
token = auth_header.split(" ", 1)[1]
|
| 31 |
+
print("Using Bearer token from Authorization header")
|
| 32 |
+
|
| 33 |
+
if not token:
|
| 34 |
+
print("No access token found in cookies or Authorization header")
|
| 35 |
raise HTTPException(
|
| 36 |
status_code=status.HTTP_401_UNAUTHORIZED,
|
| 37 |
detail="Not authenticated",
|
|
|
|
| 40 |
|
| 41 |
user_id = verify_user_id_from_token(token)
|
| 42 |
print(f"User ID from token: {user_id}")
|
| 43 |
+
|
| 44 |
if not user_id:
|
| 45 |
print("Invalid user ID from token")
|
| 46 |
raise HTTPException(
|
|
|
|
| 51 |
|
| 52 |
user = session.get(User, user_id)
|
| 53 |
print(f"User from database: {user}")
|
| 54 |
+
|
| 55 |
if not user:
|
| 56 |
print("User not found in database")
|
| 57 |
raise HTTPException(
|