Spaces:
Running
Running
Upload app/auth.py with huggingface_hub
Browse files- app/auth.py +12 -32
app/auth.py
CHANGED
|
@@ -25,56 +25,36 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
|
|
| 25 |
to_encode = data.copy()
|
| 26 |
expire = datetime.now(timezone.utc) + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
|
| 27 |
to_encode.update({"exp": expire})
|
| 28 |
-
|
| 29 |
-
print(f"[AUTH] Created token for sub={data.get('sub')}, expires={expire}")
|
| 30 |
-
return token
|
| 31 |
|
| 32 |
|
| 33 |
def decode_token(token: str) -> Optional[dict]:
|
| 34 |
try:
|
| 35 |
-
|
| 36 |
-
print(f"[AUTH] Token decoded OK: {payload}")
|
| 37 |
-
return payload
|
| 38 |
except JWTError as e:
|
| 39 |
-
print(f"[AUTH] Token decode
|
| 40 |
return None
|
| 41 |
|
| 42 |
|
| 43 |
def get_current_user(request: Request, db: Session = Depends(get_db)) -> User:
|
| 44 |
-
print(f"[AUTH] --- get_current_user called ---")
|
| 45 |
-
print(f"[AUTH] URL: {request.url}")
|
| 46 |
-
print(f"[AUTH] Query params: {dict(request.query_params)}")
|
| 47 |
-
print(f"[AUTH] Cookies: {dict(request.cookies)}")
|
| 48 |
-
|
| 49 |
-
# Try query param first
|
| 50 |
token = request.query_params.get("token")
|
| 51 |
-
if token:
|
| 52 |
-
print(f"[AUTH] Found token in query param (len={len(token)})")
|
| 53 |
-
else:
|
| 54 |
token = request.cookies.get("access_token")
|
| 55 |
-
|
| 56 |
-
|
| 57 |
-
|
| 58 |
-
|
| 59 |
-
|
| 60 |
-
|
| 61 |
-
print(f"[AUTH] Found token in header")
|
| 62 |
-
else:
|
| 63 |
-
print(f"[AUTH] NO TOKEN FOUND anywhere")
|
| 64 |
-
raise HTTPException(status_code=401, detail="Not authenticated")
|
| 65 |
|
| 66 |
payload = decode_token(token)
|
| 67 |
if not payload:
|
| 68 |
-
print(f"[AUTH] Token invalid")
|
| 69 |
raise HTTPException(status_code=401, detail="Invalid token")
|
| 70 |
|
| 71 |
-
user_id = payload.get("sub")
|
| 72 |
user = db.query(User).filter(User.id == user_id).first()
|
| 73 |
-
if not user:
|
| 74 |
-
print(f"[AUTH] User id={user_id} NOT FOUND in DB")
|
| 75 |
raise HTTPException(status_code=401, detail="User not found")
|
| 76 |
-
|
| 77 |
-
print(f"[AUTH] Authenticated: {user.email} ({user.role})")
|
| 78 |
return user
|
| 79 |
|
| 80 |
|
|
|
|
| 25 |
to_encode = data.copy()
|
| 26 |
expire = datetime.now(timezone.utc) + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
|
| 27 |
to_encode.update({"exp": expire})
|
| 28 |
+
return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
|
|
|
|
|
|
| 29 |
|
| 30 |
|
| 31 |
def decode_token(token: str) -> Optional[dict]:
|
| 32 |
try:
|
| 33 |
+
return jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
|
|
|
|
|
|
| 34 |
except JWTError as e:
|
| 35 |
+
print(f"[AUTH] Token decode failed: {e}")
|
| 36 |
return None
|
| 37 |
|
| 38 |
|
| 39 |
def get_current_user(request: Request, db: Session = Depends(get_db)) -> User:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40 |
token = request.query_params.get("token")
|
| 41 |
+
if not token:
|
|
|
|
|
|
|
| 42 |
token = request.cookies.get("access_token")
|
| 43 |
+
if not token:
|
| 44 |
+
auth = request.headers.get("authorization", "")
|
| 45 |
+
if auth.startswith("Bearer "):
|
| 46 |
+
token = auth[7:]
|
| 47 |
+
if not token:
|
| 48 |
+
raise HTTPException(status_code=401, detail="Not authenticated")
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49 |
|
| 50 |
payload = decode_token(token)
|
| 51 |
if not payload:
|
|
|
|
| 52 |
raise HTTPException(status_code=401, detail="Invalid token")
|
| 53 |
|
| 54 |
+
user_id = int(payload.get("sub"))
|
| 55 |
user = db.query(User).filter(User.id == user_id).first()
|
| 56 |
+
if not user or not user.is_active:
|
|
|
|
| 57 |
raise HTTPException(status_code=401, detail="User not found")
|
|
|
|
|
|
|
| 58 |
return user
|
| 59 |
|
| 60 |
|