server/utils/auth_helpers.py

"""Authentication helpers shared by routes."""

from __future__ import annotations

from functools import wraps
from flask import current_app, jsonify, request


def _extract_bearer_token() -> str | None:
    auth_header = request.headers.get("Authorization", "")
    if auth_header.startswith("Bearer "):
        return auth_header.split(" ", 1)[1]
    return None


def resolve_user_id_from_token() -> str | None:
    token = _extract_bearer_token()
    if not token:
        return None

    auth_controller = current_app.extensions.get("controllers", {}).get("auth")
    if auth_controller is None:
        return None

    result = auth_controller.get_me(token)
    if result.get("status") != "success":
        return None

    user = result.get("user") or {}
    return user.get("id")


def require_auth_user(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        user_id = resolve_user_id_from_token()
        if not user_id:
            return jsonify({
                "success": False,
                "error": "Authentication required",
                "message": "Missing or invalid Authorization header",
            }), 401

        kwargs["user_id"] = user_id
        return f(*args, **kwargs)

    return decorated