good

src/core/security.py

@@ -119,7 +119,7 @@ from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from src.core.config import settings
 
 # =========================
-# Password hashing (bcrypt-safe)
+# Password hashing (bcrypt-safe ONLY)
 # =========================
 
 pwd_context = CryptContext(
@@ -149,7 +149,7 @@ def hash_password(password: str) -> str:
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     """
     Verify password safely.
-    Never throws bcrypt length errors.
+    NEVER crashes.
     """
     try:
         return pwd_context.verify(
@@ -222,27 +222,14 @@ def get_current_user(
     """
     token = credentials.credentials
 
-    try:
-        payload = verify_jwt_token(token, settings.BETTER_AUTH_SECRET)
+    payload = verify_jwt_token(token, settings.BETTER_AUTH_SECRET)
 
-        user_id = int(payload.get("sub"))
+    return {
+        "id": int(payload["sub"]),
+        "email": payload.get("email"),
+        "iat": payload.get("iat"),
+        "exp": payload.get("exp"),
+    }
 
-        return {
-            "id": user_id,
-            "email": payload.get("email"),
-            "iat": payload.get("iat"),
-            "exp": payload.get("exp"),
-        }
 
-    except ValueError:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid user ID in token",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    except Exception as e:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=f"Authentication failed: {str(e)}",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
+