from fastapi import Depends, HTTPException, status from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from jose import JWTError, jwt from app.core.config import get_settings bearer = HTTPBearer(auto_error=False) def require_auth(credentials: HTTPAuthorizationCredentials | None = Depends(bearer)) -> dict: settings = get_settings() if not settings.enable_auth: return {"sub": "local-dev"} if not credentials: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing bearer token") try: return jwt.decode( credentials.credentials, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm], ) except JWTError as exc: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token") from exc