backend.im/logisticsmanagementsystem-8oy4uc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
logisticsmanagementsystem-8.../app/core/auth.py
Automated Action dc3702b55c Update code via agent code generation
2025-06-02 11:37:11 +00:00

70 lines
2.4 KiB
Python
Raw Blame History

from datetime import datetime, timedelta
from typing import Any, Optional, Union
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt
from pydantic import ValidationError
from sqlalchemy.orm import Session
from app.core.security import ACCESS_TOKEN_EXPIRE_MINUTES, ALGORITHM, SECRET_KEY
from app.db.session import get_db
from app.models.user import User
from app.schemas.token import TokenPayload
from app.services import user as user_service
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/auth/login")
def create_access_token(*, sub: Union[str, Any], expires_delta: Optional[timedelta] = None) -> str:
"""
Create a JWT access token for authentication
"""
if expires_delta:
expire = datetime.utcnow() + expires_delta
else:
expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
to_encode = {"exp": expire, "sub": str(sub)}
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
def get_current_user(db: Session = Depends(get_db), token: str = Depends(oauth2_scheme)) -> User:
"""
Validate access token and return current user
"""
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
token_data = TokenPayload(**payload)
except (JWTError, ValidationError):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
user = user_service.get(db, user_id=token_data.sub)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
return user
def get_current_active_user(current_user: User = Depends(get_current_user)) -> User:
"""
Validate that the current user is active
"""
if not user_service.is_active(current_user):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user")
return current_user
def get_current_superuser(current_user: User = Depends(get_current_active_user)) -> User:
"""
Validate that the current user is a superuser
"""
if not user_service.is_superuser(current_user):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions"
)
return current_user
Reference in New Issue View Git Blame Copy Permalink