from typing import Optional from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from jose import JWTError, jwt from pydantic import ValidationError from sqlalchemy.orm import Session from app.core.config import settings from app.core.security import verify_password from app.db.session import get_db from app.models.user import User from app.schemas.token import TokenPayload # OAuth2 token URL oauth2_scheme = OAuth2PasswordBearer( tokenUrl=f"{settings.API_V1_STR}/auth/login" ) def get_current_user( db: Session = Depends(get_db), token: str = Depends(oauth2_scheme) ) -> User: """ Get current user from token """ try: # Decode the token payload = jwt.decode( token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM] ) token_data = TokenPayload(**payload) except (JWTError, ValidationError): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) # Get user from database user = db.query(User).filter(User.id == token_data.sub).first() if not user: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="User not found" ) if not user.is_active: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user" ) return user def get_current_active_superuser( current_user: User = Depends(get_current_user), ) -> User: """ Get current superuser """ if not current_user.is_superuser: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="The user doesn't have enough privileges" ) return current_user def authenticate_user( db: Session, username: str, password: str ) -> Optional[User]: """ Authenticate a user by username and password """ user = db.query(User).filter(User.username == username).first() if not user or not verify_password(password, user.hashed_password): return None return user