Update main.py

main.py

@@ -143,14 +143,22 @@ async def verify_email(verification_token: str, db: Session = Depends(get_db)):
 @app.get("/protected", response_class=HTMLResponse)
 async def get_protected(
     request: Request, 
-    token: str = Depends(verify_token),  # Use Depends to inject the token after verification
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    token: Optional[str] = None  # token is Optional because it may come from the cookie
 ):
-    user_email = token  # As verify_token returns the 'sub' which is user email
-
+    # Try to get the token from the query parameter first, then fall back to the cookie
+    token = token or request.cookies.get("access_token")
+    if not token:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")
+    
+    # Here verify_token is used directly in the endpoint
+    # If the token is invalid, verify_token will raise an HTTPException and the following lines will not be executed
+    user_email = verify_token(token)  # Assuming that verify_token returns the user's email if the token is valid
+    
+    # Get the user from the database
     db_user = get_user_by_email(db, user_email)
     if db_user is None or not db_user.is_verified:
-        raise HTTPException(status_code=401, detail="User not found or not verified in the database")
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found or not verified in the database")
 
     # Render a template response
     return templates.TemplateResponse("protected.html", {"request": request, "user": db_user.username})