Update auth.py
Browse files
auth.py
CHANGED
|
@@ -127,7 +127,29 @@ def get_current_user(token: str = Depends(verify_token)):
|
|
| 127 |
return token
|
| 128 |
|
| 129 |
|
|
|
|
| 130 |
|
| 131 |
|
| 132 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 |
|
|
|
|
| 127 |
return token
|
| 128 |
|
| 129 |
|
| 130 |
+
from typing import Optional
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
+
async def protected_route(request: Request, token: Optional[str] = None, db: Session = Depends(get_db)):
|
| 135 |
+
# Try to get the token from the query parameter first, then fall back to the cookie
|
| 136 |
+
token = token or request.cookies.get("access_token")
|
| 137 |
+
if not token:
|
| 138 |
+
raise HTTPException(status_code=401, detail="Not authenticated")
|
| 139 |
+
|
| 140 |
+
try:
|
| 141 |
+
payload = decode(token, auth_views.SECRET_KEY, algorithms=[auth_views.ALGORITHM])
|
| 142 |
+
user_email = payload.get("sub")
|
| 143 |
+
if user_email is None:
|
| 144 |
+
raise HTTPException(status_code=401, detail="Not authenticated")
|
| 145 |
+
except PyJWTError:
|
| 146 |
+
raise HTTPException(status_code=401, detail="Could not validate credentials")
|
| 147 |
+
|
| 148 |
+
db_user = get_user_by_email(db, user_email)
|
| 149 |
+
if db_user is None or not db_user.is_verified:
|
| 150 |
+
raise HTTPException(status_code=401, detail="User not found or not verified in the database")
|
| 151 |
+
|
| 152 |
+
return templates.TemplateResponse("protected.html", {"request": request, "user": db_user})
|
| 153 |
+
|
| 154 |
+
|
| 155 |
|