Update main.py

main.py

@@ -132,13 +132,35 @@ async def verify_email(verification_token: str, db: Session = Depends(get_db)):
     # Redirect to the protected route with the token as a query parameter (or as required by your front-end/client)
     return RedirectResponse(url=f"/protected?token={access_token}")
 
+from jwt import decode, PyJWTError  # make sure jwt is imported
+
 
 
 @app.get("/protected", response_class=HTMLResponse)
-async def get_protected(
-    request: Request,
-    token: str = Query(None),  # Accept token from query parameters
-    db: Session = Depends(get_db)
-):
+async def get_protected(request: Request, token: Optional[str] = None, db: Session = Depends(get_db)):
+    # Try to get the token from the query parameter first, then fall back to the cookie
+    token = token or request.cookies.get("access_token")
+    if not token:
+        raise HTTPException(status_code=401, detail="Not authenticated")
+
+    try:
+        payload = decode(token, auth_views.SECRET_KEY, algorithms=[auth_views.ALGORITHM])
+        user_email = payload.get("sub")
+        if user_email is None:
+            raise HTTPException(status_code=401, detail="Not authenticated")
+    except PyJWTError:
+        raise HTTPException(status_code=401, detail="Could not validate credentials")
+
+    db_user = get_user_by_email(db, user_email)
+    if db_user is None or not db_user.is_verified:
+        raise HTTPException(status_code=401, detail="User not found or not verified in the database")
+
+    return templates.TemplateResponse("protected.html", {"request": request, "user": db_user})
+
+#async def get_protected(
+ #   request: Request,
+ #   token: str = Query(None),  # Accept token from query parameters
+#    db: Session = Depends(get_db)
+#):
     # Now pass both the request and token to the protected_route function
-    return await protected_route(request, token, db)
+#    return await protected_route(request, token, db)