user-add

src/server/main.py

@@ -15,7 +15,8 @@ import requests
 from PIL import Image
 
 # Import from auth.py
-from utils.auth import get_current_user, login, TokenResponse, Settings
+#from utils.auth import get_current_user, login, TokenResponse, Settings
+from utils.auth import get_current_user, login, TokenResponse, Settings, LoginRequest
 
 # Assuming these are in your project structure
 from config.tts_config import SPEED, ResponseFormat, config as tts_config
@@ -105,9 +106,8 @@ async def home():
     return RedirectResponse(url="/docs")
 
 @app.post("/v1/token", response_model=TokenResponse)
-async def token(user_id: str = Form(...)):
-    # In production, add proper authentication (e.g., password validation)
-    return await login(user_id=user_id)
+async def token(login_request: LoginRequest):
+    return await login(login_request)
 
 @app.post("/v1/audio/speech")
 @limiter.limit(settings.speech_rate_limit)

src/server/utils/auth.py

@@ -5,6 +5,7 @@ from fastapi import HTTPException, status, Depends
 from pydantic import BaseModel, Field
 from pydantic_settings import BaseSettings
 from config.logging_config import logger
+from typing import Dict
 
 class Settings(BaseSettings):
     api_key_secret: str = Field(..., env="API_KEY_SECRET")
@@ -37,6 +38,17 @@ class TokenResponse(BaseModel):
     access_token: str
     token_type: str
 
+# Simple in-memory user store (replace with database in production)
+# Format: {username: password}
+USERS_DB: Dict[str, str] = {
+    "testuser": "password123",
+    "admin": "adminpass"
+}
+
+class LoginRequest(BaseModel):
+    username: str
+    password: str
+
 async def create_access_token(user_id: str) -> str:
     expire = datetime.utcnow() + timedelta(minutes=settings.token_expiration_minutes)
     payload = {"sub": user_id, "exp": expire.timestamp()}
@@ -54,17 +66,15 @@ async def get_current_user(token: str = Depends(oauth2_scheme)) -> str:
     try:
         logger.info(f"Received token: {token}")
         logger.info(f"Verifying token with API_KEY_SECRET: {settings.api_key_secret}")
-        # Decode with expiration verification disabled to avoid PyJWT bug
         payload = jwt.decode(token, settings.api_key_secret, algorithms=["HS256"], options={"verify_exp": False})
         logger.info(f"Decoded payload: {payload}")
         token_data = TokenPayload(**payload)
         user_id = token_data.sub
         
-        if user_id is None:
-            logger.warning("Token has no 'sub' claim")
+        if user_id is None or user_id not in USERS_DB:
+            logger.warning(f"Invalid or unknown user: {user_id}")
             raise credentials_exception
         
-        # Manual expiration check
         current_time = datetime.utcnow().timestamp()
         logger.info(f"Current time: {current_time}, Token exp: {token_data.exp}")
         if current_time > token_data.exp:
@@ -87,6 +97,11 @@ async def get_current_user(token: str = Depends(oauth2_scheme)) -> str:
         logger.error(f"Unexpected token validation error: {str(e)}")
         raise credentials_exception
 
-async def login(user_id: str) -> TokenResponse:
-    token = await create_access_token(user_id=user_id)
+async def login(login_request: LoginRequest) -> TokenResponse:
+    username = login_request.username
+    password = login_request.password
+    if username not in USERS_DB or USERS_DB[username] != password:
+        logger.warning(f"Login failed for user: {username}")
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid username or password")
+    token = await create_access_token(user_id=username)
     return TokenResponse(access_token=token, token_type="bearer")