"""JWT token handling.""" from datetime import datetime, timedelta, timezone from typing import Optional from jose import JWTError, jwt from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from sqlalchemy.orm import Session from app.config import get_settings from app.database import get_db from app.models.user import User from app.schemas.user import TokenData settings = get_settings() # OAuth2 scheme for token authentication oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login") def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: """Create a JWT access token.""" to_encode = data.copy() expire = datetime.now(timezone.utc) + ( expires_delta or timedelta(minutes=settings.access_token_expire_minutes) ) to_encode.update({"exp": expire}) return jwt.encode(to_encode, settings.secret_key, algorithm=settings.algorithm) def verify_token(token: str) -> Optional[TokenData]: """Verify and decode a JWT token.""" try: payload = jwt.decode(token, settings.secret_key, algorithms=[settings.algorithm]) username: str = payload.get("sub") user_id: int = payload.get("user_id") if username is None: return None return TokenData(username=username, user_id=user_id) except JWTError: return None async def get_current_user( token: str = Depends(oauth2_scheme), db: Session = Depends(get_db) ) -> User: """Get the current authenticated user from JWT token.""" credentials_exception = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) token_data = verify_token(token) if token_data is None: raise credentials_exception user = db.query(User).filter(User.username == token_data.username).first() if user is None: raise credentials_exception if not user.is_active: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user" ) return user