Spaces:
No application file
No application file
File size: 1,817 Bytes
0fc9402 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
import os
from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from jose import jwt, JWTError
security = HTTPBearer()
def get_jwt_secret() -> str:
"""Get JWT secret from environment variable."""
secret = os.getenv("JWT_SECRET")
if not secret:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="JWT_SECRET not configured"
)
return secret
def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> dict:
"""
Verify Bearer token signature.
Returns the decoded token payload if valid.
Raises HTTPException if invalid.
"""
token = credentials.credentials
jwt_secret = get_jwt_secret()
try:
# Decode and verify the JWT token
payload = jwt.decode(
token,
jwt_secret,
algorithms=["HS256"],
options={"verify_aud": False} # Clerk tokens may not have standard audience
)
return payload
except JWTError as e:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=f"Invalid token: {str(e)}",
headers={"WWW-Authenticate": "Bearer"},
)
def get_current_user(token_payload: dict = Depends(verify_token)) -> dict:
"""
Extract user information from verified token.
"""
user_id = token_payload.get("sub")
if not user_id:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token: missing user ID",
headers={"WWW-Authenticate": "Bearer"},
)
return {
"user_id": user_id,
"email": token_payload.get("email"),
"claims": token_payload
}
|