-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.py
36 lines (30 loc) · 1.16 KB
/
api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
from fastapi import Depends, FastAPI, HTTPException
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from jose import JWTError, jwt
from passlib.context import CryptContext
from utils.database import User, get_db
api = FastAPI()
security = HTTPBearer()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
# Dependency to get a database session
db = get_db()
# Protected route that requires authentication
@api.get("/protected")
async def protected_route(
credentials: HTTPAuthorizationCredentials = Depends(security),
):
# Protected route logic
try:
payload = jwt.decode(
credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM]
)
username = payload.get("sub")
if username is None:
raise HTTPException(status_code=401, detail="Invalid token")
except JWTError:
raise HTTPException(status_code=401, detail="Invalid token")
db = next(get_db())
user = db.query(User).filter(User.username == username).first()
if not user:
raise HTTPException(status_code=401, detail="User not found")
return {"message": "You have accessed a protected route"}