added authorization

2025-11-16 15:27:51 +01:00
parent eeea1b2091
commit f5741ecc62
2 changed files with 39 additions and 3 deletions
--- a/database.py
+++ b/database.py
@@ -1,6 +1,7 @@
 from models import User
 from passlib.context import CryptContext
 from settings import settings
+from fastapi import HTTPException, status, Request
 import sqlite3
 import jwt
 import datetime
@@ -30,14 +31,45 @@ def register(user: User) -> None:
     cursor.execute("INSERT INTO users (name, password) VALUES (?, ?)", (user.name, password))
     connection.commit()

+def get_user_by_token(request: Request) -> User:
+    token = request.headers.get("Authorization")
+    if not token or not token.startswith("Bearer "):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Not authenticated"
+            )
+    token = token.split(" ")[1]   
+    payload = jwt.decode(token, key=settings.jwt_secret, algorithms=[settings.jwt_algorithm])
+    
+    connection = sqlite3.connect('database.db')
+    connection.row_factory = sqlite3.Row
+    cursor = connection.cursor()
+    cursor.execute("SELECT id, name, password FROM users WHERE id = ?", (payload["id"],))
+    row = cursor.fetchone()
+    connection.close()
+
+    if not row:
+         raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Not authenticated"
+            )
+
+    return User(**row)
+
 def login(user: User) -> str:
     cursor.execute("SELECT id, name, password FROM users WHERE name = ?", (user.name,))
     row = cursor.fetchone()
     
     if not row:
-          raise Exception('User not found')
+          raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid credentials"
+            )
     if not password_context.verify(user.password, row["password"]):
-          raise Exception('Invalid password')
+          raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid credentials"
+            )
     
     exp = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(hours=1)
     payload = {