| import uuid | |
| from pydantic import BaseModel, ValidationError | |
| from fastapi import Depends, HTTPException, status | |
| from fastapi.security import OAuth2PasswordBearer | |
| from jose import JWTError, jwt | |
| from core.config import get_settings | |
| settings = get_settings() | |
| oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") | |
| class TokenPayload(BaseModel): | |
| sub: uuid.UUID | |
| aud: str | |
| async def get_current_user(token: str = Depends(oauth2_scheme)) -> uuid.UUID: | |
| """ | |
| Decodes and verifies the JWT token to get the current user. | |
| Raises HTTPException if the token is invalid. | |
| """ | |
| credentials_exception = HTTPException( | |
| status_code=status.HTTP_401_UNAUTHORIZED, | |
| detail="Could not validate credentials", | |
| headers={"WWW-Authenticate": "Bearer"}, | |
| ) | |
| try: | |
| payload = jwt.decode( | |
| token, | |
| settings.SUPABASE_JWT_SECRET, | |
| algorithms=["HS256"], | |
| audience="authenticated" | |
| ) | |
| token_data = TokenPayload(**payload) | |
| except (JWTError, ValidationError): | |
| raise credentials_exception | |
| return token_data.sub |