Update app.py

app.py

@@ -310,7 +310,29 @@ def register_user(user_data: UserCreate, db: Session):
     db.commit()
     db.refresh(new_user)
     return new_user
+
+@app.get("/protected", response_class=HTMLResponse)
+async def get_protected(
+    request: Request, 
+    db: Session = Depends(get_db),
+    token: Optional[str] = None  # token is Optional because it may come from the cookie
+):
+    # Try to get the token from the query parameter first, then fall back to the cookie
+    token = token or request.cookies.get("access_token")
+    if not token:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")
+    
+    # Here verify_token is used directly in the endpoint
+    # If the token is invalid, verify_token will raise an HTTPException and the following lines will not be executed
+    user_email = verify_token(token)  # Assuming that verify_token returns the user's email if the token is valid
     
+    # Get the user from the database
+    db_user = get_user_by_email(db, user_email)
+    if db_user is None or not db_user.is_verified:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found or not verified in the database")
+
+    # Render a template response
+    return templates.TemplateResponse("protected.html", {"request": request, "user": db_user.username})
 def verify_email(verification_token: str, db: Session = Depends(get_db)):
     # Verify the email using the token
     user = get_user_by_verification_token(db, verification_token)