)idZddlZddlmZmZmZddlmZmZmZddl m Z m Z m Z ddl mZmZddlmZddlmZdd lmZdd lmZer dd lmZdd lmZdd lmZddlmZeZ e e e efdeedededfdZ!e e e efdededdfdZ"e e"f ddZ#e e#f ddZ$e e#f ddZ%de&dededfdZ'e e"e efdddefdZ(dZ)y)z8 Authentication utilities and dependencies for FastAPI. N)datetime timedeltatimezone)OptionalUnion TYPE_CHECKING)Depends HTTPExceptionstatus) HTTPBearerHTTPAuthorizationCredentials)Session)select)Merchant) MerchantUsersUser AuthSession)get_db) jwt_manager credentialsdbreturnrcPK|syt|j|d{S7w)a Get current user from JWT token (optional - returns None if no token or invalid). Args: credentials: HTTP Bearer token credentials db: Database session Returns: User model or None if not authenticated N)_verify_token_and_get_userr)rrs V/var/www/html/hwPaymentPortal-be-dev/hw-payment-portal-api/src/apps/auth/utils/auth.pyget_current_user_optionalrs' +K,C,CRH HH Hs &$&cKt|j|d{}|sttjdddi|S7&w)a) Get current user from JWT token (required - raises exception if not authenticated). Args: credentials: HTTP Bearer token credentials db: Database session Returns: User model Raises: HTTPException: If authentication fails NzCould not validate credentialszWWW-AuthenticateBearer) status_codedetailheaders)rrr r HTTP_401_UNAUTHORIZED)rrusers rget_current_userr&/sN",K,C,CRH HD 443'2  K IsAA'A current_userc\K|jsttjd|Sw)z Get current active user (must be authenticated and active). Args: current_user: Current authenticated user Returns: Active user model Raises: HTTPException: If user is inactive z Inactive userr!r")is_user_activer r HTTP_400_BAD_REQUESTr's rget_current_active_userr-Ls2  & &33"  *,c\K|jsttjd|Sw)a Get current verified user (must be authenticated, active, and verified). Args: current_user: Current active user Returns: Verified user model Raises: HTTPException: If user is not verified zEmail not verifiedr))is_user_verifiedr r r+r,s rget_current_verified_userr1ds2  ( (33'  r.c\K|jsttjd|Sw)z Get current superuser (must be authenticated, active, and superuser). Args: current_user: Current active user Returns: Superuser model Raises: HTTPException: If user is not a superuser zNot enough permissionsr)) is_superuserr r HTTP_403_FORBIDDENr,s rget_current_superuserr5|s2  $ $11+  r.tokencKddlm}ddlm}t j |}|sy|j d}|sy|j d}|syt|j|j|k(|jdk(|jdk(}|j|j}|sy|jr!|j|j!yt|j|j"|k(} |j| j} | sy|j%|j!| Sw) z Verify JWT token and return the associated user. Args: token: JWT token string db: Database session Returns: User model or None if invalid rrrNr%user_idTF)src.apps.users.models.userr!src.apps.auth.models.auth_sessionrr verify_tokengetrwhere access_token is_active is_revokedexecutescalar_one_or_none is_expiredrevokecommitidupdate_activity) r6rrrpayload user_datar8stmtsession user_stmtr%s rrrs,0=&&u-G  F#I mmI&G  +  $ $  E)%%' D jj113G  t ""477g#56I ::i 3 3 5D  IIK KsEEc^Kttjttjtj k(j tj|jk(}|j|j}|sttjd|Sw)a$ Get current merchant from authenticated user. Args: current_user: Current authenticated user db: Database session Returns: Merchant model associated with the user Raises: HTTPException: If no merchant found for user z"No merchant found for current userr)) rrjoinrrF merchant_idr=r8rArBr r HTTP_404_NOT_FOUND)r'rrJmerchants rget_current_merchantrRs& x mX[[M,E,EE F }$$ 7 8 zz$224H 117  OsB+B-cfd}|S)z Decorator to require authentication for a function. Usage: @require_auth def my_protected_function(current_user: User = Depends(get_current_user)): pass c|i|S)N)argskwargsfuncs rwrapperzrequire_auth..wrappersT$V$$rU)rXrYs` r require_authr[s % NrZ)r'rrr)*__doc__jwtrrrtypingrrrfastapir r r fastapi.securityr r sqlalchemy.ormr sqlalchemyr"src.apps.merchants.models.merchantr(src.apps.merchants.models.merchant_usersrr9rr:rsrc.core.databasersrc.apps.auth.utils.jwtrsecurityrr&r-r1r5strrrRr[rUrZrrisg 221122E"7B/=$/ <;B(:K&/I67IIfI*180A&/- <##34 2##:; 2##:; 09C9W9&AQ9z##34&/D rZ