{idZddlZddlmZmZmZddlmZmZmZddl m Z m Z m Z ddl mZmZddlmZddlmZer dd lmZdd lmZdd lmZdd lmZeZe ee efd eedededfdZe ee efd ededdfdZe ef ddZe ef ddZ e ef ddZ!de"dededfdZ#dZ$y)z8 Authentication utilities and dependencies for FastAPI. N)datetime timedeltatimezone)OptionalUnion TYPE_CHECKING)Depends HTTPExceptionstatus) HTTPBearerHTTPAuthorizationCredentials)Session)selectUser AuthSession)get_db) jwt_manager credentialsdbreturnrcPK|syt|j|d{S7w)a Get current user from JWT token (optional - returns None if no token or invalid). Args: credentials: HTTP Bearer token credentials db: Database session Returns: User model or None if not authenticated N)_verify_token_and_get_userr)rrs K/var/www/html/hwPaymentPortal-be-dev/hw-payment-portal-api/src/core/auth.pyget_current_user_optionalrs' +K,C,CRH HH Hs &$&cKt|j|d{}|sttjdddi|S7&w)a) Get current user from JWT token (required - raises exception if not authenticated). Args: credentials: HTTP Bearer token credentials db: Database session Returns: User model Raises: HTTPException: If authentication fails NzCould not validate credentialszWWW-AuthenticateBearer) status_codedetailheaders)rrr r HTTP_401_UNAUTHORIZED)rrusers rget_current_userr$-sN",K,C,CRH HD 443'2  K IsAA'Ac\K|jsttjd|Sw)z Get current active user (must be authenticated and active). Args: current_user: Current authenticated user Returns: Active user model Raises: HTTPException: If user is inactive z Inactive userrr )is_user_activer r HTTP_400_BAD_REQUEST current_users rget_current_active_userr+Js2  & &33"  *,c\K|jsttjd|Sw)a Get current verified user (must be authenticated, active, and verified). Args: current_user: Current active user Returns: Verified user model Raises: HTTPException: If user is not verified zEmail not verifiedr&)is_user_verifiedr r r(r)s rget_current_verified_userr/bs2  ( (33'  r,c\K|jsttjd|Sw)z Get current superuser (must be authenticated, active, and superuser). Args: current_user: Current active user Returns: Superuser model Raises: HTTPException: If user is not a superuser zNot enough permissionsr&) is_superuserr r HTTP_403_FORBIDDENr)s rget_current_superuserr3zs2  $ $11+  r,tokencKddlm}ddlm}t j |}|sy|j d}|sy|j d}|syt|j|j|k(|jdk(|jdk(}|j|j}|sy|jr!|j|j!yt|j|j"|k(} |j| j} | sy|j%|j!| Sw) z Verify JWT token and return the associated user. Args: token: JWT token string db: Database session Returns: User model or None if invalid rrrNr#user_idTF)src.apps.users.models.userr!src.apps.auth.models.auth_sessionrr verify_tokengetrwhere access_token is_active is_revokedexecutescalar_one_or_none is_expiredrevokecommitidupdate_activity) r4rrrpayload user_datar6stmtsession user_stmtr#s rrrs,0=&&u-G  F#I mmI&G  +  $ $  E)%%' D jj113G  t ""477g#56I ::i 3 3 5D  IIK KsEEcfd}|S)z Decorator to require authentication for a function. Usage: @require_auth def my_protected_function(current_user: User = Depends(get_current_user)): pass c|i|S)N)argskwargsfuncs rwrapperzrequire_auth..wrappersT$V$$rM)rPrQs` r require_authrSs % NrR)r*rrr)%__doc__jwtrrrtypingrrrfastapir r r fastapi.securityr r sqlalchemy.ormr sqlalchemyrr7rr8rsrc.core.databasersrc.core.utils.jwtrsecurityrr$r+r/r3strrrSrMrRrr_s9 221122E"/=$* <;B(:K&/I67IIfI*180A&/- <##34 2##:; 2##:; 09C9W9&AQ9x rR