admin / Apex
publicBid Management and Orchestration Tool with AI Capability
Apex / Synapse-Apexv2 / backend / app / core / deps.py
1951 B · main
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | from fastapi import Depends, HTTPException, Request, status from sqlalchemy.orm import Session from app.core.database import get_db from app.core.security import decode_token from app.models import ROLE_ADMIN, AuditLog, User def get_current_user(request: Request, db: Session = Depends(get_db)) -> User: auth = request.headers.get("Authorization", "") token = None if auth.lower().startswith("bearer "): token = auth[7:] if not token: token = request.cookies.get("access_token") if not token: raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Not authenticated") try: payload = decode_token(token) if payload.get("type") != "access": raise ValueError("wrong token type") user_id = int(payload["sub"]) except Exception: raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid token") user = db.get(User, user_id) if not user or not user.is_active: raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Inactive or unknown user") return user def require_roles(*roles: str): def checker(user: User = Depends(get_current_user)) -> User: if ROLE_ADMIN in user.roles: return user if not any(r in user.roles for r in roles): raise HTTPException(status.HTTP_403_FORBIDDEN, "Insufficient role") return user return checker def audit( db: Session, user: User | None, action: str, entity: str | None = None, entity_id: str | int | None = None, detail: dict | None = None, bid_id: int | None = None, ) -> None: db.add( AuditLog( user_id=user.id if user else None, actor=user.email if user else None, action=action, entity=entity, entity_id=str(entity_id) if entity_id is not None else None, bid_id=bid_id, detail=detail or {}, ) ) db.commit() |