admin / Bid-Sentinel
publicBid Scrape and Tracking Application with AI Capability
Bid-Sentinel / bid-sentinel-v2 / backend / app / deps.py
1706 B · main
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | """Shared FastAPI dependencies for authentication and authorization.""" from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from sqlalchemy import select from sqlalchemy.ext.asyncio import AsyncSession from app.database import get_db from app.models import User, UserRole from app.security import decode_access_token oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login") _CREDENTIALS_EXC = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) async def get_current_user( token: str = Depends(oauth2_scheme), db: AsyncSession = Depends(get_db), ) -> User: payload = decode_access_token(token) if not payload or not payload.get("sub"): raise _CREDENTIALS_EXC result = await db.execute(select(User).where(User.email == payload["sub"])) user = result.scalar_one_or_none() if user is None or not user.is_active: raise _CREDENTIALS_EXC return user async def get_current_admin(user: User = Depends(get_current_user)) -> User: if user.role != UserRole.admin: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Administrator privileges required", ) return user async def get_current_analyst(user: User = Depends(get_current_user)) -> User: """Admins and analysts may access the Intelligence area.""" if user.role not in (UserRole.admin, UserRole.analyst): raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Analyst or administrator privileges required", ) return user |