mirror of https://github.com/kortix-ai/suna.git
56 lines
1.8 KiB
Python
56 lines
1.8 KiB
Python
from fastapi import HTTPException, Request, Depends
|
|
from typing import Optional
|
|
import jwt
|
|
from jwt.exceptions import PyJWTError
|
|
|
|
# This function extracts the user ID from Supabase JWT
|
|
async def get_current_user_id(request: Request) -> str:
|
|
"""
|
|
Extract and verify the user ID from the JWT in the Authorization header.
|
|
|
|
This function is used as a dependency in FastAPI routes to ensure the user
|
|
is authenticated and to provide the user ID for authorization checks.
|
|
|
|
Args:
|
|
request: The FastAPI request object
|
|
|
|
Returns:
|
|
str: The user ID extracted from the JWT
|
|
|
|
Raises:
|
|
HTTPException: If no valid token is found or if the token is invalid
|
|
"""
|
|
auth_header = request.headers.get('Authorization')
|
|
|
|
if not auth_header or not auth_header.startswith('Bearer '):
|
|
raise HTTPException(
|
|
status_code=401,
|
|
detail="No valid authentication credentials found",
|
|
headers={"WWW-Authenticate": "Bearer"}
|
|
)
|
|
|
|
token = auth_header.split(' ')[1]
|
|
|
|
try:
|
|
# For Supabase JWT, we just need to decode and extract the user ID
|
|
# The actual validation is handled by Supabase's RLS
|
|
payload = jwt.decode(token, options={"verify_signature": False})
|
|
|
|
# Supabase stores the user ID in the 'sub' claim
|
|
user_id = payload.get('sub')
|
|
|
|
if not user_id:
|
|
raise HTTPException(
|
|
status_code=401,
|
|
detail="Invalid token payload",
|
|
headers={"WWW-Authenticate": "Bearer"}
|
|
)
|
|
|
|
return user_id
|
|
|
|
except PyJWTError:
|
|
raise HTTPException(
|
|
status_code=401,
|
|
detail="Invalid token",
|
|
headers={"WWW-Authenticate": "Bearer"}
|
|
) |