Upload middleware/auth.py with huggingface_hub

middleware/auth.py

@@ -0,0 +1,58 @@
+"""
+JWT Authentication Middleware.
+
+Task: 1.5
+Spec: specs/features/authentication.md
+"""
+from fastapi import HTTPException, Depends, status
+from fastapi.security import HTTPBearer
+import jwt
+import os
+
+security = HTTPBearer()
+
+# JWT Configuration
+JWT_SECRET = os.getenv("JWT_SECRET", "your-secret-key-min-32-chars")
+JWT_ALGORITHM = "HS256"
+
+
+async def verify_token(credentials = Depends(security)) -> str:
+    """
+    Verify JWT token and extract user_id.
+
+    Args:
+        credentials: HTTP Bearer credentials from request header
+
+    Returns:
+        str: user_id extracted from token payload
+
+    Raises:
+        HTTPException: 401 if token is invalid or expired
+    """
+    token = credentials.credentials
+
+    try:
+        # Decode and verify JWT token
+        payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM])
+
+        # Extract user_id from payload
+        user_id = payload.get("user_id")
+
+        if not user_id:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid token: user_id not found"
+            )
+
+        return user_id
+
+    except jwt.ExpiredSignatureError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Token expired. Please login again."
+        )
+    except jwt.InvalidTokenError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid token. Please login again."
+        )