feat(auth): enhance user authentication by querying user data from the database and simplifying access token generation

2025-07-01 02:41:25 +02:00
parent a7210a8d50
commit e63c7a0767
2 changed files with 23 additions and 28 deletions
--- a/app/services/decorators.py
+++ b/app/services/decorators.py
@@ -17,23 +17,31 @@ def get_user_from_jwt() -> dict[str, Any] | None:
        if not current_user_id:
            return None

-        claims = get_jwt()
-        is_active = claims.get("is_active", True)
-
-        if not is_active:
+        # Query database for user data instead of using JWT claims
+        from app.models.user import User
+        
+        user = User.query.get(int(current_user_id))
+        if not user or not user.is_active:
            return None

+        # Build comprehensive providers list
+        providers = [p.provider for p in user.oauth_providers]
+        if user.password_hash:
+            providers.append("password")
+        if user.api_token:
+            providers.append("api_token")
+
        return {
-            "id": current_user_id,
-            "email": claims.get("email", ""),
-            "name": claims.get("name", ""),
-            "picture": claims.get("picture"),
-            "role": claims.get("role", "user"),
-            "is_active": is_active,
-            "provider": claims.get("provider", "unknown"),
-            "providers": claims.get("providers", []),
-            "plan": claims.get("plan"),
-            "credits": claims.get("credits"),
+            "id": str(user.id),
+            "email": user.email,
+            "name": user.name,
+            "picture": user.picture,
+            "role": user.role,
+            "is_active": user.is_active,
+            "provider": "jwt",
+            "providers": providers,
+            "plan": user.plan.to_dict() if user.plan else None,
+            "credits": user.credits,
        }
    except Exception:
        return None