Fetching User in Protected Routes

  • First we need access to our database in order to get the ID

from sqlalchemy.orm import Session
from . import schemas, database
from fastapi.security import OAuth2PasswordBearer

# Now we can make requests to the Database
def verify_access_token(token: str, credentials_exception):

    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        id: str = payload.get("user_id")

        if str(id) is None:
            raise credentials_exception
        
        token_data = schemas.TokenData(id=id)

    except JWTError:
        raise credentials_exception

    return token_data

def get_current_user(token: str = Depends(oath2_scheme), db: Session =  Depends(database.get_db)):
    credentials_exception = HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=f"Could not validate cedentials", headers={"WWW-Authenticate": "Bearer"})

    # Fetch current user
    token = verify_access_token(token, credentials_exception)
    user = db.query(UserModels.User).filter(UserModels.User.id == token.id).first()

    return user
  • Next step is to update the user_id in the posts.py file

@router.delete("/delete/{id}", status_code=status.HTTP_204_NO_CONTENT)
def delete_post(id: int, db: Session = Depends(get_db), current_user: int = Depends(oauth2.get_current_user)):
  • We've updated user_id to current_user

  • This is generarly good practice for readability

Last updated