""" FastAPI Dependencies Reusable dependencies for request handling """ from typing import Optional from fastapi import Depends, HTTPException, status from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy import select from sqlalchemy.orm import selectinload from app.database import get_db from app.models.user import User, UserRole from app.models.driver import Driver from app.services.auth_service import AuthService # Bearer token security scheme security = HTTPBearer() async def get_current_user( credentials: HTTPAuthorizationCredentials = Depends(security), db: AsyncSession = Depends(get_db) ) -> User: """ Get current authenticated user from JWT token. Usage: @app.get("/protected") async def protected_route(user: User = Depends(get_current_user)): ... """ token = credentials.credentials payload = AuthService.decode_token(token) if not payload: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or expired token", headers={"WWW-Authenticate": "Bearer"}, ) if payload.get("type") != "access": raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token type", headers={"WWW-Authenticate": "Bearer"}, ) user_id = int(payload.get("sub", 0)) query = select(User).where(User.id == user_id).options( selectinload(User.driver_profile), selectinload(User.wallet) ) result = await db.execute(query) user = result.scalar_one_or_none() if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found", headers={"WWW-Authenticate": "Bearer"}, ) if not user.is_active: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Account is deactivated" ) if user.is_blocked: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail=f"Account is blocked: {user.blocked_reason or 'Contact support'}" ) return user def require_role(*roles: UserRole): """ Dependency to require specific user role(s). Usage: @app.get("/driver-only") async def driver_route(user: User = Depends(require_role(UserRole.DRIVER))): ... """ async def role_checker( current_user: User = Depends(get_current_user) ) -> User: if current_user.role not in roles: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail=f"Access denied. Required role: {[r.value for r in roles]}" ) return current_user return role_checker async def require_admin( current_user: User = Depends(get_current_user) ) -> User: """ Dependency to require admin or sub-admin role. Usage: @app.get("/admin-only") async def admin_route(user: User = Depends(require_admin)): ... """ if current_user.role not in [UserRole.ADMIN, UserRole.SUB_ADMIN]: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required" ) return current_user async def get_current_driver( current_user: User = Depends(require_role(UserRole.DRIVER)), db: AsyncSession = Depends(get_db) ) -> Driver: """ Get driver profile for current user. Usage: @app.get("/driver/profile") async def driver_profile(driver: Driver = Depends(get_current_driver)): ... """ # Driver.documents has lazy="dynamic" - selectinload not supported query = select(Driver).where(Driver.user_id == current_user.id).options( selectinload(Driver.user), selectinload(Driver.current_vehicle) ) result = await db.execute(query) driver = result.scalar_one_or_none() if not driver: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Driver profile not found" ) return driver async def get_optional_user( credentials: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False)), db: AsyncSession = Depends(get_db) ) -> Optional[User]: """ Get current user if authenticated, None otherwise. Useful for endpoints that work differently for authenticated vs anonymous users. """ if not credentials: return None try: return await get_current_user(credentials, db) except HTTPException: return None