feat(api): Implement authentication router and secure dependencies

2026-02-10 12:37:35 -08:00
parent 979e1ad2d6
commit ff27dee366
3 changed files with 73 additions and 30 deletions
--- a/src/ea_chatbot/api/routers/auth.py
+++ b/src/ea_chatbot/api/routers/auth.py
@@ -1,30 +1,13 @@
 from fastapi import APIRouter, Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
+from fastapi.security import OAuth2PasswordRequestForm
 from pydantic import BaseModel, EmailStr
 from typing import Optional
-from ea_chatbot.config import Settings
-from ea_chatbot.history.manager import HistoryManager
-from ea_chatbot.auth import OIDCClient
 from ea_chatbot.api.utils import create_access_token
-
-settings = Settings()
-history_manager = HistoryManager(settings.history_db_url)
-
-# Initialize OIDC Client if configured
-oidc_client = None
-if settings.oidc_client_id and settings.oidc_client_secret and settings.oidc_server_metadata_url:
-    oidc_client = OIDCClient(
-        client_id=settings.oidc_client_id,
-        client_secret=settings.oidc_client_secret,
-        server_metadata_url=settings.oidc_server_metadata_url,
-        # This will be updated to the frontend URL later
-        redirect_uri="http://localhost:3000/auth/callback" 
-    )
+from ea_chatbot.api.dependencies import history_manager, oidc_client, get_current_user
+from ea_chatbot.history.models import User as UserDB

 router = APIRouter(prefix="/auth", tags=["auth"])

-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/login")
-
 class Token(BaseModel):
    access_token: str
    token_type: str
@@ -79,7 +62,7 @@ async def oidc_login():
    """Get the OIDC authorization URL."""
    if not oidc_client:
        raise HTTPException(
-            status_code=status.HTTP_501_NOT_IMPLEMENTED,
+            status_code=status.HTTP_510_NOT_EXTENDED,
            detail="OIDC is not configured"
        )
    
@@ -87,12 +70,10 @@ async def oidc_login():
    return {"url": url}

@router.get("/me", response_model=UserResponse)
-async def get_me(token: str = Depends(oauth2_scheme)):
+async def get_me(current_user: UserDB = Depends(get_current_user)):
    """Get the current authenticated user's profile."""
-    # This currently only validates the token exists via oauth2_scheme
-    # The next task will implement the full dependency to decode JWT and fetch user
    return {
-        "id": "unknown",
-        "email": "unknown",
-        "display_name": "unknown"
-    }
+        "id": str(current_user.id),
+        "email": current_user.username,
+        "display_name": current_user.display_name
+    }