"""Shared dependencies: DB client and auth guards.""" import os from typing import Optional from bson import ObjectId from bson.errors import InvalidId from fastapi import HTTPException, Request, Depends from motor.motor_asyncio import AsyncIOMotorClient import jwt from auth import JWT_ALGORITHM, get_jwt_secret _client: Optional[AsyncIOMotorClient] = None def get_db(): global _client if _client is None: _client = AsyncIOMotorClient(os.environ["MONGO_URL"]) return _client[os.environ["DB_NAME"]] def get_client() -> AsyncIOMotorClient: global _client if _client is None: _client = AsyncIOMotorClient(os.environ["MONGO_URL"]) return _client async def get_current_user(request: Request) -> dict: token = request.cookies.get("access_token") if not token: auth_header = request.headers.get("Authorization", "") if auth_header.startswith("Bearer "): token = auth_header[7:] if not token: raise HTTPException(status_code=401, detail="No autenticado") try: payload = jwt.decode(token, get_jwt_secret(), algorithms=[JWT_ALGORITHM]) if payload.get("type") != "access": raise HTTPException(status_code=401, detail="Tipo de token inválido") try: oid = ObjectId(payload["sub"]) except InvalidId: raise HTTPException(status_code=401, detail="Token inválido") db = get_db() user = await db.users.find_one({"_id": oid}) if not user: raise HTTPException(status_code=401, detail="Usuario no encontrado") user["id"] = str(user["_id"]) user.pop("_id", None) user.pop("password_hash", None) return user except jwt.ExpiredSignatureError: raise HTTPException(status_code=401, detail="Token expirado") except jwt.InvalidTokenError: raise HTTPException(status_code=401, detail="Token inválido") def require_roles(*allowed_roles: str): async def _dep(user: dict = Depends(get_current_user)) -> dict: if user.get("role") not in allowed_roles: raise HTTPException(status_code=403, detail="Permisos insuficientes") return user return _dep