Add missing /api/auth/me endpoint to admin server
The /api/auth/me endpoint was never added after the admin server was split from the main server. Without it, auth tokens couldn't be validated against the admin server — the SPA catch-all would serve the frontend instead.
This commit is contained in:
@@ -804,6 +804,27 @@ def login(body: dict):
|
||||
return result
|
||||
|
||||
|
||||
# ─── Auth: Me (validate token) ───────────────────────────────────────────────
|
||||
|
||||
|
||||
@app.get("/api/auth/me")
|
||||
def auth_me(request: Request):
|
||||
"""Return the current authenticated user from the Authorization header."""
|
||||
auth_header = request.headers.get("Authorization", "")
|
||||
if not auth_header.startswith("Bearer "):
|
||||
raise HTTPException(status_code=401, detail="Missing or invalid Authorization header")
|
||||
token = auth_header[7:]
|
||||
conn = get_db()
|
||||
row = conn.execute(
|
||||
"SELECT u.* FROM users u JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')",
|
||||
(token,),
|
||||
).fetchone()
|
||||
conn.close()
|
||||
if row is None:
|
||||
raise HTTPException(status_code=401, detail="Invalid or expired token")
|
||||
return _user_to_dict(row)
|
||||
|
||||
|
||||
# ─── Customers API ──────────────────────────────────────────────────────────
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user