Add missing /api/auth/me endpoint to admin server

The /api/auth/me endpoint was never added after the admin server was
split from the main server. Without it, auth tokens couldn't be validated
against the admin server — the SPA catch-all would serve the frontend instead.
This commit is contained in:
Leo
2026-05-22 15:17:05 -04:00
parent e19d061844
commit 301c3d5fb1
+21
View File
@@ -804,6 +804,27 @@ def login(body: dict):
return result
# ─── Auth: Me (validate token) ───────────────────────────────────────────────
@app.get("/api/auth/me")
def auth_me(request: Request):
"""Return the current authenticated user from the Authorization header."""
auth_header = request.headers.get("Authorization", "")
if not auth_header.startswith("Bearer "):
raise HTTPException(status_code=401, detail="Missing or invalid Authorization header")
token = auth_header[7:]
conn = get_db()
row = conn.execute(
"SELECT u.* FROM users u JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')",
(token,),
).fetchone()
conn.close()
if row is None:
raise HTTPException(status_code=401, detail="Invalid or expired token")
return _user_to_dict(row)
# ─── Customers API ──────────────────────────────────────────────────────────