diff --git a/admin_server.py b/admin_server.py index a68f45f..f456a2f 100644 --- a/admin_server.py +++ b/admin_server.py @@ -804,6 +804,27 @@ def login(body: dict): return result +# ─── Auth: Me (validate token) ─────────────────────────────────────────────── + + +@app.get("/api/auth/me") +def auth_me(request: Request): + """Return the current authenticated user from the Authorization header.""" + auth_header = request.headers.get("Authorization", "") + if not auth_header.startswith("Bearer "): + raise HTTPException(status_code=401, detail="Missing or invalid Authorization header") + token = auth_header[7:] + conn = get_db() + row = conn.execute( + "SELECT u.* FROM users u JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')", + (token,), + ).fetchone() + conn.close() + if row is None: + raise HTTPException(status_code=401, detail="Invalid or expired token") + return _user_to_dict(row) + + # ─── Customers API ──────────────────────────────────────────────────────────