From 301c3d5fb1e9e9e766e840c634a32252e1ed31d7 Mon Sep 17 00:00:00 2001 From: Leo Date: Fri, 22 May 2026 15:17:05 -0400 Subject: [PATCH] Add missing /api/auth/me endpoint to admin server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The /api/auth/me endpoint was never added after the admin server was split from the main server. Without it, auth tokens couldn't be validated against the admin server — the SPA catch-all would serve the frontend instead. --- admin_server.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/admin_server.py b/admin_server.py index a68f45f..f456a2f 100644 --- a/admin_server.py +++ b/admin_server.py @@ -804,6 +804,27 @@ def login(body: dict): return result +# ─── Auth: Me (validate token) ─────────────────────────────────────────────── + + +@app.get("/api/auth/me") +def auth_me(request: Request): + """Return the current authenticated user from the Authorization header.""" + auth_header = request.headers.get("Authorization", "") + if not auth_header.startswith("Bearer "): + raise HTTPException(status_code=401, detail="Missing or invalid Authorization header") + token = auth_header[7:] + conn = get_db() + row = conn.execute( + "SELECT u.* FROM users u JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')", + (token,), + ).fetchone() + conn.close() + if row is None: + raise HTTPException(status_code=401, detail="Invalid or expired token") + return _user_to_dict(row) + + # ─── Customers API ──────────────────────────────────────────────────────────