Add missing /api/auth/me endpoint to admin server
The /api/auth/me endpoint was never added after the admin server was split from the main server. Without it, auth tokens couldn't be validated against the admin server — the SPA catch-all would serve the frontend instead.
This commit is contained in:
@@ -804,6 +804,27 @@ def login(body: dict):
|
|||||||
return result
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
# ─── Auth: Me (validate token) ───────────────────────────────────────────────
|
||||||
|
|
||||||
|
|
||||||
|
@app.get("/api/auth/me")
|
||||||
|
def auth_me(request: Request):
|
||||||
|
"""Return the current authenticated user from the Authorization header."""
|
||||||
|
auth_header = request.headers.get("Authorization", "")
|
||||||
|
if not auth_header.startswith("Bearer "):
|
||||||
|
raise HTTPException(status_code=401, detail="Missing or invalid Authorization header")
|
||||||
|
token = auth_header[7:]
|
||||||
|
conn = get_db()
|
||||||
|
row = conn.execute(
|
||||||
|
"SELECT u.* FROM users u JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')",
|
||||||
|
(token,),
|
||||||
|
).fetchone()
|
||||||
|
conn.close()
|
||||||
|
if row is None:
|
||||||
|
raise HTTPException(status_code=401, detail="Invalid or expired token")
|
||||||
|
return _user_to_dict(row)
|
||||||
|
|
||||||
|
|
||||||
# ─── Customers API ──────────────────────────────────────────────────────────
|
# ─── Customers API ──────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user