bakery-ia/gateway/app/middleware/auth.py

"""
Authentication middleware for gateway
"""

import logging
from fastapi import Request
from fastapi.responses import JSONResponse
from starlette.middleware.base import BaseHTTPMiddleware
from starlette.responses import Response
import httpx
from typing import Optional

from app.core.config import settings
from shared.auth.jwt_handler import JWTHandler

logger = logging.getLogger(__name__)

# JWT handler
jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)

# Routes that don't require authentication
PUBLIC_ROUTES = [
    "/health",
    "/metrics",
    "/docs",
    "/redoc",
    "/openapi.json",
    "/api/v1/auth/login",
    "/api/v1/auth/register",
    "/api/v1/auth/refresh"
]

class AuthMiddleware(BaseHTTPMiddleware):
    """Authentication middleware class"""
    
    async def dispatch(self, request: Request, call_next) -> Response:
        """Process request with authentication"""
        
        # Check if route requires authentication
        if self._is_public_route(request.url.path):
            return await call_next(request)
        
        # Get token from header
        token = self._extract_token(request)
        if not token:
            return JSONResponse(
                status_code=401,
                content={"detail": "Authentication required"}
            )
        
        # Verify token
        try:
            # First try to verify token locally
            payload = jwt_handler.verify_token(token)
            
            if payload:
                # Add user info to request state
                request.state.user = payload
                return await call_next(request)
            else:
                # Token invalid or expired, verify with auth service
                user_info = await self._verify_with_auth_service(token)
                if user_info:
                    request.state.user = user_info
                    return await call_next(request)
                else:
                    return JSONResponse(
                        status_code=401,
                        content={"detail": "Invalid or expired token"}
                    )
                    
        except Exception as e:
            logger.error(f"Authentication error: {e}")
            return JSONResponse(
                status_code=401,
                content={"detail": "Authentication failed"}
            )

    def _is_public_route(self, path: str) -> bool:
        """Check if route is public"""
        return any(path.startswith(route) for route in PUBLIC_ROUTES)

    def _extract_token(self, request: Request) -> Optional[str]:
        """Extract JWT token from request"""
        auth_header = request.headers.get("Authorization")
        if auth_header and auth_header.startswith("Bearer "):
            return auth_header.split(" ")[1]
        return None

    async def _verify_with_auth_service(self, token: str) -> Optional[dict]:
        """Verify token with auth service"""
        try:
            async with httpx.AsyncClient(timeout=5.0) as client:
                response = await client.post(
                    f"{settings.AUTH_SERVICE_URL}/verify",
                    headers={"Authorization": f"Bearer {token}"}
                )
                
                if response.status_code == 200:
                    return response.json()
                else:
                    return None
                    
        except Exception as e:
            logger.error(f"Auth service verification failed: {e}")
            return None
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`"""`
			`Authentication middleware for gateway`
			`"""`

			`import logging`
Fix gateway 2025-07-17 19:54:04 +02:00			`from fastapi import Request`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`from fastapi.responses import JSONResponse`
Fix gateway 2025-07-17 19:54:04 +02:00			`from starlette.middleware.base import BaseHTTPMiddleware`
			`from starlette.responses import Response`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`import httpx`
			`from typing import Optional`

			`from app.core.config import settings`
			`from shared.auth.jwt_handler import JWTHandler`

			`logger = logging.getLogger(__name__)`

			`# JWT handler`
			`jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)`

			`# Routes that don't require authentication`
			`PUBLIC_ROUTES = [`
			`"/health",`
			`"/metrics",`
			`"/docs",`
			`"/redoc",`
			`"/openapi.json",`
			`"/api/v1/auth/login",`
			`"/api/v1/auth/register",`
			`"/api/v1/auth/refresh"`
			`]`

Fix gateway 2025-07-17 19:54:04 +02:00			`class AuthMiddleware(BaseHTTPMiddleware):`
			`"""Authentication middleware class"""`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix gateway 2025-07-17 19:54:04 +02:00			`async def dispatch(self, request: Request, call_next) -> Response:`
			`"""Process request with authentication"""`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix gateway 2025-07-17 19:54:04 +02:00			`# Check if route requires authentication`
			`if self._is_public_route(request.url.path):`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`return await call_next(request)`
Fix gateway 2025-07-17 19:54:04 +02:00
			`# Get token from header`
			`token = self._extract_token(request)`
			`if not token:`
			`return JSONResponse(`
			`status_code=401,`
			`content={"detail": "Authentication required"}`
			`)`

			`# Verify token`
			`try:`
			`# First try to verify token locally`
			`payload = jwt_handler.verify_token(token)`

			`if payload:`
			`# Add user info to request state`
			`request.state.user = payload`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`return await call_next(request)`
			`else:`
Fix gateway 2025-07-17 19:54:04 +02:00			`# Token invalid or expired, verify with auth service`
			`user_info = await self._verify_with_auth_service(token)`
			`if user_info:`
			`request.state.user = user_info`
			`return await call_next(request)`
			`else:`
			`return JSONResponse(`
			`status_code=401,`
			`content={"detail": "Invalid or expired token"}`
			`)`

			`except Exception as e:`
			`logger.error(f"Authentication error: {e}")`
			`return JSONResponse(`
			`status_code=401,`
			`content={"detail": "Authentication failed"}`
			`)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix gateway 2025-07-17 19:54:04 +02:00			`def _is_public_route(self, path: str) -> bool:`
			`"""Check if route is public"""`
			`return any(path.startswith(route) for route in PUBLIC_ROUTES)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix gateway 2025-07-17 19:54:04 +02:00			`def _extract_token(self, request: Request) -> Optional[str]:`
			`"""Extract JWT token from request"""`
			`auth_header = request.headers.get("Authorization")`
			`if auth_header and auth_header.startswith("Bearer "):`
			`return auth_header.split(" ")[1]`
			`return None`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix gateway 2025-07-17 19:54:04 +02:00			`async def _verify_with_auth_service(self, token: str) -> Optional[dict]:`
			`"""Verify token with auth service"""`
			`try:`
			`async with httpx.AsyncClient(timeout=5.0) as client:`
			`response = await client.post(`
			`f"{settings.AUTH_SERVICE_URL}/verify",`
			`headers={"Authorization": f"Bearer {token}"}`
			`)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix gateway 2025-07-17 19:54:04 +02:00			`if response.status_code == 200:`
			`return response.json()`
			`else:`
			`return None`

			`except Exception as e:`
			`logger.error(f"Auth service verification failed: {e}")`
			`return None`