Add forecasting service

2025-07-21 19:48:56 +02:00
parent 2d85dd3e9e
commit 0e7ca10a29
24 changed files with 2937 additions and 179 deletions
--- a/services/forecasting/app/core/auth.py
+++ b/services/forecasting/app/core/auth.py
@@ -1,22 +1,48 @@
+# ================================================================
+# services/forecasting/app/core/auth.py
+# ================================================================
 """
-Authentication configuration for forecasting service
+Authentication utilities for forecasting service
 """

-from shared.auth.jwt_handler import JWTHandler
-from shared.auth.decorators import require_auth, require_role
-from app.core.config import settings
+import structlog
+from fastapi import HTTPException, status, Request
+from typing import Dict, Any, Optional

-# Initialize JWT handler
-jwt_handler = JWTHandler(
-    secret_key=settings.JWT_SECRET_KEY,
-    algorithm=settings.JWT_ALGORITHM,
-    access_token_expire_minutes=settings.JWT_ACCESS_TOKEN_EXPIRE_MINUTES
-)
+logger = structlog.get_logger()

-# Export commonly used functions
-verify_token = jwt_handler.verify_token
-create_access_token = jwt_handler.create_access_token
-get_current_user = jwt_handler.get_current_user
+async def get_current_user_from_headers(request: Request) -> Dict[str, Any]:
+    """
+    Get current user from gateway headers
+    Gateway middleware adds user context to headers after JWT verification
+    """
+    
+    try:
+        # Extract user information from headers set by API Gateway
+        user_id = request.headers.get("X-User-ID")
+        user_email = request.headers.get("X-User-Email")
+        tenant_id = request.headers.get("X-Tenant-ID")
+        user_roles = request.headers.get("X-User-Roles", "").split(",")
+        
+        if not user_id or not tenant_id:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Authentication required"
+            )
+        
+        return {
+            "user_id": user_id,
+            "email": user_email,
+            "tenant_id": tenant_id,
+            "roles": [role.strip() for role in user_roles if role.strip()]
+        }
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error extracting user from headers", error=str(e))
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication"
+        )

-# Export decorators
-__all__ = ['verify_token', 'create_access_token', 'get_current_user', 'require_auth', 'require_role']