Initial microservices setup from artifacts

gateway/app/middleware/auth.py

@@ -0,0 +1,101 @@
+"""
+Authentication middleware for gateway
+"""
+
+import logging
+from fastapi import Request, HTTPException
+from fastapi.responses import JSONResponse
+import httpx
+from typing import Optional
+
+from app.core.config import settings
+from shared.auth.jwt_handler import JWTHandler
+
+logger = logging.getLogger(__name__)
+
+# JWT handler
+jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)
+
+# Routes that don't require authentication
+PUBLIC_ROUTES = [
+    "/health",
+    "/metrics",
+    "/docs",
+    "/redoc",
+    "/openapi.json",
+    "/api/v1/auth/login",
+    "/api/v1/auth/register",
+    "/api/v1/auth/refresh"
+]
+
+async def auth_middleware(request: Request, call_next):
+    """Authentication middleware"""
+    
+    # Check if route requires authentication
+    if _is_public_route(request.url.path):
+        return await call_next(request)
+    
+    # Get token from header
+    token = _extract_token(request)
+    if not token:
+        return JSONResponse(
+            status_code=401,
+            content={"detail": "Authentication required"}
+        )
+    
+    # Verify token
+    try:
+        # First try to verify token locally
+        payload = jwt_handler.verify_token(token)
+        
+        if payload:
+            # Add user info to request state
+            request.state.user = payload
+            return await call_next(request)
+        else:
+            # Token invalid or expired, verify with auth service
+            user_info = await _verify_with_auth_service(token)
+            if user_info:
+                request.state.user = user_info
+                return await call_next(request)
+            else:
+                return JSONResponse(
+                    status_code=401,
+                    content={"detail": "Invalid or expired token"}
+                )
+                
+    except Exception as e:
+        logger.error(f"Authentication error: {e}")
+        return JSONResponse(
+            status_code=401,
+            content={"detail": "Authentication failed"}
+        )
+
+def _is_public_route(path: str) -> bool:
+    """Check if route is public"""
+    return any(path.startswith(route) for route in PUBLIC_ROUTES)
+
+def _extract_token(request: Request) -> Optional[str]:
+    """Extract JWT token from request"""
+    auth_header = request.headers.get("Authorization")
+    if auth_header and auth_header.startswith("Bearer "):
+        return auth_header.split(" ")[1]
+    return None
+
+async def _verify_with_auth_service(token: str) -> Optional[dict]:
+    """Verify token with auth service"""
+    try:
+        async with httpx.AsyncClient(timeout=5.0) as client:
+            response = await client.post(
+                f"{settings.AUTH_SERVICE_URL}/verify",
+                headers={"Authorization": f"Bearer {token}"}
+            )
+            
+            if response.status_code == 200:
+                return response.json()
+            else:
+                return None
+                
+    except Exception as e:
+        logger.error(f"Auth service verification failed: {e}")
+        return None