49 lines
1.6 KiB
Python
49 lines
1.6 KiB
Python
# ================================================================
|
|
# services/forecasting/app/core/auth.py
|
|
# ================================================================
|
|
"""
|
|
Authentication utilities for forecasting service
|
|
"""
|
|
|
|
import structlog
|
|
from fastapi import HTTPException, status, Request
|
|
from typing import Dict, Any, Optional
|
|
|
|
logger = structlog.get_logger()
|
|
|
|
async def get_current_user_from_headers(request: Request) -> Dict[str, Any]:
|
|
"""
|
|
Get current user from gateway headers
|
|
Gateway middleware adds user context to headers after JWT verification
|
|
"""
|
|
|
|
try:
|
|
# Extract user information from headers set by API Gateway
|
|
user_id = request.headers.get("X-User-ID")
|
|
user_email = request.headers.get("X-User-Email")
|
|
tenant_id = request.headers.get("X-Tenant-ID")
|
|
user_roles = request.headers.get("X-User-Roles", "").split(",")
|
|
|
|
if not user_id or not tenant_id:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Authentication required"
|
|
)
|
|
|
|
return {
|
|
"user_id": user_id,
|
|
"email": user_email,
|
|
"tenant_id": tenant_id,
|
|
"roles": [role.strip() for role in user_roles if role.strip()]
|
|
}
|
|
|
|
except HTTPException:
|
|
raise
|
|
except Exception as e:
|
|
logger.error("Error extracting user from headers", error=str(e))
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid authentication"
|
|
)
|
|
|