# api/dependencies.py from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from sqlalchemy.orm import Session from core import security from db import crud, models from db.database import get_db # ============================ ¡EL CAMBIO CLAVE ESTÁ AQUÍ! ============================ # GUARDIA ESTRICTO: Para endpoints protegidos. Si no hay token, lanza un error 401. oauth2_scheme_strict = OAuth2PasswordBearer(tokenUrl="/api/users/token") # GUARDIA PERMISIVO: Para endpoints opcionales. Si no hay token, NO lanza error. oauth2_scheme_optional = OAuth2PasswordBearer(tokenUrl="/api/users/token", auto_error=False) # =================================================================================== def get_current_user( db: Session = Depends(get_db), token: str = Depends(oauth2_scheme_strict) # <-- Usa el guardia estricto ) -> models.User: credentials_exception = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) username = security.decode_access_token(token) if username is None: raise credentials_exception user = crud.get_user_by_username(db, username=username) if user is None: raise credentials_exception return user def get_current_active_user( current_user: models.User = Depends(get_current_user) ) -> models.User: if not current_user.is_active: raise HTTPException(status_code=400, detail="Inactive user") return current_user def get_current_user_optional( db: Session = Depends(get_db), token: str | None = Depends(oauth2_scheme_optional) # <-- Usa el guardia permisivo ) -> models.User | None: if not token: return None try: username = security.decode_access_token(token) if username is None: return None user = crud.get_user_by_username(db, username=username) return user except Exception: return None