diff --git a/backend/auth.py b/backend/auth.py index de8511ec..2be6d499 100644 --- a/backend/auth.py +++ b/backend/auth.py @@ -64,11 +64,16 @@ async def get_current_user(credentials = Depends(security)): Returns TokenData with user_id, username, role. """ token = credentials.credentials + import logging + log = logging.getLogger("ainventory") + log.debug(f"[AUTH] Validating token (first 20 chars): {token[:20] if token else 'None'}") + log.debug(f"[AUTH] Using SECRET_KEY (first 10 chars): {SECRET_KEY[:10] if SECRET_KEY else 'None'}") try: payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) user_id: int = payload.get("sub") username: str = payload.get("username") role: str = payload.get("role") + log.debug(f"[AUTH] Token valid — user_id={user_id}, username={username}, role={role}") if user_id is None or username is None: raise HTTPException( @@ -81,7 +86,8 @@ async def get_current_user(credentials = Depends(security)): role=role, exp=datetime.fromtimestamp(payload.get("exp"), tz=timezone.utc) ) - except JWTError: + except JWTError as e: + log.error(f"[AUTH] JWTError: {type(e).__name__}: {str(e)}") raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid authentication credentials",