debug: add JWT validation logging to diagnose 401 errors
This commit is contained in:
@@ -64,11 +64,16 @@ async def get_current_user(credentials = Depends(security)):
|
||||
Returns TokenData with user_id, username, role.
|
||||
"""
|
||||
token = credentials.credentials
|
||||
import logging
|
||||
log = logging.getLogger("ainventory")
|
||||
log.debug(f"[AUTH] Validating token (first 20 chars): {token[:20] if token else 'None'}")
|
||||
log.debug(f"[AUTH] Using SECRET_KEY (first 10 chars): {SECRET_KEY[:10] if SECRET_KEY else 'None'}")
|
||||
try:
|
||||
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
||||
user_id: int = payload.get("sub")
|
||||
username: str = payload.get("username")
|
||||
role: str = payload.get("role")
|
||||
log.debug(f"[AUTH] Token valid — user_id={user_id}, username={username}, role={role}")
|
||||
|
||||
if user_id is None or username is None:
|
||||
raise HTTPException(
|
||||
@@ -81,7 +86,8 @@ async def get_current_user(credentials = Depends(security)):
|
||||
role=role,
|
||||
exp=datetime.fromtimestamp(payload.get("exp"), tz=timezone.utc)
|
||||
)
|
||||
except JWTError:
|
||||
except JWTError as e:
|
||||
log.error(f"[AUTH] JWTError: {type(e).__name__}: {str(e)}")
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Invalid authentication credentials",
|
||||
|
||||
Reference in New Issue
Block a user