Initial Commit

2026-06-12 23:23:22 +00:00 · 2026-05-12 00:34:21 +00:00
commit d2dc43b16f
57 changed files with 6056 additions and 0 deletions
--- a/app/core/init.py
+++ b/app/core/init.py
--- a/app/core/pagination.py
+++ b/app/core/pagination.py
@@ -0,0 +1,10 @@
+from typing import Annotated
+from fastapi import Query
+
+
+def pagination_params(
+    page: Annotated[int, Query(ge=1)] = 1,
+    per_page: Annotated[int, Query(ge=1, le=100)] = 20,
+) -> tuple[int, int, int]:
+    offset = (page - 1) * per_page
+    return page, per_page, offset
--- a/app/core/responses.py
+++ b/app/core/responses.py
@@ -0,0 +1,42 @@
+from typing import Any, TypeVar, Generic
+from pydantic import BaseModel
+
+T = TypeVar("T")
+
+
+class ErrorDetail(BaseModel):
+    code: str
+    message: str
+    details: Any = None
+
+
+class APIResponse(BaseModel, Generic[T]):
+    success: bool
+    data: T | None = None
+    error: ErrorDetail | None = None
+
+
+class PaginationMeta(BaseModel):
+    total: int
+    page: int
+    per_page: int
+    pages: int
+
+
+class PaginatedAPIResponse(BaseModel, Generic[T]):
+    success: bool = True
+    data: list[T] = []
+    meta: PaginationMeta
+
+
+def ok(data: Any = None) -> dict:
+    return {"success": True, "data": data}
+
+
+def paginated(data: list, total: int, page: int, per_page: int) -> dict:
+    pages = max(1, (total + per_page - 1) // per_page)
+    return {
+        "success": True,
+        "data": data,
+        "meta": {"total": total, "page": page, "per_page": per_page, "pages": pages},
+    }
--- a/app/core/security.py
+++ b/app/core/security.py
@@ -0,0 +1,58 @@
+import json
+import urllib.request
+
+import jwt
+
+from app.config import get_settings
+from app.exceptions import UnauthorizedError
+
+_jwks_cache: dict[str, object] = {}
+
+
+def _get_public_key(kid: str) -> object:
+    if kid in _jwks_cache:
+        return _jwks_cache[kid]
+
+    settings = get_settings()
+    url = f"{settings.SUPABASE_URL}/auth/v1/.well-known/jwks.json"
+    with urllib.request.urlopen(url, timeout=10) as resp:
+        jwks = json.loads(resp.read())
+
+    for key_data in jwks.get("keys", []):
+        if key_data.get("kid") == kid:
+            public_key = jwt.algorithms.ECAlgorithm.from_jwk(key_data)
+            _jwks_cache[kid] = public_key
+            return public_key
+
+    raise UnauthorizedError("Public key not found")
+
+
+def decode_token(token: str) -> dict:
+    try:
+        header = jwt.get_unverified_header(token)
+        alg = header.get("alg", "HS256")
+        kid = header.get("kid")
+
+        if alg == "HS256":
+            settings = get_settings()
+            key = settings.SUPABASE_JWT_SECRET
+        else:
+            key = _get_public_key(kid)
+
+        payload = jwt.decode(
+            token,
+            key,
+            algorithms=[alg],
+            audience="authenticated",
+            options={"verify_exp": True},
+        )
+        return payload
+
+    except jwt.ExpiredSignatureError:
+        raise UnauthorizedError("Token has expired")
+    except jwt.InvalidTokenError as e:
+        raise UnauthorizedError(f"Invalid token: {e}")
+    except UnauthorizedError:
+        raise
+    except Exception as e:
+        raise UnauthorizedError(f"Token validation failed: {e}")