first commit

backend/app/api/dependencies/auth.py

@@ -0,0 +1,42 @@
+from __future__ import annotations
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from app.application.auth.context import AuthContextService
+from app.schemas.auth import AuthenticatedUser
+
+bearer_scheme = HTTPBearer(auto_error=False)
+
+
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials | None = Depends(bearer_scheme),
+) -> AuthenticatedUser:
+    """Resolve current user from a Directus-issued bearer token.
+
+    This keeps auth enforcement centralized and makes later permission mapping
+    easier to add without rewriting every route.
+    """
+
+    if not credentials or not credentials.credentials:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authorization header is required.",
+        )
+
+    service = AuthContextService()
+    return await service.get_authenticated_user(credentials.credentials)
+
+
+async def get_access_token(
+    credentials: HTTPAuthorizationCredentials | None = Depends(bearer_scheme),
+) -> str:
+    """Return the raw Directus bearer token for repository passthrough reads."""
+
+    if not credentials or not credentials.credentials:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authorization header is required.",
+        )
+
+    return credentials.credentials