import os import jwt from functools import wraps from flask import request, jsonify # Should ideally be set in .env SECRET_KEY = os.getenv('JWT_SECRET', 'super-secret-jwt-key-automarket') def token_required(f): @wraps(f) def decorated(*args, **kwargs): token = None auth_header = request.headers.get('Authorization') if auth_header and auth_header.startswith('Bearer '): token = auth_header.split(" ")[1] # Fallback to query param for file downloads if not token: token = request.args.get('token') if not token: return jsonify({'message': 'Token is missing!'}), 401 try: data = jwt.decode(token, SECRET_KEY, algorithms=["HS256"]) current_user_id = data['user_id'] except Exception as e: return jsonify({'message': 'Token is invalid or expired!'}), 401 return f(current_user_id, *args, **kwargs) return decorated