🐛 Fix maybe_authenticated

src/ohmyapi/builtin/auth/routes.py

@@ -2,14 +2,16 @@ import time
 from enum import Enum
 from typing import Any, Dict, List, Optional
 
-import jwt
-import settings
-from fastapi import APIRouter, Body, Depends, Header, HTTPException, status
-from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
+from fastapi import APIRouter, Body, Depends, Header, HTTPException, Request, status
+from fastapi.security import OAuth2, OAuth2PasswordBearer, OAuth2PasswordRequestForm
+from fastapi.security.utils import get_authorization_scheme_param
 from pydantic import BaseModel
 
 from ohmyapi.builtin.auth.models import Group, User
 
+import jwt
+import settings
+
 # Router
 router = APIRouter(prefix="/auth", tags=["Auth"])
 
@@ -23,7 +25,21 @@ REFRESH_TOKEN_EXPIRE_SECONDS = getattr(
     settings, "JWT_REFRESH_TOKEN_EXPIRE_SECONDS", 7 * 24 * 60 * 60
 )
 
+class OptionalOAuth2PasswordBearer(OAuth2):
+    def __init__(self, tokenUrl: str):
+        super().__init__(flows={"password": {"tokenUrl": tokenUrl}}, scheme_name="OAuth2PasswordBearer")
+
+    async def __call__(self, request: Request) -> Optional[str]:
+        authorization: str = request.headers.get("Authorization")
+        scheme, param = get_authorization_scheme_param(authorization)
+        if not authorization or scheme.lower() != "bearer":
+            # No token provided — just return None
+            return None
+        return param
+
+
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login")
+oauth2_optional_scheme = OptionalOAuth2PasswordBearer(tokenUrl="/auth/login")
 
 
 class ClaimsUser(BaseModel):
@@ -122,7 +138,7 @@ async def get_current_user(token: str = Depends(oauth2_scheme)) -> User:
     return user
 
 
-async def maybe_authenticated(token: Optional[str] = Depends(oauth2_scheme)) -> Optional[User]:
+async def maybe_authenticated(token: Optional[str] = Depends(oauth2_optional_scheme)) -> Optional[User]:
     if token is None:
         return None
     return await get_current_user(token)