Added placeholder notes on validation of jtw

backend/.env.example

@@ -1,2 +1,4 @@
 API_KEY = example-api-key
-ENVIRONMENT = local
+ENVIRONMENT = local
+SECRET_KEY = YOUR_SECRET_KEY
+ALGORITHM = HS256

backend/app/config.py

@@ -5,6 +5,8 @@ from pydantic import BaseSettings
 class Settings(BaseSettings):
     API_KEY: str
     API_KEY_NAME: str = "X-API-KEY"
+    SECRET_KEY: str
+    ALGORITHM: str
 
     class Config:
         env_file = ".env"

backend/app/dependencies.py

@@ -1,5 +1,6 @@
 from fastapi import Depends, HTTPException, status
 from fastapi.security import APIKeyHeader, OAuth2PasswordBearer
+from jose import jwt, JWTError
 from app.config import get_settings
 
 
@@ -15,16 +16,10 @@ async def validate_api_key(api_key_header: str = Depends(api_key_header)):
     return api_key_header
 
 
-from jose import jwt, JWTError
-from fastapi import HTTPException, status
-from typing import Optional
-
-SECRET_KEY = "YOUR_SECRET_KEY"
-ALGORITHM = "HS256"
-
 def get_user(user_id: str):
     # Define here how to fetch a user from your database
     # using the user_id. Here's a simple placeholder implementation:
+    # TODO: This is a placeholder implementation that needs to be fully tested with the front end
     user = None
     if user_id == "known_id":
         user = {"id": user_id, "name": "Known User"}
@@ -38,7 +33,9 @@ def validate_jwt_token(token: str = Depends(oauth2_scheme)):
         headers={"WWW-Authenticate": "Bearer"},
     )
     try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        # TODO: This is a placeholder implementation that needs to be fully tested with the front end
+        #       the SECRET_KEY should match the NEXTAUTH_SECRET in the front end
+        payload = jwt.decode(token, get_settings().SECRET_KEY, algorithms=[get_settings().ALGORITHM])
         user_id: str = payload.get("sub")
         if user_id is None:
             raise credentials_exception