From 0529a81ac6341339b2c108fd7f293000966265a7 Mon Sep 17 00:00:00 2001
From: Khalim Conn-Kowlessar <kconnkowlessar@gmail.com>
Date: Thu, 6 Jul 2023 11:57:09 +0100
Subject: [PATCH] Added placeholder notes on validation of jtw

---
 backend/.env.example        |  4 +++-
 backend/app/config.py       |  2 ++
 backend/app/dependencies.py | 13 +++++--------
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/backend/.env.example b/backend/.env.example
index 2d5dcdf9..352192d0 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -1,2 +1,4 @@
 API_KEY = example-api-key
-ENVIRONMENT = local
\ No newline at end of file
+ENVIRONMENT = local
+SECRET_KEY = YOUR_SECRET_KEY
+ALGORITHM = HS256
\ No newline at end of file
diff --git a/backend/app/config.py b/backend/app/config.py
index 3bcb14d0..fe274d56 100644
--- a/backend/app/config.py
+++ b/backend/app/config.py
@@ -5,6 +5,8 @@ from pydantic import BaseSettings
 class Settings(BaseSettings):
     API_KEY: str
     API_KEY_NAME: str = "X-API-KEY"
+    SECRET_KEY: str
+    ALGORITHM: str
 
     class Config:
         env_file = ".env"
diff --git a/backend/app/dependencies.py b/backend/app/dependencies.py
index b4813859..f8d0a3ca 100644
--- a/backend/app/dependencies.py
+++ b/backend/app/dependencies.py
@@ -1,5 +1,6 @@
 from fastapi import Depends, HTTPException, status
 from fastapi.security import APIKeyHeader, OAuth2PasswordBearer
+from jose import jwt, JWTError
 from app.config import get_settings
 
 
@@ -15,16 +16,10 @@ async def validate_api_key(api_key_header: str = Depends(api_key_header)):
     return api_key_header
 
 
-from jose import jwt, JWTError
-from fastapi import HTTPException, status
-from typing import Optional
-
-SECRET_KEY = "YOUR_SECRET_KEY"
-ALGORITHM = "HS256"
-
 def get_user(user_id: str):
     # Define here how to fetch a user from your database
     # using the user_id. Here's a simple placeholder implementation:
+    # TODO: This is a placeholder implementation that needs to be fully tested with the front end
     user = None
     if user_id == "known_id":
         user = {"id": user_id, "name": "Known User"}
@@ -38,7 +33,9 @@ def validate_jwt_token(token: str = Depends(oauth2_scheme)):
         headers={"WWW-Authenticate": "Bearer"},
     )
     try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        # TODO: This is a placeholder implementation that needs to be fully tested with the front end
+        #       the SECRET_KEY should match the NEXTAUTH_SECRET in the front end
+        payload = jwt.decode(token, get_settings().SECRET_KEY, algorithms=[get_settings().ALGORITHM])
         user_id: str = payload.get("sub")
         if user_id is None:
             raise credentials_exception