1 files changed, 23 insertions, 31 deletions

diff --git a/app/routes/me.py b/app/routes/me.py
index a09453c..03d0daa 100644
--- a/app/routes/me.py
+++ b/app/routes/me.py
@@ -1,48 +1,40 @@
-from fastapi import APIRouter, Depends, HTTPException
-from fastapi.security import OAuth2PasswordBearer
+from fastapi import APIRouter, Depends, HTTPException, Request
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.auth.jwt import decode_token
 from app.models.user import User
 from app.utils.db import get_async_session
-from app.utils.logger_cfg import logger
 
-router = APIRouter()
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login")
+router = APIRouter(tags=["auth"])
 
 
-@router.get("/me")
-async def read_current_user(
-    token: str = Depends(oauth2_scheme),
+async def get_current_user_from_cookie(
+    request: Request,
     session: AsyncSession = Depends(get_async_session),
 ):
-
+    token = request.cookies.get("access_token")
     if not token:
-        logger.warning("No token provided in /me request")
         raise HTTPException(status_code=401, detail="Unauthorized")
 
-    try:
-        payload = decode_token(token)
-        user_id = int(payload.get("sub"))
-        user = await User.get_user_by_id(user_id, session=session)
+    payload = decode_token(token)
+    user_id = int(payload.get("sub"))
+    user = await User.get_user_by_id(user_id, session=session)
 
-        if not user:
-            logger.warning("User not found in /me | id={}", user_id)
-            raise HTTPException(status_code=404, detail="User not found")
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    if user.token_version != payload.get("token_version"):
+        raise HTTPException(status_code=401, detail="Token revoked")
 
-        logger.info("User accessed /me | id={} username={}", user.id, user.username)
+    return user
 
-        user_data = {
-            "id": user.id,
-            "username": user.username,
-            "email": user.email,
-            "premium": user.premium,
-            "is_banned": user.is_banned,
-            "is_moderator": user.is_moderator,
-        }
-        logger.debug("Returning /me data: {}", user_data)
-        return user_data
 
-    except ValueError as e:
-        logger.warning("Invalid token in /me request: {}", e)
-        raise HTTPException(status_code=401, detail="Invalid token")
+@router.get("/me")
+async def read_current_user(user: User = Depends(get_current_user_from_cookie)):
+    return {
+        "id": user.id,
+        "username": user.username,
+        "email": user.email,
+        "premium": user.premium,
+        "is_banned": user.is_banned,
+        "is_moderator": user.is_moderator,
+    }