Extract JWT token from Authorization header or cookies. Authorization header takes precedence over cookies to ensure explicit token passing works even if stale cookies exist.
(request: Request)
| 54 | |
| 55 | |
| 56 | def extract_jwt_from_request(request: Request) -> Optional[str]: |
| 57 | """Extract JWT token from Authorization header or cookies. |
| 58 | |
| 59 | Authorization header takes precedence over cookies to ensure |
| 60 | explicit token passing works even if stale cookies exist. |
| 61 | """ |
| 62 | # Try Authorization header first (standard API behavior) |
| 63 | auth_header = request.headers.get("Authorization", "") |
| 64 | if auth_header.lower().startswith("bearer ") and not auth_header.lower().startswith("bearer lh_"): |
| 65 | return auth_header[7:].strip() |
| 66 | |
| 67 | # Fall back to cookies (for browser-based requests without explicit token) |
| 68 | token = request.cookies.get(JWT_COOKIE_NAME) |
| 69 | if token: |
| 70 | return token |
| 71 | |
| 72 | return None |
| 73 | |
| 74 | |
| 75 | def decode_jwt(token: str) -> Optional[dict]: |