MCPcopy
hub / github.com/learnhouse/learnhouse / extract_jwt_from_request

Function extract_jwt_from_request

apps/api/src/security/auth.py:56–72  ·  view source on GitHub ↗

Extract JWT token from Authorization header or cookies. Authorization header takes precedence over cookies to ensure explicit token passing works even if stale cookies exist.

(request: Request)

Source from the content-addressed store, hash-verified

54
55
56def extract_jwt_from_request(request: Request) -> Optional[str]:
57 """Extract JWT token from Authorization header or cookies.
58
59 Authorization header takes precedence over cookies to ensure
60 explicit token passing works even if stale cookies exist.
61 """
62 # Try Authorization header first (standard API behavior)
63 auth_header = request.headers.get("Authorization", "")
64 if auth_header.lower().startswith("bearer ") and not auth_header.lower().startswith("bearer lh_"):
65 return auth_header[7:].strip()
66
67 # Fall back to cookies (for browser-based requests without explicit token)
68 token = request.cookies.get(JWT_COOKIE_NAME)
69 if token:
70 return token
71
72 return None
73
74
75def decode_jwt(token: str) -> Optional[dict]:

Callers 6

logoutFunction · 0.90
get_current_userFunction · 0.85

Calls 1

getMethod · 0.45