from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

SECRET_KEY = "your-secret-key"
ALGORITHM = "HS256"

def verify_token(token: str = Depends(oauth2_scheme)):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )

    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
    except JWTError:
        raise credentials_exception

    return username

@app.post("/token")
async def login(username: str, password: str):
    # 验证用户身份的逻辑，通常会查询数据库
    # 如果验证通过，生成 Token 并返回给客户端
    user = {"username": username}
    token = jwt.encode({"sub": username}, SECRET_KEY, algorithm=ALGORITHM)
    return {"access_token": token, "token_type": "bearer"}

@app.get("/users/me")
async def read_users_me(current_user: str = Depends(verify_token)):
    return {"username": current_user}

from fastapi import FastAPI, Depends, HTTPException, Header

app = FastAPI()

async def check_security_header(authorization: str = Header(...)):
    if "Bearer" not in authorization:
        raise HTTPException(
            status_code=401,
            detail="Invalid authentication",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return authorization

@app.get("/secure-data")
async def get_secure_data(security_header: str = Depends(check_security_header)):
    return {"message": "This is secure data"}