implement initial backend structure with authentication, user management, and database integration

backend/app/dependencies.py

@@ -0,0 +1,42 @@
+"""FastAPI dependencies (e.g. authenticated user extraction)."""
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from jose import JWTError
+
+from backend.app.services.auth import decode_token
+
+_bearer = HTTPBearer()
+
+
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Depends(_bearer),
+) -> dict:
+    """Extract and validate the Bearer JWT. Returns the token payload."""
+    credentials_error = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials.",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+    try:
+        payload = decode_token(credentials.credentials)
+    except JWTError:
+        raise credentials_error
+
+    if payload.get("type") != "access":
+        raise credentials_error
+
+    user_id: str | None = payload.get("sub")
+    if user_id is None:
+        raise credentials_error
+
+    return {"id": user_id, "email": payload.get("email"), "role": payload.get("role")}
+
+
+async def require_admin(current_user: dict = Depends(get_current_user)) -> dict:
+    """Raise 403 if the authenticated user is not an admin."""
+    if current_user.get("role") != "admin":
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Admin access required.",
+        )
+    return current_user