Add authentication check to event-related API routes

Ensure that all event-related endpoints verify the presence of a valid authenticated user before proceeding. Raise a 401 Unauthorized error if authentication credentials are missing or invalid, enhancing the security of API routes.

backend/app/api/routes/events/router.py

@@ -36,6 +36,12 @@ def create_event(
         current_user: User = Depends(get_current_user)
 ) -> EventResponse:
     """Create a new event."""
+    if current_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     try:
         # Check if slug is already taken
         if event.get_by_slug(db, slug=event_in.slug):
@@ -69,6 +75,12 @@ def get_user_events(
         current_user: User = Depends(get_current_user)
 ) -> Dict[str, Any]:
     """Get all events created by the current user with pagination."""
+    if current_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     try:
         total = event.count_user_events(
             db=db,
@@ -166,6 +178,12 @@ def get_event(
         current_user: User = Depends(get_current_user)
 ) -> EventResponse:
     """Get event by ID."""
+    if current_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     try:
         event_obj = event.get(db=db, id=event_id)
         if not event_obj:
@@ -209,6 +227,12 @@ def get_public_event(
         current_user: Optional[User] = Depends(get_optional_current_user)
 ) -> EventResponse:
     """Get public event by slug."""
+    if current_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     try:
         event_obj = event.get_public_event(db=db, slug=slug, access_code=access_code)
         if not event_obj:
@@ -246,6 +270,12 @@ def update_event(
         current_user: User = Depends(get_current_user)
 ) -> EventResponse:
     """Update event."""
+    if current_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     try:
         event_obj = event.get(db=db, id=event_id)
         if not event_obj:
@@ -304,6 +334,12 @@ def delete_event(
         hard_delete: bool = Query(False, description="Perform hard delete instead of soft delete")
 ):
     """Delete event (soft delete by default)."""
+    if current_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     try:
         event_obj = event.get(db=db, id=event_id)
         if not event_obj: