Spaces:
Sleeping
Sleeping
Update core/security.py
Browse files- core/security.py +28 -2
core/security.py
CHANGED
|
@@ -1,18 +1,44 @@
|
|
| 1 |
from datetime import datetime, timedelta
|
| 2 |
from passlib.context import CryptContext
|
| 3 |
-
from jose import jwt
|
|
|
|
|
|
|
| 4 |
from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
|
|
|
|
| 5 |
|
|
|
|
| 6 |
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
def hash_password(password: str) -> str:
|
| 9 |
return pwd_context.hash(password)
|
| 10 |
|
|
|
|
| 11 |
def verify_password(plain: str, hashed: str) -> bool:
|
| 12 |
return pwd_context.verify(plain, hashed)
|
| 13 |
|
|
|
|
| 14 |
def create_access_token(data: dict, expires_delta: timedelta = None):
|
| 15 |
to_encode = data.copy()
|
| 16 |
expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
|
| 17 |
to_encode.update({"exp": expire})
|
| 18 |
-
return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
from datetime import datetime, timedelta
|
| 2 |
from passlib.context import CryptContext
|
| 3 |
+
from jose import jwt, JWTError
|
| 4 |
+
from fastapi import Depends, HTTPException
|
| 5 |
+
from fastapi.security import OAuth2PasswordBearer
|
| 6 |
from core.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
|
| 7 |
+
from db.mongo import users_collection # make sure this path is correct
|
| 8 |
|
| 9 |
+
# Password hashing context
|
| 10 |
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 11 |
|
| 12 |
+
# OAuth2 setup for token extraction
|
| 13 |
+
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/login")
|
| 14 |
+
|
| 15 |
+
# Hash a plain password
|
| 16 |
def hash_password(password: str) -> str:
|
| 17 |
return pwd_context.hash(password)
|
| 18 |
|
| 19 |
+
# Verify a plain password against the hash
|
| 20 |
def verify_password(plain: str, hashed: str) -> bool:
|
| 21 |
return pwd_context.verify(plain, hashed)
|
| 22 |
|
| 23 |
+
# Create a JWT access token
|
| 24 |
def create_access_token(data: dict, expires_delta: timedelta = None):
|
| 25 |
to_encode = data.copy()
|
| 26 |
expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
|
| 27 |
to_encode.update({"exp": expire})
|
| 28 |
+
return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
| 29 |
+
|
| 30 |
+
# Get the current user from the JWT token
|
| 31 |
+
async def get_current_user(token: str = Depends(oauth2_scheme)):
|
| 32 |
+
try:
|
| 33 |
+
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
| 34 |
+
email: str = payload.get("sub")
|
| 35 |
+
if email is None:
|
| 36 |
+
raise HTTPException(status_code=401, detail="Invalid token: subject missing")
|
| 37 |
+
except JWTError:
|
| 38 |
+
raise HTTPException(status_code=401, detail="Could not validate token")
|
| 39 |
+
|
| 40 |
+
user = await users_collection.find_one({"email": email})
|
| 41 |
+
if not user:
|
| 42 |
+
raise HTTPException(status_code=404, detail="User not found")
|
| 43 |
+
|
| 44 |
+
return user
|