| import os |
| from datetime import datetime, timedelta |
| from typing import Optional |
| from fastapi import Depends, HTTPException, status |
| from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials |
| from jose import JWTError, jwt |
| from passlib.context import CryptContext |
| from sqlalchemy.orm import Session |
| from backend.database import get_db, User |
|
|
| SECRET_KEY = os.environ.get("SECRET_KEY", "platform-secret-key-change-in-production-2024") |
| ALGORITHM = "HS256" |
| ACCESS_TOKEN_EXPIRE_MINUTES = 60 |
| REFRESH_TOKEN_EXPIRE_DAYS = 30 |
|
|
| pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") |
| security = HTTPBearer() |
|
|
|
|
| def verify_password(plain_password: str, hashed_password: str) -> bool: |
| return pwd_context.verify(plain_password, hashed_password) |
|
|
|
|
| def get_password_hash(password: str) -> str: |
| return pwd_context.hash(password) |
|
|
|
|
| def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: |
| to_encode = data.copy() |
| expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)) |
| to_encode.update({"exp": expire, "type": "access"}) |
| return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) |
|
|
|
|
| def create_refresh_token(data: dict) -> str: |
| to_encode = data.copy() |
| expire = datetime.utcnow() + timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS) |
| to_encode.update({"exp": expire, "type": "refresh"}) |
| return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) |
|
|
|
|
| def decode_token(token: str) -> dict: |
| try: |
| payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) |
| return payload |
| except JWTError: |
| raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token") |
|
|
|
|
| async def get_current_user( |
| credentials: HTTPAuthorizationCredentials = Depends(security), |
| db: Session = Depends(get_db) |
| ) -> User: |
| token = credentials.credentials |
| payload = decode_token(token) |
| user_id = payload.get("sub") |
| if not user_id: |
| raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token payload") |
| user = db.query(User).filter(User.id == user_id).first() |
| if not user or not user.is_active: |
| raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found or inactive") |
| return user |