Spaces:
Sleeping
Sleeping
suhail commited on
Commit ·
87b35fd
1
Parent(s): 706bb54
good
Browse files- src/core/security.py +9 -14
src/core/security.py
CHANGED
|
@@ -107,9 +107,9 @@
|
|
| 107 |
"""
|
| 108 |
Security utilities for authentication and authorization.
|
| 109 |
"""
|
| 110 |
-
|
| 111 |
from datetime import datetime, timedelta
|
| 112 |
from typing import Dict, Any
|
|
|
|
| 113 |
|
| 114 |
import jwt
|
| 115 |
from passlib.context import CryptContext
|
|
@@ -119,7 +119,7 @@ from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
|
| 119 |
from src.core.config import settings
|
| 120 |
|
| 121 |
# =========================
|
| 122 |
-
# Password hashing (bcrypt-safe
|
| 123 |
# =========================
|
| 124 |
|
| 125 |
pwd_context = CryptContext(
|
|
@@ -129,21 +129,20 @@ pwd_context = CryptContext(
|
|
| 129 |
|
| 130 |
security = HTTPBearer()
|
| 131 |
|
| 132 |
-
MAX_BCRYPT_BYTES = 72
|
| 133 |
-
|
| 134 |
|
| 135 |
-
def
|
| 136 |
"""
|
| 137 |
-
|
|
|
|
| 138 |
"""
|
| 139 |
-
return password.encode("utf-8")
|
| 140 |
|
| 141 |
|
| 142 |
def hash_password(password: str) -> str:
|
| 143 |
"""
|
| 144 |
-
Hash password safely
|
| 145 |
"""
|
| 146 |
-
return pwd_context.hash(
|
| 147 |
|
| 148 |
|
| 149 |
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
@@ -153,7 +152,7 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
| 153 |
"""
|
| 154 |
try:
|
| 155 |
return pwd_context.verify(
|
| 156 |
-
|
| 157 |
hashed_password
|
| 158 |
)
|
| 159 |
except Exception:
|
|
@@ -221,7 +220,6 @@ def get_current_user(
|
|
| 221 |
Extract and validate JWT token from Authorization header.
|
| 222 |
"""
|
| 223 |
token = credentials.credentials
|
| 224 |
-
|
| 225 |
payload = verify_jwt_token(token, settings.BETTER_AUTH_SECRET)
|
| 226 |
|
| 227 |
return {
|
|
@@ -230,6 +228,3 @@ def get_current_user(
|
|
| 230 |
"iat": payload.get("iat"),
|
| 231 |
"exp": payload.get("exp"),
|
| 232 |
}
|
| 233 |
-
|
| 234 |
-
|
| 235 |
-
|
|
|
|
| 107 |
"""
|
| 108 |
Security utilities for authentication and authorization.
|
| 109 |
"""
|
|
|
|
| 110 |
from datetime import datetime, timedelta
|
| 111 |
from typing import Dict, Any
|
| 112 |
+
import hashlib
|
| 113 |
|
| 114 |
import jwt
|
| 115 |
from passlib.context import CryptContext
|
|
|
|
| 119 |
from src.core.config import settings
|
| 120 |
|
| 121 |
# =========================
|
| 122 |
+
# Password hashing (bcrypt-safe FINAL)
|
| 123 |
# =========================
|
| 124 |
|
| 125 |
pwd_context = CryptContext(
|
|
|
|
| 129 |
|
| 130 |
security = HTTPBearer()
|
| 131 |
|
|
|
|
|
|
|
| 132 |
|
| 133 |
+
def _normalize_password(password: str) -> bytes:
|
| 134 |
"""
|
| 135 |
+
Convert password to fixed-length digest.
|
| 136 |
+
This COMPLETELY avoids bcrypt 72-byte crashes.
|
| 137 |
"""
|
| 138 |
+
return hashlib.sha256(password.encode("utf-8")).digest()
|
| 139 |
|
| 140 |
|
| 141 |
def hash_password(password: str) -> str:
|
| 142 |
"""
|
| 143 |
+
Hash password safely (SHA256 → bcrypt).
|
| 144 |
"""
|
| 145 |
+
return pwd_context.hash(_normalize_password(password))
|
| 146 |
|
| 147 |
|
| 148 |
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
|
|
| 152 |
"""
|
| 153 |
try:
|
| 154 |
return pwd_context.verify(
|
| 155 |
+
_normalize_password(plain_password),
|
| 156 |
hashed_password
|
| 157 |
)
|
| 158 |
except Exception:
|
|
|
|
| 220 |
Extract and validate JWT token from Authorization header.
|
| 221 |
"""
|
| 222 |
token = credentials.credentials
|
|
|
|
| 223 |
payload = verify_jwt_token(token, settings.BETTER_AUTH_SECRET)
|
| 224 |
|
| 225 |
return {
|
|
|
|
| 228 |
"iat": payload.get("iat"),
|
| 229 |
"exp": payload.get("exp"),
|
| 230 |
}
|
|
|
|
|
|
|
|
|