35 lines
1.2 KiB
Python
35 lines
1.2 KiB
Python
import os
|
|
from datetime import datetime, timedelta, timezone
|
|
|
|
import jwt
|
|
from passlib.context import CryptContext
|
|
|
|
SECRET_KEY: str = os.environ["JWT_SECRET_KEY"]
|
|
ALGORITHM: str = os.getenv("JWT_ALGORITHM", "HS256")
|
|
ACCESS_TOKEN_EXPIRE_MINUTES: int = int(os.getenv("JWT_ACCESS_TOKEN_EXPIRE_MINUTES", "60"))
|
|
|
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
|
|
|
|
|
def hash_password(plain: str) -> str:
|
|
return pwd_context.hash(plain)
|
|
|
|
|
|
def verify_password(plain: str, hashed: str) -> bool:
|
|
return pwd_context.verify(plain, hashed)
|
|
|
|
|
|
def create_access_token(subject: int | str) -> str:
|
|
expire = datetime.now(timezone.utc) + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
payload = {"sub": str(subject), "exp": expire}
|
|
return jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
|
|
|
|
|
|
def decode_access_token(token: str) -> str:
|
|
"""Декодирует токен и возвращает sub (user_id). Бросает jwt.PyJWTError при невалидном токене."""
|
|
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
|
sub: str | None = payload.get("sub")
|
|
if sub is None:
|
|
raise jwt.InvalidTokenError("Token payload missing 'sub'")
|
|
return sub
|