feat: 初始提交
This commit is contained in:
58
backend/app/core/security.py
Normal file
58
backend/app/core/security.py
Normal file
@@ -0,0 +1,58 @@
|
||||
from datetime import datetime, timedelta
|
||||
from typing import Any, Dict, Optional
|
||||
|
||||
from fastapi import HTTPException, status
|
||||
from jose import JWTError, jwt
|
||||
from passlib.context import CryptContext
|
||||
|
||||
from .config import settings
|
||||
|
||||
# 统一的密码哈希上下文,后续如需切换算法只需在此维护
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
|
||||
|
||||
def hash_password(password: str) -> str:
|
||||
"""对用户密码进行哈希处理,任何时候都不要存储明文密码。"""
|
||||
return pwd_context.hash(password)
|
||||
|
||||
|
||||
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
||||
"""验证明文密码是否匹配哈希值。"""
|
||||
return pwd_context.verify(plain_password, hashed_password)
|
||||
|
||||
|
||||
def create_access_token(
|
||||
subject: str,
|
||||
*,
|
||||
expires_delta: Optional[timedelta] = None,
|
||||
extra_claims: Optional[Dict[str, Any]] = None,
|
||||
) -> str:
|
||||
"""生成 JWT 访问令牌,默认过期时间读取自配置。"""
|
||||
if expires_delta is None:
|
||||
expires_delta = timedelta(minutes=settings.access_token_expire_minutes)
|
||||
|
||||
now = datetime.utcnow()
|
||||
expire = now + expires_delta
|
||||
|
||||
to_encode: Dict[str, Any] = {"sub": subject, "iat": now, "exp": expire}
|
||||
if extra_claims:
|
||||
to_encode.update(extra_claims)
|
||||
|
||||
return jwt.encode(to_encode, settings.secret_key, algorithm=settings.jwt_algorithm)
|
||||
|
||||
|
||||
def decode_access_token(token: str) -> Dict[str, Any]:
|
||||
"""解析并校验 JWT,失败时抛出 401 异常。"""
|
||||
credentials_exception = HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="无效的凭证",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
try:
|
||||
payload = jwt.decode(token, settings.secret_key, algorithms=[settings.jwt_algorithm])
|
||||
except JWTError as exc:
|
||||
raise credentials_exception from exc
|
||||
|
||||
if "sub" not in payload:
|
||||
raise credentials_exception
|
||||
return payload
|
||||
Reference in New Issue
Block a user