73 lines
2.7 KiB
Python
73 lines
2.7 KiB
Python
# app/core/security.py
|
|
from datetime import datetime, timedelta, timezone
|
|
from typing import Any, Union, Optional
|
|
|
|
from jose import JWTError, jwt
|
|
from passlib.context import CryptContext
|
|
|
|
from app.config import settings # Import settings from config
|
|
|
|
# --- Password Hashing ---
|
|
# These functions are used for password hashing and verification
|
|
# They complement FastAPI-Users but provide direct access to the underlying password functionality
|
|
# when needed outside of the FastAPI-Users authentication flow.
|
|
|
|
# Configure passlib context
|
|
# Using bcrypt as the default hashing scheme
|
|
# 'deprecated="auto"' will automatically upgrade hashes if needed on verification
|
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
|
|
|
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
"""
|
|
Verifies a plain text password against a hashed password.
|
|
This is used by FastAPI-Users internally, but also exposed here for custom authentication flows
|
|
if needed.
|
|
|
|
Args:
|
|
plain_password: The password attempt.
|
|
hashed_password: The stored hash from the database.
|
|
|
|
Returns:
|
|
True if the password matches the hash, False otherwise.
|
|
"""
|
|
try:
|
|
return pwd_context.verify(plain_password, hashed_password)
|
|
except Exception:
|
|
# Handle potential errors during verification (e.g., invalid hash format)
|
|
return False
|
|
|
|
def hash_password(password: str) -> str:
|
|
"""
|
|
Hashes a plain text password using the configured context (bcrypt).
|
|
This is used by FastAPI-Users internally, but also exposed here for
|
|
custom user creation or password reset flows if needed.
|
|
|
|
Args:
|
|
password: The plain text password to hash.
|
|
|
|
Returns:
|
|
The resulting hash string.
|
|
"""
|
|
return pwd_context.hash(password)
|
|
|
|
|
|
# --- JSON Web Tokens (JWT) ---
|
|
# FastAPI-Users now handles all JWT token creation and validation.
|
|
# The code below is commented out because FastAPI-Users provides these features.
|
|
# It's kept for reference in case a custom implementation is needed later.
|
|
|
|
# Example of a potential future implementation:
|
|
# def get_subject_from_token(token: str) -> Optional[str]:
|
|
# """
|
|
# Extract the subject (user ID) from a JWT token.
|
|
# This would be used if we need to validate tokens outside of FastAPI-Users flow.
|
|
# For now, use fastapi_users.current_user dependency instead.
|
|
# """
|
|
# # This would need to use FastAPI-Users' token verification if ever implemented
|
|
# # For example, by decoding the token using the strategy from the auth backend
|
|
# try:
|
|
# payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
|
|
# return payload.get("sub")
|
|
# except JWTError:
|
|
# return None
|
|
# return None |