""" 安全相关:密码哈希、JWT访问令牌签发与解析。 """ from datetime import datetime, timedelta, timezone from typing import Any from jose import jwt from passlib.context import CryptContext from app.core.config import settings #密码加密 pwd_context = CryptContext( schemes=["pbkdf2_sha256", "bcrypt"], deprecated="auto") #注册时加密密码 def hash_password(password: str) -> str: return pwd_context.hash(password) #登录时验证密码 def verify_password(password: str, password_hash: str) -> bool: return pwd_context.verify(password, password_hash) #登录成功时签发JWT令牌 def create_access_token(subject: str, expires_delta: timedelta | None = None, extra: dict[str, Any] | None = None) -> str: now = datetime.now(timezone.utc) expire = now + (expires_delta or timedelta(minutes=settings.access_token_exp_minutes)) payload: dict[str, Any] = {"sub": subject, "iat": int(now.timestamp()), "exp": int(expire.timestamp())} if extra: payload.update(extra) return jwt.encode(payload, settings.jwt_secret_key, algorithm=settings.jwt_algorithm) #解析JWT令牌并验证 def decode_token(token: str) -> dict[str, Any]: return jwt.decode(token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm])