security.py 1.3 KB

123456789101112131415161718192021222324252627282930313233
  1. """
  2. 安全相关:密码哈希、JWT访问令牌签发与解析。
  3. """
  4. from datetime import datetime, timedelta, timezone
  5. from typing import Any
  6. from jose import jwt
  7. from passlib.context import CryptContext
  8. from app.core.config import settings
  9. #密码加密
  10. pwd_context = CryptContext(
  11. schemes=["pbkdf2_sha256", "bcrypt"], deprecated="auto")
  12. #注册时加密密码
  13. def hash_password(password: str) -> str:
  14. return pwd_context.hash(password)
  15. #登录时验证密码
  16. def verify_password(password: str, password_hash: str) -> bool:
  17. return pwd_context.verify(password, password_hash)
  18. #登录成功时签发JWT令牌
  19. def create_access_token(subject: str, expires_delta: timedelta | None = None, extra: dict[str, Any] | None = None) -> str:
  20. now = datetime.now(timezone.utc)
  21. expire = now + (expires_delta or timedelta(minutes=settings.access_token_exp_minutes))
  22. payload: dict[str, Any] = {"sub": subject, "iat": int(now.timestamp()), "exp": int(expire.timestamp())}
  23. if extra:
  24. payload.update(extra)
  25. return jwt.encode(payload, settings.jwt_secret_key, algorithm=settings.jwt_algorithm)
  26. #解析JWT令牌并验证
  27. def decode_token(token: str) -> dict[str, Any]:
  28. return jwt.decode(token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm])