| from datetime import datetime, timedelta |
|
|
| from app.settings import SECRET_KEY |
| from fastapi import Depends, HTTPException, status |
| from fastapi.security import OAuth2PasswordBearer |
| from jose import JWTError, jwt |
|
|
| from . import schema |
|
|
| ALGORITHM = "HS256" |
| ACCESS_TOKEN_EXPIRE_MINUTES = 30 |
|
|
|
|
| def create_access_token(data: dict) -> str: |
| """ |
| Generates a JWT access token with an expiration time. |
| |
| This function creates a JWT (JSON Web Token) that includes the provided |
| data and an expiration time. The token is signed using a secret key and |
| a specified algorithm. |
| |
| Args: |
| data (dict): A dictionary containing the data to be included in the token. |
| |
| Returns: |
| str: The encoded JWT token as a string. |
| """ |
| to_encode = data.copy() |
| expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) |
| to_encode.update({"exp": expire}) |
| encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) |
| return encoded_jwt |
|
|
|
|
| def verify_token(token: str, credentials_exception): |
| """ |
| Verifies the provided JWT token and extracts the user information. |
| |
| This function decodes the given JWT token using the secret key and specified |
| algorithm. It checks for the presence of the user's email in the token's payload. |
| If the email is not found or the token is invalid, an exception is raised. |
| |
| Args: |
| token (str): The JWT token to be verified. |
| credentials_exception: The exception to raise if the token is invalid or the email is not found. |
| |
| Returns: |
| TokenData: An object containing the user's email extracted from the token. |
| |
| Raises: |
| credentials_exception: If the token is invalid or does not contain an email. |
| """ |
| try: |
| payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) |
| email: str = payload.get("sub") |
| if email is None: |
| raise credentials_exception |
| token_data = schema.TokenData(email=email) |
| except JWTError: |
| raise credentials_exception |
| return token_data |
|
|
|
|
| oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") |
|
|
|
|
| def get_current_user(token: str = Depends(oauth2_scheme)): |
| """ |
| Retrieves the current authenticated user based on the provided JWT token. |
| |
| This function extracts the JWT token from the request, verifies it, and returns |
| the user data associated with the token. If the token is invalid or cannot be |
| verified, an HTTP 401 Unauthorized exception is raised. |
| |
| Args: |
| token (str, optional): The JWT token extracted from the request using the OAuth2 |
| password flow. Defaults to being fetched via `Depends(oauth2_scheme)`. |
| |
| Returns: |
| TokenData: An object containing the user's information extracted from the token. |
| |
| Raises: |
| HTTPException: If the token is invalid or the credentials cannot be validated. |
| """ |
| credentials_exception = HTTPException( |
| status_code=status.HTTP_401_UNAUTHORIZED, |
| detail="Could not validate credentials", |
| headers={"WWW-Authenticate": "Bearer"}, |
| ) |
| return verify_token(token, credentials_exception) |
|
|
