feat: add JWT creation, decoding and cookie helpers
This commit is contained in:
Oliver Hofmann
parent
f93793a1d8
commit
fb7284b117
47
app/core/auth.py
Normal file
47
app/core/auth.py
Normal file
@ -0,0 +1,47 @@
|
||||
from datetime import datetime, timedelta, timezone
|
||||
from typing import Optional
|
||||
|
||||
from fastapi import Request, Response
|
||||
from jose import JWTError, jwt
|
||||
|
||||
from app.core.config import get_settings
|
||||
|
||||
settings = get_settings()
|
||||
|
||||
COOKIE_NAME = "access_token"
|
||||
ALGORITHM = "HS256"
|
||||
TOKEN_EXPIRE_HOURS = 8
|
||||
|
||||
|
||||
def create_access_token(username: str, is_admin: bool) -> str:
|
||||
expire = datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRE_HOURS)
|
||||
return jwt.encode(
|
||||
{"sub": username, "is_admin": is_admin, "exp": expire},
|
||||
settings.SECRET_KEY,
|
||||
algorithm=ALGORITHM,
|
||||
)
|
||||
|
||||
|
||||
def decode_token(token: str) -> Optional[dict]:
|
||||
try:
|
||||
return jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM])
|
||||
except JWTError:
|
||||
return None
|
||||
|
||||
|
||||
def get_token_from_request(request: Request) -> Optional[str]:
|
||||
return request.cookies.get(COOKIE_NAME)
|
||||
|
||||
|
||||
def set_auth_cookie(response: Response, token: str) -> None:
|
||||
response.set_cookie(
|
||||
key=COOKIE_NAME,
|
||||
value=token,
|
||||
httponly=True,
|
||||
samesite="lax",
|
||||
secure=settings.APP_ENV == "production",
|
||||
)
|
||||
|
||||
|
||||
def clear_auth_cookie(response: Response) -> None:
|
||||
response.delete_cookie(key=COOKIE_NAME, httponly=True, samesite="lax")
|
||||
27
tests/test_core_auth.py
Normal file
27
tests/test_core_auth.py
Normal file
@ -0,0 +1,27 @@
|
||||
from app.core.auth import COOKIE_NAME, create_access_token, decode_token
|
||||
|
||||
|
||||
def test_create_and_decode_token():
|
||||
token = create_access_token(username="alice", is_admin=False)
|
||||
payload = decode_token(token)
|
||||
assert payload is not None
|
||||
assert payload["sub"] == "alice"
|
||||
assert payload["is_admin"] is False
|
||||
|
||||
|
||||
def test_admin_claim():
|
||||
token = create_access_token(username="admin", is_admin=True)
|
||||
assert decode_token(token)["is_admin"] is True
|
||||
|
||||
|
||||
def test_decode_invalid_token():
|
||||
assert decode_token("not.a.valid.token") is None
|
||||
|
||||
|
||||
def test_decode_tampered_token():
|
||||
token = create_access_token(username="alice", is_admin=False)
|
||||
assert decode_token(token[:-4] + "xxxx") is None
|
||||
|
||||
|
||||
def test_cookie_name():
|
||||
assert COOKIE_NAME == "access_token"
|
||||
Loading…
x
Reference in New Issue
Block a user