48 lines
1.2 KiB
Python
48 lines
1.2 KiB
Python
from datetime import datetime, timedelta, timezone
|
|
from typing import Optional
|
|
|
|
from fastapi import Request, Response
|
|
from jose import JWTError, jwt
|
|
|
|
from app.core.config import get_settings
|
|
|
|
settings = get_settings()
|
|
|
|
COOKIE_NAME = "access_token"
|
|
ALGORITHM = "HS256"
|
|
TOKEN_EXPIRE_HOURS = 8
|
|
|
|
|
|
def create_access_token(username: str, is_admin: bool) -> str:
|
|
expire = datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRE_HOURS)
|
|
return jwt.encode(
|
|
{"sub": username, "is_admin": is_admin, "exp": expire},
|
|
settings.SECRET_KEY,
|
|
algorithm=ALGORITHM,
|
|
)
|
|
|
|
|
|
def decode_token(token: str) -> Optional[dict]:
|
|
try:
|
|
return jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM])
|
|
except JWTError:
|
|
return None
|
|
|
|
|
|
def get_token_from_request(request: Request) -> Optional[str]:
|
|
return request.cookies.get(COOKIE_NAME)
|
|
|
|
|
|
def set_auth_cookie(response: Response, token: str) -> None:
|
|
response.set_cookie(
|
|
key=COOKIE_NAME,
|
|
value=token,
|
|
httponly=True,
|
|
samesite="lax",
|
|
secure=settings.APP_ENV == "production",
|
|
)
|
|
|
|
|
|
def clear_auth_cookie(response: Response) -> None:
|
|
response.delete_cookie(key=COOKIE_NAME, httponly=True, samesite="lax")
|