Files
2026-03-18 06:40:53 -05:00

50 lines
1.4 KiB
Python

import os
from datetime import datetime, timedelta, timezone
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from jose import JWTError, jwt
from pydantic import BaseModel
PASSWORD = os.environ.get("REQ_PLANNER_PASSWORD", "what_is_this_2")
SECRET_KEY = os.environ.get("REQ_PLANNER_SECRET", os.urandom(32).hex())
ALGORITHM = "HS256"
TOKEN_EXPIRE_HOURS = 24
security = HTTPBearer()
router = APIRouter(prefix="/api/auth", tags=["auth"])
class LoginRequest(BaseModel):
password: str
class TokenResponse(BaseModel):
token: str
def create_token() -> str:
expire = datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRE_HOURS)
return jwt.encode({"exp": expire}, SECRET_KEY, algorithm=ALGORITHM)
def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> bool:
try:
jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
return True
except JWTError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired token",
)
@router.post("/login", response_model=TokenResponse)
def login(data: LoginRequest):
if data.password != PASSWORD:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid password",
)
return TokenResponse(token=create_token())