50 lines
1.4 KiB
Python
50 lines
1.4 KiB
Python
import os
|
|
from datetime import datetime, timedelta, timezone
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
|
|
from jose import JWTError, jwt
|
|
from pydantic import BaseModel
|
|
|
|
PASSWORD = os.environ.get("REQ_PLANNER_PASSWORD", "what_is_this_2")
|
|
SECRET_KEY = os.environ.get("REQ_PLANNER_SECRET", os.urandom(32).hex())
|
|
ALGORITHM = "HS256"
|
|
TOKEN_EXPIRE_HOURS = 24
|
|
|
|
security = HTTPBearer()
|
|
router = APIRouter(prefix="/api/auth", tags=["auth"])
|
|
|
|
|
|
class LoginRequest(BaseModel):
|
|
password: str
|
|
|
|
|
|
class TokenResponse(BaseModel):
|
|
token: str
|
|
|
|
|
|
def create_token() -> str:
|
|
expire = datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRE_HOURS)
|
|
return jwt.encode({"exp": expire}, SECRET_KEY, algorithm=ALGORITHM)
|
|
|
|
|
|
def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> bool:
|
|
try:
|
|
jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
|
|
return True
|
|
except JWTError:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid or expired token",
|
|
)
|
|
|
|
|
|
@router.post("/login", response_model=TokenResponse)
|
|
def login(data: LoginRequest):
|
|
if data.password != PASSWORD:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid password",
|
|
)
|
|
return TokenResponse(token=create_token())
|