Moved JWT token to .env

2025-06-01 11:49:09 -07:00 · 2025-06-01 11:49:09 -07:00 · 360673e60d
commit 360673e60d
parent 32f81f6314
1 changed files with 8 additions and 6 deletions
--- a/src/backend/main.py
+++ b/src/backend/main.py
@ -144,7 +144,9 @@ app.add_middleware(

 # Security
 security = HTTPBearer()
-SECRET_KEY = os.getenv("SECRET_KEY", "26fc1f29bd4599f5f29200b6ca083531")
+JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY")
+if JWT_SECRET_KEY is None:
+    raise ValueError("JWT_SECRET_KEY environment variable is not set")
 ALGORITHM = "HS256"

 # ============================
@ -221,14 +223,14 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    else:
        expire = datetime.now(UTC) + timedelta(hours=24)
    to_encode.update({"exp": expire})
-    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    encoded_jwt = jwt.encode(to_encode, JWT_SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

 async def verify_token_with_blacklist(credentials: HTTPAuthorizationCredentials = Depends(security)):
    """Verify token and check if it's blacklisted"""
    try:
        # First decode the token
-        payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
+        payload = jwt.decode(credentials.credentials, JWT_SECRET_KEY, algorithms=[ALGORITHM])
        user_id: str = payload.get("sub")
        if user_id is None:
            raise HTTPException(status_code=401, detail="Invalid authentication credentials")
@ -476,7 +478,7 @@ async def logout(
    try:
        # Verify refresh token
        try:
-            refresh_payload = jwt.decode(refresh_token, SECRET_KEY, algorithms=[ALGORITHM])
+            refresh_payload = jwt.decode(refresh_token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
            user_id = refresh_payload.get("sub")
            token_type = refresh_payload.get("type")
            refresh_exp = refresh_payload.get("exp")
@ -521,7 +523,7 @@ async def logout(
        # If access token is provided, revoke it too
        if access_token:
            try:
-                access_payload = jwt.decode(access_token, SECRET_KEY, algorithms=[ALGORITHM])
+                access_payload = jwt.decode(access_token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
                access_user_id = access_payload.get("sub")
                access_exp = access_payload.get("exp")
                
@ -607,7 +609,7 @@ async def refresh_token_endpoint(
    """Refresh token endpoint"""
    try:
        # Verify refresh token
-        payload = jwt.decode(refreshToken, SECRET_KEY, algorithms=[ALGORITHM])
+        payload = jwt.decode(refreshToken, JWT_SECRET_KEY, algorithms=[ALGORITHM])
        user_id = payload.get("sub")
        token_type = payload.get("type")