jketreno/backstory
1
0
Fork 0
Code Issues 12 Actions Releases Activity

Moved JWT token to .env

Browse Source
This commit is contained in:
James Ketr 2025-06-01 11:49:09 -07:00
parent 32f81f6314
commit 360673e60d
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/backend/main.py
View File

@ -144,7 +144,9 @@ app.add_middleware(
# Security # Security
security = HTTPBearer() security = HTTPBearer()
SECRET_KEY = os.getenv("SECRET_KEY", "26fc1f29bd4599f5f29200b6ca083531") JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY")
if JWT_SECRET_KEY is None:
raise ValueError("JWT_SECRET_KEY environment variable is not set")
ALGORITHM = "HS256" ALGORITHM = "HS256"
# ============================ # ============================
@ -221,14 +223,14 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
else: else:
expire = datetime.now(UTC) + timedelta(hours=24) expire = datetime.now(UTC) + timedelta(hours=24)
to_encode.update({"exp": expire}) to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) encoded_jwt = jwt.encode(to_encode, JWT_SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt return encoded_jwt
async def verify_token_with_blacklist(credentials: HTTPAuthorizationCredentials = Depends(security)): async def verify_token_with_blacklist(credentials: HTTPAuthorizationCredentials = Depends(security)):
"""Verify token and check if it's blacklisted""" """Verify token and check if it's blacklisted"""
try: try:
# First decode the token # First decode the token
payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM]) payload = jwt.decode(credentials.credentials, JWT_SECRET_KEY, algorithms=[ALGORITHM])
user_id: str = payload.get("sub") user_id: str = payload.get("sub")
if user_id is None: if user_id is None:
raise HTTPException(status_code=401, detail="Invalid authentication credentials") raise HTTPException(status_code=401, detail="Invalid authentication credentials")
@ -476,7 +478,7 @@ async def logout(
try: try:
# Verify refresh token # Verify refresh token
try: try:
refresh_payload = jwt.decode(refresh_token, SECRET_KEY, algorithms=[ALGORITHM]) refresh_payload = jwt.decode(refresh_token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
user_id = refresh_payload.get("sub") user_id = refresh_payload.get("sub")
token_type = refresh_payload.get("type") token_type = refresh_payload.get("type")
refresh_exp = refresh_payload.get("exp") refresh_exp = refresh_payload.get("exp")
@ -521,7 +523,7 @@ async def logout(
# If access token is provided, revoke it too # If access token is provided, revoke it too
if access_token: if access_token:
try: try:
access_payload = jwt.decode(access_token, SECRET_KEY, algorithms=[ALGORITHM]) access_payload = jwt.decode(access_token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
access_user_id = access_payload.get("sub") access_user_id = access_payload.get("sub")
access_exp = access_payload.get("exp") access_exp = access_payload.get("exp")
@ -607,7 +609,7 @@ async def refresh_token_endpoint(
"""Refresh token endpoint""" """Refresh token endpoint"""
try: try:
# Verify refresh token # Verify refresh token
payload = jwt.decode(refreshToken, SECRET_KEY, algorithms=[ALGORITHM]) payload = jwt.decode(refreshToken, JWT_SECRET_KEY, algorithms=[ALGORITHM])
user_id = payload.get("sub") user_id = payload.get("sub")
token_type = payload.get("type") token_type = payload.get("type")