forked from fastapi/full-stack-fastapi-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity.py
More file actions
58 lines (43 loc) · 1.73 KB
/
security.py
File metadata and controls
58 lines (43 loc) · 1.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
from datetime import datetime, timedelta, timezone
from typing import Any
import jwt
from fastapi.responses import JSONResponse
from passlib.context import CryptContext
from app.core.config import settings
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
ALGORITHM = "HS256"
def create_access_token(subject: str | Any, expires_delta: timedelta) -> str:
expire = datetime.now(timezone.utc) + expires_delta
to_encode = {"exp": expire, "sub": str(subject)}
encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
def set_auth_cookie(subject: str | Any, expires_delta: timedelta) -> JSONResponse:
access_token = create_access_token(subject, expires_delta)
response = JSONResponse(content={"message": "Login successful"})
# Note: The secure flag on cookies ensures they're only sent over encrypted HTTPS connections. For local development (HTTP) set it to False
response.set_cookie(
key="http_only_auth_cookie",
value=access_token,
httponly=True,
max_age=3600,
expires=3600,
samesite="lax",
secure=True,
domain=None,
)
return response
def delete_auth_cookie() -> JSONResponse:
response = JSONResponse(content={"message": "Logout successful"})
response.delete_cookie(
key="http_only_auth_cookie",
path="/",
domain=None,
httponly=True,
samesite="lax",
secure=False, # Should be True in production
)
return response
def verify_password(plain_password: str, hashed_password: str) -> bool:
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password: str) -> str:
return pwd_context.hash(password)