From 00885d9e23995ab9a815535b06cf82d8eebade1c Mon Sep 17 00:00:00 2001 From: Damir Date: Wed, 8 Apr 2026 00:26:12 +0300 Subject: [PATCH] update --- backend/auth.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/backend/auth.py b/backend/auth.py index 825e67c..49de82a 100644 --- a/backend/auth.py +++ b/backend/auth.py @@ -1,6 +1,7 @@ from __future__ import annotations import os +import hashlib from datetime import datetime, timedelta, timezone from fastapi import Depends, HTTPException @@ -26,12 +27,23 @@ JWT_ALG = _env("JWT_ALG", "HS256") JWT_EXPIRES_MINUTES = int(_env("JWT_EXPIRES_MINUTES", "480")) # 8h +def _bcrypt_safe_password(password: str) -> str: + """ + bcrypt only uses first 72 bytes of the input. + To support long passwords safely, pre-hash using SHA-256 when needed. + """ + raw = password.encode("utf-8") + if len(raw) <= 72: + return password + return hashlib.sha256(raw).hexdigest() + + def hash_password(password: str) -> str: - return pwd_context.hash(password) + return pwd_context.hash(_bcrypt_safe_password(password)) def verify_password(password: str, password_hash: str) -> bool: - return pwd_context.verify(password, password_hash) + return pwd_context.verify(_bcrypt_safe_password(password), password_hash) def create_access_token(*, user_id: str) -> str: