This commit is contained in:
2026-04-08 00:26:12 +03:00
parent e54d845976
commit 00885d9e23

View File

@@ -1,6 +1,7 @@
from __future__ import annotations from __future__ import annotations
import os import os
import hashlib
from datetime import datetime, timedelta, timezone from datetime import datetime, timedelta, timezone
from fastapi import Depends, HTTPException from fastapi import Depends, HTTPException
@@ -26,12 +27,23 @@ JWT_ALG = _env("JWT_ALG", "HS256")
JWT_EXPIRES_MINUTES = int(_env("JWT_EXPIRES_MINUTES", "480")) # 8h JWT_EXPIRES_MINUTES = int(_env("JWT_EXPIRES_MINUTES", "480")) # 8h
def _bcrypt_safe_password(password: str) -> str:
"""
bcrypt only uses first 72 bytes of the input.
To support long passwords safely, pre-hash using SHA-256 when needed.
"""
raw = password.encode("utf-8")
if len(raw) <= 72:
return password
return hashlib.sha256(raw).hexdigest()
def hash_password(password: str) -> str: def hash_password(password: str) -> str:
return pwd_context.hash(password) return pwd_context.hash(_bcrypt_safe_password(password))
def verify_password(password: str, password_hash: str) -> bool: def verify_password(password: str, password_hash: str) -> bool:
return pwd_context.verify(password, password_hash) return pwd_context.verify(_bcrypt_safe_password(password), password_hash)
def create_access_token(*, user_id: str) -> str: def create_access_token(*, user_id: str) -> str: