update
This commit is contained in:
@@ -1,6 +1,7 @@
|
|||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
import hashlib
|
||||||
from datetime import datetime, timedelta, timezone
|
from datetime import datetime, timedelta, timezone
|
||||||
|
|
||||||
from fastapi import Depends, HTTPException
|
from fastapi import Depends, HTTPException
|
||||||
@@ -26,12 +27,23 @@ JWT_ALG = _env("JWT_ALG", "HS256")
|
|||||||
JWT_EXPIRES_MINUTES = int(_env("JWT_EXPIRES_MINUTES", "480")) # 8h
|
JWT_EXPIRES_MINUTES = int(_env("JWT_EXPIRES_MINUTES", "480")) # 8h
|
||||||
|
|
||||||
|
|
||||||
|
def _bcrypt_safe_password(password: str) -> str:
|
||||||
|
"""
|
||||||
|
bcrypt only uses first 72 bytes of the input.
|
||||||
|
To support long passwords safely, pre-hash using SHA-256 when needed.
|
||||||
|
"""
|
||||||
|
raw = password.encode("utf-8")
|
||||||
|
if len(raw) <= 72:
|
||||||
|
return password
|
||||||
|
return hashlib.sha256(raw).hexdigest()
|
||||||
|
|
||||||
|
|
||||||
def hash_password(password: str) -> str:
|
def hash_password(password: str) -> str:
|
||||||
return pwd_context.hash(password)
|
return pwd_context.hash(_bcrypt_safe_password(password))
|
||||||
|
|
||||||
|
|
||||||
def verify_password(password: str, password_hash: str) -> bool:
|
def verify_password(password: str, password_hash: str) -> bool:
|
||||||
return pwd_context.verify(password, password_hash)
|
return pwd_context.verify(_bcrypt_safe_password(password), password_hash)
|
||||||
|
|
||||||
|
|
||||||
def create_access_token(*, user_id: str) -> str:
|
def create_access_token(*, user_id: str) -> str:
|
||||||
|
|||||||
Reference in New Issue
Block a user