小鱼开发
66 lines
1.4 KiB
Python
66 lines
1.4 KiB
Python
"""
|
|
安全工具 - JWT Token 生成与验证
|
|
===============================
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from datetime import UTC, datetime, timedelta
|
|
from typing import Any
|
|
|
|
from jose import JWTError, jwt
|
|
|
|
from app.config import get_settings
|
|
|
|
settings = get_settings()
|
|
|
|
|
|
def create_access_token(data: dict[str, Any], expires_delta: timedelta | None = None) -> str:
|
|
"""
|
|
创建 JWT 访问令牌
|
|
|
|
Args:
|
|
data: 要编码到 Token 中的数据(通常包含 user_id)
|
|
expires_delta: 过期时间偏移量,默认使用配置中的设置
|
|
|
|
Returns:
|
|
JWT Token 字符串
|
|
"""
|
|
to_encode = data.copy()
|
|
|
|
if expires_delta:
|
|
expire = datetime.now(UTC) + expires_delta
|
|
else:
|
|
expire = datetime.now(UTC) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
|
|
to_encode.update({"exp": expire})
|
|
|
|
encoded_jwt = jwt.encode(
|
|
to_encode,
|
|
settings.SECRET_KEY,
|
|
algorithm=settings.ALGORITHM,
|
|
)
|
|
|
|
return encoded_jwt
|
|
|
|
|
|
def verify_token(token: str) -> dict[str, Any | None]:
|
|
"""
|
|
验证 JWT Token
|
|
|
|
Args:
|
|
token: JWT Token 字符串
|
|
|
|
Returns:
|
|
解码后的 payload,如果验证失败返回 None
|
|
"""
|
|
try:
|
|
payload = jwt.decode(
|
|
token,
|
|
settings.SECRET_KEY,
|
|
algorithms=[settings.ALGORITHM],
|
|
)
|
|
return payload
|
|
except JWTError:
|
|
return None
|