| TRM-coding | d1cbf67 | 2025-06-18 15:15:08 +0800 | [diff] [blame^] | 1 | # utils/auth.py |
| 2 | import os |
| 3 | import jwt |
| 4 | from functools import wraps |
| 5 | from flask import request, jsonify, current_app |
| 6 | from models.user import User |
| 7 | from app import db |
| 8 | |
| 9 | def generate_token(user_id): |
| 10 | payload = { |
| 11 | 'user_id': user_id, |
| 12 | # you can add exp, iat here |
| 13 | } |
| 14 | token = jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256') |
| 15 | return token |
| 16 | |
| 17 | def verify_token(token): |
| 18 | try: |
| 19 | payload = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=['HS256']) |
| 20 | user = User.query.get(payload['user_id']) |
| 21 | return user |
| 22 | except Exception: |
| 23 | return None |
| 24 | |
| 25 | def login_required(f): |
| 26 | @wraps(f) |
| 27 | def decorated(*args, **kwargs): |
| 28 | auth_header = request.headers.get('Authorization', None) |
| 29 | if not auth_header or not auth_header.startswith('Bearer '): |
| 30 | return jsonify({'error': 'Authorization header missing or invalid'}), 401 |
| 31 | token = auth_header.split()[1] |
| 32 | user = verify_token(token) |
| 33 | if not user or user.status != 'active': |
| 34 | return jsonify({'error': 'Invalid or expired token'}), 401 |
| 35 | # attach user to request context if needed |
| 36 | request.current_user = user |
| 37 | return f(*args, **kwargs) |
| 38 | return decorated |