Spaces:
Running
Running
Update utils.py
Browse files
utils.py
CHANGED
|
@@ -1,11 +1,51 @@
|
|
| 1 |
-
import
|
| 2 |
-
import sys
|
| 3 |
from datetime import datetime
|
| 4 |
|
| 5 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
|
| 7 |
-
|
| 8 |
-
|
| 9 |
-
|
| 10 |
-
|
| 11 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os
|
|
|
|
| 2 |
from datetime import datetime
|
| 3 |
|
| 4 |
+
# ===================== JWT Config =====================
|
| 5 |
+
def get_jwt_config():
|
| 6 |
+
"""Get JWT configuration based on environment"""
|
| 7 |
+
# Check if we're in HuggingFace Space
|
| 8 |
+
if os.getenv("SPACE_ID"):
|
| 9 |
+
# Cloud mode - use secrets from environment
|
| 10 |
+
jwt_secret = os.getenv("JWT_SECRET")
|
| 11 |
+
if not jwt_secret:
|
| 12 |
+
log("⚠️ WARNING: JWT_SECRET not found in environment, using fallback")
|
| 13 |
+
jwt_secret = "flare-admin-secret-key-change-in-production" # Fallback
|
| 14 |
+
else:
|
| 15 |
+
# On-premise mode - use .env file
|
| 16 |
+
from dotenv import load_dotenv
|
| 17 |
+
load_dotenv()
|
| 18 |
+
jwt_secret = os.getenv("JWT_SECRET", "flare-admin-secret-key-change-in-production")
|
| 19 |
+
|
| 20 |
+
return {
|
| 21 |
+
"secret": jwt_secret,
|
| 22 |
+
"algorithm": os.getenv("JWT_ALGORITHM", "HS256"),
|
| 23 |
+
"expiration_hours": int(os.getenv("JWT_EXPIRATION_HOURS", "24"))
|
| 24 |
+
}
|
| 25 |
|
| 26 |
+
# ===================== Auth Helpers =====================
|
| 27 |
+
def create_token(username: str) -> str:
|
| 28 |
+
"""Create JWT token for user"""
|
| 29 |
+
config = get_jwt_config()
|
| 30 |
+
expiry = datetime.now(timezone.utc) + timedelta(hours=config["expiration_hours"])
|
| 31 |
+
|
| 32 |
+
payload = {
|
| 33 |
+
"sub": username,
|
| 34 |
+
"exp": expiry,
|
| 35 |
+
"iat": datetime.now(timezone.utc)
|
| 36 |
+
}
|
| 37 |
+
|
| 38 |
+
return jwt.encode(payload, config["secret"], algorithm=config["algorithm"])
|
| 39 |
+
|
| 40 |
+
def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> str:
|
| 41 |
+
"""Verify JWT token and return username"""
|
| 42 |
+
token = credentials.credentials
|
| 43 |
+
config = get_jwt_config()
|
| 44 |
+
|
| 45 |
+
try:
|
| 46 |
+
payload = jwt.decode(token, config["secret"], algorithms=[config["algorithm"]])
|
| 47 |
+
return payload["sub"]
|
| 48 |
+
except jwt.ExpiredSignatureError:
|
| 49 |
+
raise HTTPException(status_code=401, detail="Token expired")
|
| 50 |
+
except jwt.InvalidTokenError:
|
| 51 |
+
raise HTTPException(status_code=401, detail="Invalid token")
|