исправлено хеширование паролей

2026-05-31 16:55:48 +10:00
parent 21df98f575
commit e67a1fab5e
1 changed files with 19 additions and 23 deletions
--- a/main.py
+++ b/main.py
@@ -1,10 +1,8 @@
 from fastapi import FastAPI, HTTPException, Depends, Request
 from fastapi.responses import JSONResponse
 from fastapi.middleware.cors import CORSMiddleware
 from pydantic import BaseModel
 import sqlite3
 from passlib.context import CryptContext
 import uvicorn
 from werkzeug.security import generate_password_hash, check_password_hash
 import jwt
@@ -16,38 +14,39 @@ app = FastAPI(title="Work BD Auth API",
 app.add_middleware(
    CORSMiddleware,
-    allow_origins=["http://localhost:5173", "https://allowlgroup.ru"],  # или список конкретных доменов
+    allow_origins=[
        "http://localhost:5173",
        "https://allowlgroup.ru",
    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )
 DB_PATH = 'users.db'
 # Инициализация базы данных
 def init_db():
    conn = sqlite3.connect(DB_PATH)
    cursor = conn.cursor()
    cursor.execute('''CREATE TABLE IF NOT EXISTS users (
-                        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
-                        username TEXT UNIQUE NOT NULL,
+        username TEXT UNIQUE NOT NULL,
-                        password TEXT NOT NULL)''')
+        password TEXT NOT NULL)''')
    conn.commit()
    conn.close()
 init_db()
 # Pydantic модель для входящих данных
 class UserIn(BaseModel):
    username: str
    password: str
@app.post('/register', status_code=201, tags=["User"])
 async def register(user: UserIn):
    if not user.username or not user.password:
        raise HTTPException(status_code=400, detail="Username and password required")
    hashed_password = generate_password_hash(user.password)
    try:
        conn = sqlite3.connect(DB_PATH)
        cursor = conn.cursor()
@@ -71,7 +70,6 @@ async def login(user: UserIn):
    conn.close()
    if row and check_password_hash(row[0], user.password):
        # Генерация JWT токена
        token = jwt.encode({
            "username": user.username,
            "exp": datetime.datetime.utcnow() + datetime.timedelta(days=30)
@@ -81,8 +79,8 @@ async def login(user: UserIn):
        response.set_cookie(
            key="auth_token",
            value=token,
-            max_age=30*24*60*60,  # 30 дней
+            max_age=30*24*60*60,
-            httponly=True,  # Безопасность
+            httponly=True,
            samesite="lax",
            path="/"
        )
@@ -104,10 +102,8 @@ async def get_users():
    cursor.execute('SELECT * FROM users')
    rows = cursor.fetchall()
    conn.close()
    return rows
@app.get('/verify', tags=["User"])
 async def verify_token_endpoint(request: Request):
    token = request.cookies.get('auth_token')
@@ -126,6 +122,6 @@ async def verify_token_endpoint(request: Request):
        raise HTTPException(status_code=401, detail="Token expired")
    except jwt.InvalidTokenError:
        raise HTTPException(status_code=401, detail="Invalid token")
-# # Запуск сервера для теста
+
-# if __name__ == "__main__":
+if __name__ == "__main__":
-#     uvicorn.run("main:app", port=8004, reload=True)
+    uvicorn.run("main:app", host="0.0.0.0", port=8004, reload=True)