исправлено хеширование паролей

2026-05-31 16:55:48 +10:00
parent 21df98f575
commit e67a1fab5e
1 changed files with 19 additions and 23 deletions
--- a/main.py
+++ b/main.py
@@ -1,10 +1,8 @@
-
 from fastapi import FastAPI, HTTPException, Depends, Request
 from fastapi.responses import JSONResponse
 from fastapi.middleware.cors import CORSMiddleware
 from pydantic import BaseModel
 import sqlite3
-from passlib.context import CryptContext
 import uvicorn
 from werkzeug.security import generate_password_hash, check_password_hash
 import jwt
@@ -16,14 +14,17 @@ app = FastAPI(title="Work BD Auth API",

 app.add_middleware(
    CORSMiddleware,
-    allow_origins=["http://localhost:5173", "https://allowlgroup.ru"],  # или список конкретных доменов
+    allow_origins=[
+        "http://localhost:5173",
+        "https://allowlgroup.ru",
+    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )
+
 DB_PATH = 'users.db'

-# Инициализация базы данных
 def init_db():
    conn = sqlite3.connect(DB_PATH)
    cursor = conn.cursor()
@@ -33,21 +34,19 @@ def init_db():
        password TEXT NOT NULL)''')
    conn.commit()
    conn.close()
+
 init_db()

-# Pydantic модель для входящих данных
 class UserIn(BaseModel):
    username: str
    password: str

-
@app.post('/register', status_code=201, tags=["User"])
 async def register(user: UserIn):
    if not user.username or not user.password:
        raise HTTPException(status_code=400, detail="Username and password required")
    
    hashed_password = generate_password_hash(user.password)
-
    try:
        conn = sqlite3.connect(DB_PATH)
        cursor = conn.cursor()
@@ -71,7 +70,6 @@ async def login(user: UserIn):
    conn.close()
    
    if row and check_password_hash(row[0], user.password):
-        # Генерация JWT токена
        token = jwt.encode({
            "username": user.username,
            "exp": datetime.datetime.utcnow() + datetime.timedelta(days=30)
@@ -81,8 +79,8 @@ async def login(user: UserIn):
        response.set_cookie(
            key="auth_token",
            value=token,
-            max_age=30*24*60*60,  # 30 дней
-            httponly=True,  # Безопасность
+            max_age=30*24*60*60,
+            httponly=True,
            samesite="lax",
            path="/"
        )
@@ -104,10 +102,8 @@ async def get_users():
    cursor.execute('SELECT * FROM users')
    rows = cursor.fetchall()
    conn.close()
-
    return rows

-
@app.get('/verify', tags=["User"])
 async def verify_token_endpoint(request: Request):
    token = request.cookies.get('auth_token')
@@ -126,6 +122,6 @@ async def verify_token_endpoint(request: Request):
        raise HTTPException(status_code=401, detail="Token expired")
    except jwt.InvalidTokenError:
        raise HTTPException(status_code=401, detail="Invalid token")
-# # Запуск сервера для теста
-# if __name__ == "__main__":
-#     uvicorn.run("main:app", port=8004, reload=True)
+
+if __name__ == "__main__":
+    uvicorn.run("main:app", host="0.0.0.0", port=8004, reload=True)