hotswap/delphi-database
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth: add proactive JWT refresh in frontend and clock-skew leeway in backend; improve 401 handling

Browse Source
This commit is contained in:
HotSwapp
2025-08-10 19:49:07 -05:00
parent 350af60db3
commit 14ee479edc
2 changed files with 120 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/auth/security.py
View File

@@ -38,7 +38,10 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
else:
expire = datetime.utcnow() + timedelta(minutes=settings.access_token_expire_minutes)
to_encode.update({"exp": expire})
to_encode.update({
"exp": expire,
"iat": datetime.utcnow(),
})
encoded_jwt = jwt.encode(to_encode, settings.secret_key, algorithm=settings.algorithm)
return encoded_jwt
@@ -46,7 +49,12 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
def verify_token(token: str) -> Optional[str]:
"""Verify JWT token and return username"""
try:
payload = jwt.decode(token, settings.secret_key, algorithms=[settings.algorithm])
payload = jwt.decode(
token,
settings.secret_key,
algorithms=[settings.algorithm],
leeway=30 # allow small clock skew
)
username: str = payload.get("sub")
if username is None:
return None