Bennett/g0v0-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): add random string to avoid same token

Browse Source
This commit is contained in:
MingxuanGame
2025-08-19 13:43:54 +00:00
parent d139abb807
commit 65bd7ca7d0
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/auth.py
View File

@@ -1,6 +1,6 @@
from __future__ import annotations from __future__ import annotations
from datetime import datetime, timedelta from datetime import UTC, datetime, timedelta
import hashlib import hashlib
import re import re
import secrets import secrets
@@ -156,13 +156,13 @@ def create_access_token(data: dict, expires_delta: timedelta | None = None) -> s
"""创建访问令牌""" """创建访问令牌"""
to_encode = data.copy() to_encode = data.copy()
if expires_delta: if expires_delta:
expire = datetime.utcnow() + expires_delta expire = datetime.now(UTC) + expires_delta
else: else:
expire = datetime.utcnow() + timedelta( expire = datetime.now(UTC) + timedelta(
minutes=settings.access_token_expire_minutes minutes=settings.access_token_expire_minutes
) )
to_encode.update({"exp": expire}) to_encode.update({"exp": expire, "random": secrets.token_hex(16)})
encoded_jwt = jwt.encode( encoded_jwt = jwt.encode(
to_encode, settings.secret_key, algorithm=settings.algorithm to_encode, settings.secret_key, algorithm=settings.algorithm
) )