Skip to content

Commit 5bdc214

Browse files
igorbenavigorbenav
authored
Merge pull request #173 from Harry-Tom/feature/secretStr
Updated the SECRET_KEY config item to use the SecretStr class
2 parents 7f7ebb9 + 0fe84f0 commit 5bdc214

File tree

2 files changed

+9
-7
lines changed

2 files changed

+9
-7
lines changed

src/app/core/config.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
from enum import Enum
33

44
from pydantic_settings import BaseSettings
5+
from pydantic import SecretStr
56
from starlette.config import Config
67

78
current_file_dir = os.path.dirname(os.path.realpath(__file__))
@@ -19,7 +20,7 @@ class AppSettings(BaseSettings):
1920

2021

2122
class CryptSettings(BaseSettings):
22-
SECRET_KEY: str = config("SECRET_KEY")
23+
SECRET_KEY: SecretStr = config("SECRET_KEY", cast=SecretStr)
2324
ALGORITHM: str = config("ALGORITHM", default="HS256")
2425
ACCESS_TOKEN_EXPIRE_MINUTES: int = config("ACCESS_TOKEN_EXPIRE_MINUTES", default=30)
2526
REFRESH_TOKEN_EXPIRE_DAYS: int = config("REFRESH_TOKEN_EXPIRE_DAYS", default=7)

src/app/core/security.py

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,15 @@
66
from fastapi.security import OAuth2PasswordBearer
77
from jose import JWTError, jwt
88
from sqlalchemy.ext.asyncio import AsyncSession
9+
from Pydantic import SecretStr
910

1011
from ..crud.crud_users import crud_users
1112
from .config import settings
1213
from .db.crud_token_blacklist import crud_token_blacklist
1314
from .schemas import TokenBlacklistCreate, TokenData
1415

1516

16-
SECRET_KEY = settings.SECRET_KEY
17+
SECRET_KEY: SecretStr = settings.SECRET_KEY
1718
ALGORITHM = settings.ALGORITHM
1819
ACCESS_TOKEN_EXPIRE_MINUTES = settings.ACCESS_TOKEN_EXPIRE_MINUTES
1920
REFRESH_TOKEN_EXPIRE_DAYS = settings.REFRESH_TOKEN_EXPIRE_DAYS
@@ -57,7 +58,7 @@ async def create_access_token(data: dict[str, Any], expires_delta: timedelta | N
5758
else:
5859
expire = datetime.now(UTC).replace(tzinfo=None) + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
5960
to_encode.update({"exp": expire, "token_type": TokenType.ACCESS})
60-
encoded_jwt: str = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
61+
encoded_jwt: str = jwt.encode(to_encode, SECRET_KEY.get_secret_value(), algorithm=ALGORITHM)
6162
return encoded_jwt
6263

6364

@@ -68,7 +69,7 @@ async def create_refresh_token(data: dict[str, Any], expires_delta: timedelta |
6869
else:
6970
expire = datetime.now(UTC).replace(tzinfo=None) + timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS)
7071
to_encode.update({"exp": expire, "token_type": TokenType.REFRESH})
71-
encoded_jwt: str = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
72+
encoded_jwt: str = jwt.encode(to_encode, SECRET_KEY.get_secret_value(), algorithm=ALGORITHM)
7273
return encoded_jwt
7374

7475

@@ -94,7 +95,7 @@ async def verify_token(token: str, expected_token_type: TokenType, db: AsyncSess
9495
return None
9596

9697
try:
97-
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
98+
payload = jwt.decode(token, SECRET_KEY.get_secret_value(), algorithms=[ALGORITHM])
9899
username_or_email: str = payload.get("sub")
99100
token_type: str = payload.get("token_type")
100101

@@ -120,7 +121,7 @@ async def blacklist_tokens(access_token: str, refresh_token: str, db: AsyncSessi
120121
Database session for performing database operations.
121122
"""
122123
for token in [access_token, refresh_token]:
123-
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
124+
payload = jwt.decode(token, SECRET_KEY.get_secret_value(), algorithms=[ALGORITHM])
124125
expires_at = datetime.fromtimestamp(payload.get("exp"))
125126
await crud_token_blacklist.create(
126127
db,
@@ -131,7 +132,7 @@ async def blacklist_tokens(access_token: str, refresh_token: str, db: AsyncSessi
131132
)
132133

133134
async def blacklist_token(token: str, db: AsyncSession) -> None:
134-
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
135+
payload = jwt.decode(token, SECRET_KEY.get_secret_value(), algorithms=[ALGORITHM])
135136
expires_at = datetime.fromtimestamp(payload.get("exp"))
136137
await crud_token_blacklist.create(
137138
db,

0 commit comments

Comments
 (0)