feat: acces token 검증 코드 추가

SPARCS-Service-Hackathon-2024 · Feb 15, 2024 · f6ff5b5 · f6ff5b5
1 parent b604ad3
commit f6ff5b5
Showing 1 changed file with 35 additions and 18 deletions.
diff --git a/src/routers/auth.py b/src/routers/auth.py
@@ -1,32 +1,48 @@
-from fastapi import APIRouter, HTTPException
-from fastapi.params import Depends
+from fastapi import Header, Depends, APIRouter, HTTPException
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from sqlalchemy.orm import Session
 from database import get_db
 import requests
 from models import LUsers
 from datetime import datetime, timedelta
 
-from jose import jwt
+
+from jose import jwt, JWTError
+
 SECRET_KEY = "secretkey"
 ALGORITHM = "HS256"
-ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
 from pydantic import BaseModel, Field
 
 router = APIRouter()
 
-def create_access_token(data: dict, expires_delta: timedelta = None):
-    to_encode = data.copy()
-    if expires_delta:
-        expire = datetime.utcnow() + expires_delta
-    else:
-        expire = datetime.utcnow() + timedelta(minutes=15)
-    to_encode.update({"exp": expire})
-    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
-    return encoded_jwt
 class TokenData(BaseModel):
     id_token: str
 
+async def get_current_user(token: str = Header(None), db: Session = Depends(get_db)):
+    if token is None:
+        raise HTTPException(status_code=401, detail="토큰이 필요합니다.")
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=ALGORITHM)
+        print(user_id)
+        print(user_id)
+        print(user_id)
+        print(user_id)
+
+        user_id: int = payload.get("sub")
+        if user_id is None:
+            raise HTTPException(status_code=401, detail="유효하지 않은 토큰입니다.1")
+        if payload.get("exp") < datetime.utcnow():
+            raise HTTPException(status_code=401, detail="만료된 토큰입니다.")
+    except JWTError:
+        raise HTTPException(status_code=401, detail="유효하지 않은 토큰입니다.2")
+
+    user = db.query(LUsers).filter(LUsers.user_id == user_id).first()
+    if user is None:
+        raise HTTPException(status_code=404, detail="사용자를 찾을 수 없습니다.")
+
+    return user
+
 @router.post("/kakao")
 async def kakao_login(token_data: TokenData, db: Session = Depends(get_db)):
     headers = {
@@ -42,10 +58,7 @@ async def kakao_login(token_data: TokenData, db: Session = Depends(get_db)):
     user = db.query(LUsers).filter(LUsers.kakao_id == user_info['id']).first()
 
     # access token 만들기
-    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
-    access_token = create_access_token(
-        data={"sub": user.kakao_id}, expires_delta=access_token_expires
-    )
+    access_token = jwt.encode({"sub": user.user_id}, SECRET_KEY, algorithm=ALGORITHM)
 
     if user is None:
         new_user = LUsers(kakao_id=user_info['id'], name=user_info['properties']['nickname'])
@@ -55,4 +68,8 @@ async def kakao_login(token_data: TokenData, db: Session = Depends(get_db)):
         return new_user
 
     user.access_token = access_token
-    return user
+    return user
+
+@router.get("/protected-route")
+async def protected_route(current_user: LUsers = Depends(get_current_user)):
+    return {"user": current_user.name, "message": "보호된 경로에 접근할 수 있습니다."}