fastapi-users/fastapi_users/authentication/jwt.py

from datetime import datetime, timedelta

import jwt
from fastapi import Depends, HTTPException
from fastapi.security import OAuth2PasswordBearer
from starlette import status
from starlette.responses import Response

from fastapi_users.authentication import BaseAuthentication
from fastapi_users.models import UserDB

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/login")


def generate_jwt(data: dict, lifetime_seconds: int, secret: str, algorithm: str) -> str:
    payload = data.copy()
    expire = datetime.utcnow() + timedelta(seconds=lifetime_seconds)
    payload["exp"] = expire
    return jwt.encode(payload, secret, algorithm=algorithm).decode("utf-8")


class JWTAuthentication(BaseAuthentication):

    algorithm: str = "HS256"
    secret: str
    lifetime_seconds: int

    def __init__(self, secret: str, lifetime_seconds: int, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.secret = secret
        self.lifetime_seconds = lifetime_seconds

    async def get_login_response(self, user: UserDB, response: Response):
        data = {"user_id": user.id}
        token = generate_jwt(data, self.lifetime_seconds, self.secret, self.algorithm)

        return {"token": token}

    def get_authentication_method(self):
        async def authentication_method(token: str = Depends(oauth2_scheme)):
            credentials_exception = HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED
            )

            try:
                data = jwt.decode(token, self.secret, algorithms=[self.algorithm])
                user_id: str = data.get("user_id")
                if user_id is None:
                    raise credentials_exception
            except jwt.PyJWTError:
                raise credentials_exception

            user = await self.userDB.get(user_id)
            if user is None or not user.is_active:
                raise credentials_exception

            return user

        return authentication_method