fix(agent): resolve missing imports — jose, auth config, AUTH_SECRET_KEY
- Added python-jose[cryptography] to requirements-agent.txt - Made sqlalchemy.orm.Session and TokenBlacklist imports lazy in jwt.py so decode_token works without pulling ORM models into agent image - Added src/core/auth/__init__.py, config.py, jwt.py to agent Dockerfile COPY - Added AUTH_SECRET_KEY env var to agent compose (reads from JWT_SECRET)
This commit is contained in:
@@ -16,9 +16,7 @@ import hashlib
|
||||
import uuid
|
||||
|
||||
from jose import jwt
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from ...models.auth import TokenBlacklist
|
||||
from ..logger import belief_scope
|
||||
from .config import auth_config
|
||||
|
||||
@@ -38,20 +36,18 @@ def create_access_token(data: dict, expires_delta: timedelta | None = None) -> s
|
||||
if expires_delta:
|
||||
expire = now + expires_delta
|
||||
else:
|
||||
expire = now + timedelta(
|
||||
minutes=auth_config.ACCESS_TOKEN_EXPIRE_MINUTES
|
||||
)
|
||||
expire = now + timedelta(minutes=auth_config.ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
|
||||
to_encode.update({
|
||||
"exp": expire,
|
||||
"iat": now,
|
||||
"jti": str(uuid.uuid4()),
|
||||
"aud": auth_config.JWT_AUDIENCE,
|
||||
"iss": auth_config.JWT_ISSUER,
|
||||
})
|
||||
encoded_jwt = jwt.encode(
|
||||
to_encode, auth_config.SECRET_KEY, algorithm=auth_config.ALGORITHM
|
||||
to_encode.update(
|
||||
{
|
||||
"exp": expire,
|
||||
"iat": now,
|
||||
"jti": str(uuid.uuid4()),
|
||||
"aud": auth_config.JWT_AUDIENCE,
|
||||
"iss": auth_config.JWT_ISSUER,
|
||||
}
|
||||
)
|
||||
encoded_jwt = jwt.encode(to_encode, auth_config.SECRET_KEY, algorithm=auth_config.ALGORITHM)
|
||||
return encoded_jwt
|
||||
|
||||
|
||||
@@ -100,6 +96,7 @@ def decode_token(token: str) -> dict:
|
||||
def _hash_token(token: str) -> str:
|
||||
return hashlib.sha256(token.encode()).hexdigest()
|
||||
|
||||
|
||||
# #endregion Auth.Jwt._HashToken
|
||||
|
||||
|
||||
@@ -108,11 +105,15 @@ def _hash_token(token: str) -> str:
|
||||
# @PRE db is a valid SQLAlchemy session.
|
||||
# @POST Expired blacklist rows are removed.
|
||||
# @SIDE_EFFECT Mutates token_blacklist table.
|
||||
def _prune_blacklist(db: Session) -> None:
|
||||
def _prune_blacklist(db: "Session") -> None:
|
||||
from sqlalchemy.orm import Session # noqa: F811
|
||||
from ...models.auth import TokenBlacklist
|
||||
|
||||
now = datetime.now(UTC)
|
||||
db.query(TokenBlacklist).filter(TokenBlacklist.expires_at < now).delete()
|
||||
db.commit()
|
||||
|
||||
|
||||
# #endregion Auth.Jwt._PruneBlacklist
|
||||
|
||||
|
||||
@@ -125,7 +126,10 @@ def _prune_blacklist(db: Session) -> None:
|
||||
# @RELATION DEPENDS_ON -> [TokenBlacklist]
|
||||
# @RELATION CALLS -> [Auth.Jwt._HashToken]
|
||||
# @TEST_EDGE: already_expired -> skips blacklisting
|
||||
def blacklist_token(token: str, db: Session) -> None:
|
||||
def blacklist_token(token: str, db: "Session") -> None:
|
||||
from sqlalchemy.orm import Session # noqa: F811
|
||||
from ...models.auth import TokenBlacklist
|
||||
|
||||
with belief_scope("blacklist_token"):
|
||||
_prune_blacklist(db)
|
||||
try:
|
||||
@@ -165,7 +169,10 @@ def blacklist_token(token: str, db: Session) -> None:
|
||||
# @PRE db is a valid SQLAlchemy session.
|
||||
# @POST Returns True if token is blacklisted, False otherwise.
|
||||
# @RELATION DEPENDS_ON -> [TokenBlacklist]
|
||||
def is_token_blacklisted(token: str, db: Session) -> bool:
|
||||
def is_token_blacklisted(token: str, db: "Session") -> bool:
|
||||
from sqlalchemy.orm import Session # noqa: F811
|
||||
from ...models.auth import TokenBlacklist
|
||||
|
||||
with belief_scope("is_token_blacklisted"):
|
||||
try:
|
||||
payload = decode_token(token)
|
||||
|
||||
Reference in New Issue
Block a user