wip

2025-08-05 21:14:09 -03:00
parent 5c57da7ecb
commit f96ad67eeb
27 changed files with 1960 additions and 0 deletions
--- a/id.saladeaula.digital/app/jose_.py
+++ b/id.saladeaula.digital/app/jose_.py
@@ -0,0 +1,47 @@
+from datetime import timedelta
+
+from aws_lambda_powertools.event_handler.exceptions import ForbiddenError
+from jose import ExpiredSignatureError, JWTError, jwt
+from layercake.dateutils import now
+
+from config import (
+    ISSUER,
+    JWT_ALGORITHM,
+    JWT_EXP_SECONDS,
+    JWT_SECRET,
+    REFRESH_TOKEN_EXP_SECONDS,
+)
+
+
+def generate_jwt(user_id: str, email: str) -> str:
+    now_ = now()
+    payload = {
+        'sub': user_id,
+        'email': email,
+        'iat': int(now_.timestamp()),
+        'exp': int((now_ + timedelta(seconds=JWT_EXP_SECONDS)).timestamp()),
+        'iss': ISSUER,
+    }
+    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM)
+
+
+def generate_refresh_token(user_id: str) -> str:
+    now_ = now()
+    payload = {
+        'sub': user_id,
+        'iat': int(now_.timestamp()),
+        'exp': int((now_ + timedelta(seconds=REFRESH_TOKEN_EXP_SECONDS)).timestamp()),
+        'iss': ISSUER,
+        'typ': 'refresh',
+    }
+    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM)
+
+
+def verify_jwt(token: str) -> dict:
+    try:
+        payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM])
+        return payload
+    except ExpiredSignatureError:
+        raise ForbiddenError('Token expired')
+    except JWTError:
+        raise ForbiddenError('Invalid token')