Tools/backend/tools/jwtdecoder.py

from flask import Blueprint, request, jsonify
import jwt
from datetime import datetime, timezone
from util.logger import logger
from auth.token import verify_token

jwt_decoder_blueprint = Blueprint('jwt_decoder_tool', __name__)


@jwt_decoder_blueprint.route('/api/jwt/decode', methods=['POST'])
def decode_jwt():
    user = verify_token()
    if not user:
        return jsonify({"message": "Nicht autorisiert"}), 401
    try:
        data = request.get_json(silent=True) or {}
        token = data.get("token", "").strip()
        header = jwt.get_unverified_header(token)
        payload = jwt.decode(token, options={"verify_signature": False}, algorithms=["HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512"])

        expired = False
        if "exp" in payload:
            expired = payload["exp"] < datetime.now(timezone.utc).timestamp()

        logger.info(f"JWT dekodiert von {user['username']}")
        return jsonify({"header": header, "payload": payload, "expired": expired})
    except Exception as e:
        logger.error(f"Fehler JWT decode: {e}")
        return jsonify({"message": "Ungültiger JWT Token"}), 400