Nirodan
31 lines
955 B
Python
31 lines
955 B
Python
import os
|
||
from flask import request
|
||
from jwt import decode, ExpiredSignatureError, InvalidTokenError
|
||
from util.logger import logger
|
||
|
||
# SECRET_KEY must be provided via environment for production safety
|
||
SECRET_KEY = os.environ.get("SECRET_KEY")
|
||
if not SECRET_KEY:
|
||
logger.error("SECRET_KEY environment variable is not set – authentication disabled until configured.")
|
||
|
||
|
||
def verify_token():
|
||
if not SECRET_KEY:
|
||
return None
|
||
|
||
auth_header = request.headers.get("Authorization", "")
|
||
if not auth_header.startswith("Bearer "):
|
||
logger.warning("🔐 Invalid Bearer header")
|
||
return None
|
||
|
||
token = auth_header.replace("Bearer ", "")
|
||
try:
|
||
decoded = decode(token, SECRET_KEY, algorithms=["HS256"])
|
||
return decoded
|
||
except ExpiredSignatureError:
|
||
logger.warning("🔐 Token expired")
|
||
return None
|
||
except InvalidTokenError:
|
||
logger.warning("🔐 Invalid token")
|
||
return None
|