MCPcopy Index your code
hub / github.com/vastsa/FileCodeBox / verify_token

Function verify_token

apps/admin/dependencies.py:41–70  ·  view source on GitHub ↗

验证JWT token :param token: JWT token :return: 解码后的数据

(token: str)

Source from the content-addressed store, hash-verified

39
40
41def verify_token(token: str) -> dict:
42 """
43 验证JWT token
44 :param token: JWT token
45 :return: 解码后的数据
46 """
47 try:
48 header_b64, payload_b64, signature_b64 = token.split(".")
49
50 # 验证签名
51 expected_signature = hmac.new(
52 _get_jwt_secret(),
53 f"{header_b64}.{payload_b64}".encode(),
54 "sha256",
55 ).digest()
56 expected_signature_b64 = base64.b64encode(expected_signature).decode()
57
58 if not hmac.compare_digest(signature_b64, expected_signature_b64):
59 raise ValueError("无效的签名")
60
61 # 解码payload
62 payload = json.loads(base64.b64decode(payload_b64))
63
64 # 检查是否过期
65 if payload.get("exp", 0) < time.time():
66 raise ValueError("token已过期")
67
68 return payload
69 except Exception as e:
70 raise ValueError(f"token验证失败: {str(e)}")
71
72
73def _extract_bearer_token(authorization: str) -> str:

Calls 1

_get_jwt_secretFunction · 0.85