验证JWT token :param token: JWT token :return: 解码后的数据
(token: str)
| 39 | |
| 40 | |
| 41 | def verify_token(token: str) -> dict: |
| 42 | """ |
| 43 | 验证JWT token |
| 44 | :param token: JWT token |
| 45 | :return: 解码后的数据 |
| 46 | """ |
| 47 | try: |
| 48 | header_b64, payload_b64, signature_b64 = token.split(".") |
| 49 | |
| 50 | # 验证签名 |
| 51 | expected_signature = hmac.new( |
| 52 | _get_jwt_secret(), |
| 53 | f"{header_b64}.{payload_b64}".encode(), |
| 54 | "sha256", |
| 55 | ).digest() |
| 56 | expected_signature_b64 = base64.b64encode(expected_signature).decode() |
| 57 | |
| 58 | if not hmac.compare_digest(signature_b64, expected_signature_b64): |
| 59 | raise ValueError("无效的签名") |
| 60 | |
| 61 | # 解码payload |
| 62 | payload = json.loads(base64.b64decode(payload_b64)) |
| 63 | |
| 64 | # 检查是否过期 |
| 65 | if payload.get("exp", 0) < time.time(): |
| 66 | raise ValueError("token已过期") |
| 67 | |
| 68 | return payload |
| 69 | except Exception as e: |
| 70 | raise ValueError(f"token验证失败: {str(e)}") |
| 71 | |
| 72 | |
| 73 | def _extract_bearer_token(authorization: str) -> str: |