YunxiaoXu/ea-chatbot-lg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): Address high and medium priority security and build findings

Browse Source
This commit is contained in:
Yunxiao Xu
2026-02-18 14:50:09 -08:00
parent 6131f27142
commit f5aeb9d956
5 changed files with 32 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/src/ea_chatbot/api/utils.py
View File

@@ -1,3 +1,4 @@
import uuid
from datetime import datetime, timedelta, timezone
from typing import Optional, Any, List
from jose import JWTError, jwt
@@ -56,7 +57,9 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
to_encode.update({
"exp": expire,
"iat": now,
"iss": "ea-chatbot-api"
"iss": "ea-chatbot-api",
"type": "access",
"jti": str(uuid.uuid4())
})
encoded_jwt = jwt.encode(to_encode, settings.secret_key, algorithm=settings.algorithm)
return encoded_jwt
@@ -84,7 +87,8 @@ def create_refresh_token(data: dict, expires_delta: Optional[timedelta] = None)
"exp": expire,
"iat": now,
"iss": "ea-chatbot-api",
"type": "refresh"
"type": "refresh",
"jti": str(uuid.uuid4())
})
encoded_jwt = jwt.encode(to_encode, settings.secret_key, algorithm=settings.algorithm)
return encoded_jwt