From 275dd2e0247fcf279f9c54b36b4bbb5d5b17612a Mon Sep 17 00:00:00 2001
From: Artur <gabbasov5638@gmail.com>
Date: Thu, 23 Apr 2026 22:34:17 +0500
Subject: [PATCH] Key moved to .env

---
 srv/app/core/security.py | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/srv/app/core/security.py b/srv/app/core/security.py
index 5759472..b78d399 100644
--- a/srv/app/core/security.py
+++ b/srv/app/core/security.py
@@ -6,9 +6,12 @@ from passlib.context import CryptContext
 import hashlib
 from sqlalchemy.orm import Session
 from app.db import models
+from dotenv import load_dotenv
 from jose import JWTError, jwt
+import os
 
-SECRET_KEY = "18311df73df1ca85aa66d0adf68edab3c66ee8b".strip()
+load_dotenv()
+SECRET_KEY = os.getenv("JWT_KEY").strip()
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30 
 REFRESH_TOKEN_EXPIRE_MINUTES = 60 * 24 * 60
@@ -25,14 +28,10 @@ def get_db():
         db.close()
 
 def verify_password(plain_password, hashed_password):
-    pwd_bytes = plain_password.encode('utf-8')
-    sha256_pwd = hashlib.sha256(pwd_bytes).hexdigest()
-    return pwd_context.verify(sha256_pwd, hashed_password)
+    return pwd_context.verify(plain_password, hashed_password)
 
 def get_password_hash(password):
-    pwd_bytes = password.encode('utf-8')
-    sha256_pwd = hashlib.sha256(pwd_bytes).hexdigest()
-    return pwd_context.hash(sha256_pwd)
+    return pwd_context.hash(password)
 
 def create_access_token(data: dict):
     to_encode = data.copy()