Key moved to .env

srv/app/core/security.py

@@ -6,9 +6,12 @@ from passlib.context import CryptContext
 import hashlib
 from sqlalchemy.orm import Session
 from app.db import models
+from dotenv import load_dotenv
 from jose import JWTError, jwt
+import os
 
-SECRET_KEY = "18311df73df1ca85aa66d0adf68edab3c66ee8b".strip()
+load_dotenv()
+SECRET_KEY = os.getenv("JWT_KEY").strip()
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30 
 REFRESH_TOKEN_EXPIRE_MINUTES = 60 * 24 * 60
@@ -25,14 +28,10 @@ def get_db():
         db.close()
 
 def verify_password(plain_password, hashed_password):
-    pwd_bytes = plain_password.encode('utf-8')
-    sha256_pwd = hashlib.sha256(pwd_bytes).hexdigest()
-    return pwd_context.verify(sha256_pwd, hashed_password)
+    return pwd_context.verify(plain_password, hashed_password)
 
 def get_password_hash(password):
-    pwd_bytes = password.encode('utf-8')
-    sha256_pwd = hashlib.sha256(pwd_bytes).hexdigest()
-    return pwd_context.hash(sha256_pwd)
+    return pwd_context.hash(password)
 
 def create_access_token(data: dict):
     to_encode = data.copy()