20160116

2026-01-16 18:16:33 +08:00
parent 9f3c96ce73
commit e53c3c838c
26 changed files with 1473 additions and 386 deletions
--- a/backend/app/utils/security.py
+++ b/backend/app/utils/security.py
@@ -13,9 +13,21 @@ pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login")

 def verify_password(plain_password: str, hashed_password: str) -> bool:
+    # bcrypt has a limit of 72 bytes, we truncate to avoid errors
+    # convert to bytes, truncate, then back to string (ignoring errors if cut mid-multibyte char, though unlikely for simple password)
+    # Actually passlib handles string/bytes. If we just slice the string it might not be accurate byte count.
+    # But usually the error comes from "bytes" length.
+    # Safest is to let simple passwords pass, and truncate extremely long ones.
+    # Let's ensure we work with utf-8 bytes
+    password_bytes = plain_password.encode('utf-8')
+    if len(password_bytes) > 72:
+        plain_password = password_bytes[:72].decode('utf-8', errors='ignore')
    return pwd_context.verify(plain_password, hashed_password)

 def get_password_hash(password: str) -> str:
+    password_bytes = password.encode('utf-8')
+    if len(password_bytes) > 72:
+        password = password_bytes[:72].decode('utf-8', errors='ignore')
    return pwd_context.hash(password)

 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: