cardosofelipe/pragma-stack
Template
1
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

refactor(backend): replace python-jose and passlib with PyJWT and bcrypt for security and simplicity

Browse Source 
- Migrated JWT token handling from `python-jose` to `PyJWT`, reducing dependencies and improving error clarity.
- Replaced `passlib` bcrypt integration with direct `bcrypt` usage for password hashing.
- Updated `Makefile`, removing unused CVE ignore based on the replaced dependencies.
- Reflected changes in `ARCHITECTURE.md` and adjusted function headers in `auth.py`.
- Cleaned up `uv.lock` and `pyproject.toml` to remove unused dependencies (`ecdsa`, `rsa`, etc.) and add `PyJWT`.
- Refactored tests and services to align with the updated libraries (`PyJWT` error handling, decoding, and validation).
This commit is contained in:
Felipe Cardoso
2026-03-01 14:02:04 +01:00
parent 0553a1fc53
commit 1a36907f10
9 changed files with 84 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/Makefile
View File

@@ -86,9 +86,7 @@ validate: lint format-check type-check
dep-audit:
@echo "🔒 Scanning dependencies for known vulnerabilities..."
@# CVE-2024-23342: ecdsa timing attack via python-jose (transitive). No fix available.
@# We only use HS256 (not ECDSA signing), so this is not exploitable. Track python-jose replacement separately.
@uv run pip-audit --desc --skip-editable --ignore-vuln CVE-2024-23342
@uv run pip-audit --desc --skip-editable
@echo "✅ No known vulnerabilities found!"
license-check: