cardosofelipe/pragma-stack
Template
1
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

refactor(backend): replace python-jose and passlib with PyJWT and bcrypt for security and simplicity

Browse Source 
- Migrated JWT token handling from `python-jose` to `PyJWT`, reducing dependencies and improving error clarity.
- Replaced `passlib` bcrypt integration with direct `bcrypt` usage for password hashing.
- Updated `Makefile`, removing unused CVE ignore based on the replaced dependencies.
- Reflected changes in `ARCHITECTURE.md` and adjusted function headers in `auth.py`.
- Cleaned up `uv.lock` and `pyproject.toml` to remove unused dependencies (`ecdsa`, `rsa`, etc.) and add `PyJWT`.
- Refactored tests and services to align with the updated libraries (`PyJWT` error handling, decoding, and validation).
This commit is contained in:
Felipe Cardoso
2026-03-01 14:02:04 +01:00
parent 0553a1fc53
commit 1a36907f10
9 changed files with 84 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/docs/ARCHITECTURE.md
View File

@@ -79,12 +79,13 @@ This FastAPI backend application follows a **clean layered architecture** patter
### Authentication & Security
- **python-jose**: JWT token generation and validation
- Cryptographic signing
- **PyJWT**: JWT token generation and validation
- Cryptographic signing (HS256, RS256)
- Token expiration handling
- Claims validation
- JWK support for Google ID token verification
- **passlib + bcrypt**: Password hashing
- **bcrypt**: Password hashing
- Industry-standard bcrypt algorithm
- Configurable cost factor
- Salt generation