8. JWT 인증과 보안 (로그인부터 토큰 갱신까지)

# 8 강. JWT 인증과 보안 ## 🎯 학습 목표 - JWT 토큰 구조 이해 - Access/Refresh Token 구현 - 비밀번호 해싱 --- ## 1. 비밀번호 해싱 ```python from passlib.context import CryptContext pwd_context = CryptContext(schemes=["bcrypt"]) def hash_password(password: str) -> str: return pwd_context.hash(password) def verify_password(plain: str, hashed: str) -> bool: return pwd_context.verify(plain, hashed) ``` --- ## 2. JWT 토큰 생성 ```python from jose import jwt SECRET_KEY = "your-secret-key" ALGORITHM = "HS256" def create_access_token(data: dict, expires_delta: timedelta = None) -> str: to_encode = data.copy() expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15)) to_encode.update({"exp": expire}) return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) ``` --- ## 3. 인증 의존성 ```python from fastapi.security import OAuth2PasswordBearer oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/login") async def get_current_user(token: str = Depends(oauth2_scheme)): payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) user_id = payload.get("sub") return await db.get(User, int(user_id)) ```