feat: VoiceScript STT+OCR 초기 버전

app/auth.py

@@ -0,0 +1,45 @@
+import os
+from datetime import datetime, timedelta
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from jose import JWTError, jwt
+
+SECRET_KEY    = os.getenv("JWT_SECRET", "fallback-secret-change-this")
+ALGORITHM     = "HS256"
+EXPIRE_HOURS  = int(os.getenv("JWT_EXPIRE_HOURS", "12"))
+
+AUTH_USERNAME = os.getenv("AUTH_USERNAME", "admin")
+AUTH_PASSWORD = os.getenv("AUTH_PASSWORD", "changeme1234")
+
+bearer = HTTPBearer(auto_error=False)
+
+
+def authenticate(username: str, password: str) -> bool:
+    return username == AUTH_USERNAME and password == AUTH_PASSWORD
+
+
+def create_access_token(username: str) -> str:
+    expire = datetime.utcnow() + timedelta(hours=EXPIRE_HOURS)
+    return jwt.encode({"sub": username, "exp": expire}, SECRET_KEY, algorithm=ALGORITHM)
+
+
+def require_auth(credentials: HTTPAuthorizationCredentials = Depends(bearer)):
+    if credentials is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="인증이 필요합니다",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    try:
+        payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
+        username = payload.get("sub")
+        if username is None or username != AUTH_USERNAME:
+            raise JWTError()
+    except JWTError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="토큰이 유효하지 않거나 만료되었습니다",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return username