From c648ad35ec2b0ef7c5f00809dabaec0df58a76e1 Mon Sep 17 00:00:00 2001
From: Yuerchu <admin@yuxiaoqiu.cn>
Date: Mon, 11 Aug 2025 14:44:33 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E7=99=BB=E5=BD=95=E7=9A=84?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 routes/session.py | 2 +-
 tool.py           | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/routes/session.py b/routes/session.py
index eb6e748..4c5c5ce 100644
--- a/routes/session.py
+++ b/routes/session.py
@@ -1,7 +1,7 @@
 # 导入库
 from typing import Annotated
 from datetime import datetime, timedelta, timezone
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException
 from fastapi.security import OAuth2PasswordRequestForm
 from fastapi import APIRouter
 import jwt, JWT
diff --git a/tool.py b/tool.py
index b7b9320..4d14d04 100644
--- a/tool.py
+++ b/tool.py
@@ -3,6 +3,7 @@ import binascii
 import logging
 from datetime import datetime, timezone
 import os
+import secrets
 
 def format_phone(
     phone: str, 
@@ -96,7 +97,7 @@ def verify_password(
     pwdhash = binascii.hexlify(pwdhash).decode('ascii')
     if debug:
         logging.info(f"原密码: {provided_password}, 哈希值: {pwdhash}, 存储哈希值: {stored_password}")
-    return pwdhash == stored_password
+    return secrets.compare_digest(pwdhash, stored_password)
 
 def format_time_diff(
     target_time: datetime | str