def login(): body = request.get_json() if "x-access-tokens" not in request.headers: if not body or not body["email"] or not body["password"]: return make_response( "El email o la contraseña no son correctas"), 401 reader = Reader.read_by_email(body["email"]) if check_password_hash(reader.password, body["password"]): token = jwt.encode( { 'id': reader.id, 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=30) }, app.config['SECRET_KEY']) return jsonify({'token': token.decode('UTF-8')}), 200 return make_response("Error de login", 401) else: return make_response("Token válido", 200)