2026-03-19 10:51:10 +00:00
|
|
|
from datetime import datetime, timedelta, timezone
|
|
|
|
|
|
2026-03-18 20:55:02 +00:00
|
|
|
from fastapi import Depends, HTTPException, status
|
|
|
|
|
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
|
|
|
|
import jwt
|
2026-03-19 10:51:10 +00:00
|
|
|
from passlib.context import CryptContext
|
2026-03-18 20:55:02 +00:00
|
|
|
|
|
|
|
|
from .config import settings
|
|
|
|
|
|
|
|
|
|
security = HTTPBearer()
|
2026-03-19 10:51:10 +00:00
|
|
|
pwd_context = CryptContext(
|
|
|
|
|
schemes=["pbkdf2_sha256"],
|
|
|
|
|
deprecated="auto",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
TOKEN_EXPIRY_HOURS = 24
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def hash_password(password: str) -> str:
|
|
|
|
|
return pwd_context.hash(password)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_password(plain: str, hashed: str) -> bool:
|
|
|
|
|
return pwd_context.verify(plain, hashed)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_access_token(user_id: str, email: str) -> str:
|
|
|
|
|
payload = {
|
|
|
|
|
"sub": user_id,
|
|
|
|
|
"email": email,
|
|
|
|
|
"exp": datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRY_HOURS),
|
|
|
|
|
}
|
|
|
|
|
return jwt.encode(payload, settings.jwt_secret, algorithm="HS256")
|
2026-03-18 20:55:02 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_token(
|
|
|
|
|
credentials: HTTPAuthorizationCredentials = Depends(security),
|
|
|
|
|
) -> dict:
|
|
|
|
|
try:
|
|
|
|
|
payload = jwt.decode(
|
|
|
|
|
credentials.credentials,
|
|
|
|
|
settings.jwt_secret,
|
|
|
|
|
algorithms=["HS256"],
|
|
|
|
|
)
|
|
|
|
|
return payload
|
|
|
|
|
except jwt.InvalidTokenError:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
|
detail="Invalid or expired token",
|
|
|
|
|
)
|
