language-learning-app/api/app/auth.py

from datetime import datetime, timedelta, timezone

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
import jwt
from passlib.context import CryptContext

from .config import settings

security = HTTPBearer()
pwd_context = CryptContext(
    schemes=["pbkdf2_sha256"],
    deprecated="auto",
)

TOKEN_EXPIRY_HOURS = 24


def hash_password(password: str) -> str:
    return pwd_context.hash(password)


def verify_password(plain: str, hashed: str) -> bool:
    return pwd_context.verify(plain, hashed)


def create_access_token(user_id: str, email: str, is_admin: bool = False) -> str:
    payload = {
        "sub": user_id,
        "email": email,
        "is_admin": is_admin,
        "exp": datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRY_HOURS),
    }
    return jwt.encode(payload, settings.jwt_secret, algorithm="HS256")


def verify_token(
    credentials: HTTPAuthorizationCredentials = Depends(security),
) -> dict:
    try:
        payload = jwt.decode(
            credentials.credentials,
            settings.jwt_secret,
            algorithms=["HS256"],
        )
        return payload
    except jwt.InvalidTokenError:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or expired token",
        )


def _admin_emails() -> frozenset[str]:
    return frozenset(
        e.strip() for e in settings.admin_user_emails.split(",") if e.strip()
    )


def require_admin(token_data: dict = Depends(verify_token)) -> dict:
    if not token_data.get("is_admin"):
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Admin access required",
        )
    return token_data
Generate the audio; move to background task 2026-03-19 10:51:10 +00:00			`from datetime import datetime, timedelta, timezone`

initial commit 2026-03-18 20:55:02 +00:00			`from fastapi import Depends, HTTPException, status`
			`from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials`
			`import jwt`
Generate the audio; move to background task 2026-03-19 10:51:10 +00:00			`from passlib.context import CryptContext`
initial commit 2026-03-18 20:55:02 +00:00
			`from .config import settings`

			`security = HTTPBearer()`
Generate the audio; move to background task 2026-03-19 10:51:10 +00:00			`pwd_context = CryptContext(`
			`schemes=["pbkdf2_sha256"],`
			`deprecated="auto",`
			`)`

			`TOKEN_EXPIRY_HOURS = 24`


			`def hash_password(password: str) -> str:`
			`return pwd_context.hash(password)`


			`def verify_password(plain: str, hashed: str) -> bool:`
			`return pwd_context.verify(plain, hashed)`


feat: [api] Add the WordPacks functionality and their endpoints 2026-04-14 09:17:33 +00:00			`def create_access_token(user_id: str, email: str, is_admin: bool = False) -> str:`
Generate the audio; move to background task 2026-03-19 10:51:10 +00:00			`payload = {`
			`"sub": user_id,`
			`"email": email,`
feat: [api] Add the WordPacks functionality and their endpoints 2026-04-14 09:17:33 +00:00			`"is_admin": is_admin,`
Generate the audio; move to background task 2026-03-19 10:51:10 +00:00			`"exp": datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRY_HOURS),`
			`}`
			`return jwt.encode(payload, settings.jwt_secret, algorithm="HS256")`
initial commit 2026-03-18 20:55:02 +00:00

			`def verify_token(`
			`credentials: HTTPAuthorizationCredentials = Depends(security),`
			`) -> dict:`
			`try:`
			`payload = jwt.decode(`
			`credentials.credentials,`
			`settings.jwt_secret,`
			`algorithms=["HS256"],`
			`)`
			`return payload`
			`except jwt.InvalidTokenError:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Invalid or expired token",`
			`)`
feat: Add admin auth 2026-03-27 10:36:43 +00:00

			`def _admin_emails() -> frozenset[str]:`
			`return frozenset(`
			`e.strip() for e in settings.admin_user_emails.split(",") if e.strip()`
			`)`


			`def require_admin(token_data: dict = Depends(verify_token)) -> dict:`
feat: [api] Add the WordPacks functionality and their endpoints 2026-04-14 09:17:33 +00:00			`if not token_data.get("is_admin"):`
feat: Add admin auth 2026-03-27 10:36:43 +00:00			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail="Admin access required",`
			`)`
			`return token_data`