src/services/auth_service.py

from passlib.context import CryptContext
from src.db.connection import get_conn

PWD_CTX = CryptContext(
    schemes=["bcrypt"],
    deprecated="auto",
)


def authenticate_user(db_path: str, username: str, password: str):
    if not username or not password:
        return None

    conn = get_conn(db_path)
    try:
        row = conn.execute(
            """
            SELECT username, role, password_hash, is_active
            FROM users
            WHERE username=?
            """,
            (username,),
        ).fetchone()

        if not row or not row["is_active"]:
            return None

        if not PWD_CTX.verify(password, row["password_hash"]):
            return None

        return {
            "username": row["username"],
            "role": row["role"],
        }
    finally:
        conn.close()


def is_admin(auth_state) -> bool:
    if not auth_state:
        return False
    return auth_state.get("role") == "admin"