| """ |
| Security utilities - password hashing, JWT token handling. |
| """ |
| from passlib.context import CryptContext |
| from jose import JWTError, jwt |
| from datetime import datetime, timedelta |
| from typing import Optional |
| from ..config import settings |
|
|
| |
| pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") |
|
|
|
|
| def hash_password(password: str) -> str: |
| """Hash a plain text password.""" |
| return pwd_context.hash(password) |
|
|
|
|
| def verify_password(plain_password: str, hashed_password: str) -> bool: |
| """Verify a password against its hash.""" |
| return pwd_context.verify(plain_password, hashed_password) |
|
|
|
|
| def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: |
| """Create a JWT access token.""" |
| to_encode = data.copy() |
| if expires_delta: |
| expire = datetime.utcnow() + expires_delta |
| else: |
| expire = datetime.utcnow() + timedelta(minutes=settings.JWT_EXPIRATION_MINUTES) |
| |
| to_encode.update({"exp": expire}) |
| encoded_jwt = jwt.encode(to_encode, settings.JWT_SECRET, algorithm=settings.JWT_ALGORITHM) |
| return encoded_jwt |
|
|
|
|
| def decode_access_token(token: str) -> Optional[dict]: |
| """Decode and verify a JWT token.""" |
| try: |
| payload = jwt.decode(token, settings.JWT_SECRET, algorithms=[settings.JWT_ALGORITHM]) |
| return payload |
| except JWTError: |
| return None |
|
|
|
|
| def create_password_reset_token(email: str) -> str: |
| """Create a password reset token (time-limited).""" |
| delta = timedelta(hours=1) |
| return create_access_token({"sub": email, "type": "password_reset"}, delta) |
|
|
|
|
| def verify_password_reset_token(token: str) -> Optional[str]: |
| """Verify password reset token and return email.""" |
| payload = decode_access_token(token) |
| if payload and payload.get("type") == "password_reset": |
| return payload.get("sub") |
| return None |
