Multimodel_Rag / app /security.py
Dhrumil Parikh
deploy GeminiRAG
cdc55f4
Raw
History Blame Contribute Delete
1.42 kB
"""
Password hashing and JWT token utilities.
hash_password β€” bcrypt hash (cost factor from bcrypt default, currently 12).
verify_password β€” constant-time bcrypt comparison.
create_access_token β€” signs an HS256 JWT containing {sub, role, exp}.
decode_token β€” verifies signature and expiry; raises HTTP 401 on any failure.
"""
from datetime import datetime, timedelta
import bcrypt
from jose import JWTError, jwt
from fastapi import HTTPException, status
def hash_password(password: str) -> str:
salt = bcrypt.gensalt()
return bcrypt.hashpw(password.encode("utf-8"), salt).decode("utf-8")
def verify_password(plain: str, hashed: str) -> bool:
return bcrypt.checkpw(plain.encode("utf-8"), hashed.encode("utf-8"))
def create_access_token(data: dict, expires_minutes: int) -> str:
from app.config import settings
to_encode = data.copy()
to_encode["exp"] = datetime.utcnow() + timedelta(minutes=expires_minutes)
return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
def decode_token(token: str) -> dict:
from app.config import settings
try:
return jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
except JWTError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired token",
headers={"WWW-Authenticate": "Bearer"},
)