Spaces:
Running
Running
| from datetime import datetime, timedelta, timezone | |
| from typing import Any, Union, Optional | |
| import jwt | |
| import bcrypt | |
| from app.core.config import settings | |
| def verify_password(plain_password: str, hashed_password: str) -> bool: | |
| try: | |
| return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8')) | |
| except Exception: | |
| return False | |
| def get_password_hash(password: str) -> str: | |
| salt = bcrypt.gensalt() | |
| return bcrypt.hashpw(password.encode('utf-8'), salt).decode('utf-8') | |
| def validate_password_strength(password: str) -> bool: | |
| # Minimum 8 characters, maximum 128 characters | |
| if len(password) < 8 or len(password) > 128: | |
| return False | |
| return True | |
| def create_access_token(subject: Union[str, Any], expires_delta: Optional[timedelta] = None) -> str: | |
| if expires_delta: | |
| expire = datetime.now(timezone.utc) + expires_delta | |
| else: | |
| expire = datetime.now(timezone.utc) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES) | |
| to_encode = {"exp": expire, "sub": str(subject)} | |
| encoded_jwt = jwt.encode(to_encode, settings.JWT_SECRET_KEY, algorithm=settings.ALGORITHM) | |
| return encoded_jwt | |
| def decode_access_token(token: str) -> Optional[str]: | |
| try: | |
| # Explicitly verify signature with the expected algorithm (rejection of 'none' algorithm is implicit by specifying algorithms parameter) | |
| payload = jwt.decode(token, settings.JWT_SECRET_KEY, algorithms=[settings.ALGORITHM]) | |
| user_id: str = payload.get("sub") | |
| if user_id is None: | |
| return None | |
| return user_id | |
| except jwt.PyJWTError: | |
| return None | |