"""Author RAG Chatbot SaaS — Password Hashing Utilities. Uses bcrypt with 12 rounds. Never store or log plaintext passwords. """ import bcrypt def hash_password(password: str) -> str: """Hash a plaintext password using bcrypt. Args: password: Plaintext password string. Returns: Bcrypt hash string (starts with '$2b$'). """ salt = bcrypt.gensalt(rounds=12) return bcrypt.hashpw(password.encode("utf-8"), salt).decode("utf-8") def verify_password(plain: str, hashed: str) -> bool: """Verify a plaintext password against a bcrypt hash. Args: plain: Plaintext password to verify. hashed: Previously hashed bcrypt string. Returns: True if the password matches, False otherwise. """ try: return bcrypt.checkpw(plain.encode("utf-8"), hashed.encode("utf-8")) except Exception: return False