from datetime import datetime, timedelta from jose import jwt from passlib.context import CryptContext from app.core.config import settings pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") def hash_password(password: str) -> str: return pwd_context.hash(password) def verify_password(plain_password: str, hashed_password: str) -> bool: return pwd_context.verify(plain_password, hashed_password) def create_access_token(subject: str, expires_minutes: int | None = None) -> str: expire = datetime.utcnow() + timedelta( minutes=expires_minutes or settings.access_token_expire_minutes ) to_encode = {"sub": subject, "exp": expire} return jwt.encode( to_encode, settings.jwt_secret_key, algorithm=settings.jwt_algorithm, ) def decode_token(token: str) -> dict: return jwt.decode( token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm], )