"""Security utilities for authentication and authorization.""" from datetime import datetime, timedelta from typing import Optional, Dict, Any from jose import JWTError, jwt from passlib.context import CryptContext from app.config import settings # Password hashing context pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") def verify_password(plain_password: str, hashed_password: str) -> bool: """ Verify a plain password against a hashed password. Args: plain_password: The plain text password hashed_password: The hashed password to compare against Returns: True if password matches, False otherwise """ return pwd_context.verify(plain_password, hashed_password) def get_password_hash(password: str) -> str: """ Hash a password using bcrypt. Args: password: The plain text password to hash Returns: The hashed password """ return pwd_context.hash(password) def create_access_token( data: Dict[str, Any], expires_delta: Optional[timedelta] = None ) -> str: """ Create a JWT access token. Args: data: Dictionary containing claims to encode in the token expires_delta: Optional expiration time delta Returns: Encoded JWT token string """ to_encode = data.copy() if expires_delta: expire = datetime.utcnow() + expires_delta else: expire = datetime.utcnow() + timedelta( minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES ) to_encode.update({"exp": expire}) encoded_jwt = jwt.encode( to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM ) return encoded_jwt def decode_access_token(token: str) -> Dict[str, Any]: """ Decode and validate a JWT access token. Args: token: The JWT token string to decode Returns: Dictionary containing the decoded token payload Raises: JWTError: If token is invalid or expired """ payload = jwt.decode( token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM] ) return payload