"""Password hashing and JWT helpers.""" from __future__ import annotations from datetime import datetime, timedelta, timezone from jose import JWTError, jwt from passlib.context import CryptContext from app.config import settings pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") def hash_password(password: str) -> str: return pwd_context.hash(password) def verify_password(plain: str, hashed: str) -> bool: return pwd_context.verify(plain, hashed) def create_access_token(subject: str, role: str) -> str: expire = datetime.now(timezone.utc) + timedelta(minutes=settings.access_token_expire_minutes) payload = {"sub": subject, "role": role, "exp": expire} return jwt.encode(payload, settings.secret_key, algorithm=settings.algorithm) def decode_access_token(token: str) -> dict | None: try: return jwt.decode(token, settings.secret_key, algorithms=[settings.algorithm]) except JWTError: return None