from datetime import datetime, timedelta, timezone from jose import JWTError, jwt from passlib.context import CryptContext from app.config import settings pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") def hash_password(password: str) -> str: return pwd_context.hash(password) def verify_password(plain_password: str, hashed_password: str) -> bool: return pwd_context.verify(plain_password, hashed_password) def create_access_token(user_id: str) -> str: expire = datetime.now(timezone.utc) + timedelta(minutes=settings.jwt_expiry_minutes) payload = {"sub": user_id, "exp": expire} return jwt.encode(payload, settings.jwt_secret, algorithm=settings.jwt_algorithm) def decode_access_token(token: str) -> str | None: try: payload = jwt.decode(token, settings.jwt_secret, algorithms=[settings.jwt_algorithm]) return payload.get("sub") except JWTError: return None