Initial import

backend/core/security.py

@@ -0,0 +1,34 @@
+import os
+from datetime import datetime, timedelta, timezone
+
+import jwt
+from passlib.context import CryptContext
+
+SECRET_KEY: str = os.environ["JWT_SECRET_KEY"]
+ALGORITHM: str = os.getenv("JWT_ALGORITHM", "HS256")
+ACCESS_TOKEN_EXPIRE_MINUTES: int = int(os.getenv("JWT_ACCESS_TOKEN_EXPIRE_MINUTES", "60"))
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+
+def hash_password(plain: str) -> str:
+    return pwd_context.hash(plain)
+
+
+def verify_password(plain: str, hashed: str) -> bool:
+    return pwd_context.verify(plain, hashed)
+
+
+def create_access_token(subject: int | str) -> str:
+    expire = datetime.now(timezone.utc) + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    payload = {"sub": str(subject), "exp": expire}
+    return jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
+
+
+def decode_access_token(token: str) -> str:
+    """Декодирует токен и возвращает sub (user_id). Бросает jwt.PyJWTError при невалидном токене."""
+    payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+    sub: str | None = payload.get("sub")
+    if sub is None:
+        raise jwt.InvalidTokenError("Token payload missing 'sub'")
+    return sub