58 lines
1.9 KiB
Python
58 lines
1.9 KiB
Python
# app/core/security.py
|
|
from datetime import datetime, timedelta, timezone
|
|
from typing import Any, Union, Optional
|
|
|
|
from jose import JWTError, jwt
|
|
from passlib.context import CryptContext
|
|
|
|
from app.config import settings # Import settings from config
|
|
|
|
# --- Password Hashing ---
|
|
|
|
# Configure passlib context
|
|
# Using bcrypt as the default hashing scheme
|
|
# 'deprecated="auto"' will automatically upgrade hashes if needed on verification
|
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
|
|
|
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
"""
|
|
Verifies a plain text password against a hashed password.
|
|
|
|
Args:
|
|
plain_password: The password attempt.
|
|
hashed_password: The stored hash from the database.
|
|
|
|
Returns:
|
|
True if the password matches the hash, False otherwise.
|
|
"""
|
|
try:
|
|
return pwd_context.verify(plain_password, hashed_password)
|
|
except Exception:
|
|
# Handle potential errors during verification (e.g., invalid hash format)
|
|
return False
|
|
|
|
def hash_password(password: str) -> str:
|
|
"""
|
|
Hashes a plain text password using the configured context (bcrypt).
|
|
|
|
Args:
|
|
password: The plain text password to hash.
|
|
|
|
Returns:
|
|
The resulting hash string.
|
|
"""
|
|
return pwd_context.hash(password)
|
|
|
|
|
|
# --- JSON Web Tokens (JWT) ---
|
|
# FastAPI-Users now handles all tokenization.
|
|
|
|
# You might add a function here later to extract the 'sub' (subject/user id)
|
|
# specifically, often used in dependency injection for authentication.
|
|
# def get_subject_from_token(token: str) -> Optional[str]:
|
|
# # This would need to use FastAPI-Users' token verification if ever implemented
|
|
# # For example, by decoding the token using the strategy from the auth backend
|
|
# payload = {} # Placeholder for actual token decoding logic
|
|
# if payload:
|
|
# return payload.get("sub")
|
|
# return None |