45 lines
1.2 KiB
Python
45 lines
1.2 KiB
Python
from datetime import datetime, timedelta, timezone
|
|
from typing import Optional
|
|
|
|
import bcrypt
|
|
import jwt
|
|
|
|
from app.core.config import settings
|
|
|
|
|
|
def hash_password(password: str) -> str:
|
|
return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
|
|
|
|
|
|
def verify_password(plain: str, hashed: str) -> bool:
|
|
return bcrypt.checkpw(plain.encode(), hashed.encode())
|
|
|
|
|
|
def create_admin_token(user_id: str, tenant_id: str, role: str) -> str:
|
|
payload = {
|
|
"sub": user_id,
|
|
"tenant_id": tenant_id,
|
|
"role": role,
|
|
"type": "admin_user",
|
|
"exp": datetime.now(timezone.utc) + timedelta(hours=settings.JWT_EXPIRE_HOURS),
|
|
}
|
|
return jwt.encode(payload, settings.SECRET_KEY, algorithm="HS256")
|
|
|
|
|
|
def create_system_token(sys_admin_id: str) -> str:
|
|
payload = {
|
|
"sub": sys_admin_id,
|
|
"tenant_id": None,
|
|
"role": "system",
|
|
"type": "system_admin",
|
|
"exp": datetime.now(timezone.utc) + timedelta(hours=settings.JWT_EXPIRE_HOURS),
|
|
}
|
|
return jwt.encode(payload, settings.SECRET_KEY, algorithm="HS256")
|
|
|
|
|
|
def decode_token(token: str) -> Optional[dict]:
|
|
try:
|
|
return jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"])
|
|
except Exception:
|
|
return None
|