from typing import Annotated from datetime import datetime, timedelta, timezone from fastapi import Depends, HTTPException from fastapi.security import OAuth2PasswordBearer from passlib.context import CryptContext from sqlalchemy.orm import Session from jose import JWTError, jwt from app.config import ALGORITHM, SECRET_KEY from app.db import get_db from app.sql import models pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") def verify_password(plain_password, hashed_password): return pwd_context.verify(plain_password, hashed_password) def get_user(db: Session, username: str): return db.query(models.User).filter(models.User.username == username).first() def authenticate_user(db: Session, username: str, password: str): user = get_user(db, username) if not user: return False if not verify_password(password, user.password): return False return user def create_access_token(data: dict, expires_delta: timedelta | None = None): to_encode = data.copy() if expires_delta: expire = datetime.now(timezone.utc) + expires_delta else: expire = datetime.now(timezone.utc) + timedelta(minutes=15) to_encode.update({"exp": expire}) encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) return encoded_jwt async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)], db: Annotated[Session, Depends(get_db)]): credentials_exception = HTTPException( status_code=401, detail="Could not validate credentials") try: payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) username: str = payload.get("sub") if username is None: raise credentials_exception except JWTError: raise credentials_exception user = get_user(db, username) if user is None: raise credentials_exception return user