Init project structure

app/core/security.py

@@ -0,0 +1,57 @@
+"""Security helpers for hashing passwords and issuing JWT tokens."""
+from __future__ import annotations
+
+from datetime import datetime, timedelta, timezone
+from typing import Any, Mapping
+
+import jwt
+from passlib.context import CryptContext
+
+from app.core.config import settings
+
+
+class PasswordHasher:
+    """Wraps passlib context to hash and verify secrets."""
+
+    def __init__(self) -> None:
+        self._context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+    def hash(self, password: str) -> str:
+        return self._context.hash(password)
+
+    def verify(self, password: str, hashed_password: str) -> bool:
+        return self._context.verify(password, hashed_password)
+
+
+class JWTService:
+    """Handles encoding and decoding of JWT access tokens."""
+
+    def __init__(self, secret_key: str, algorithm: str) -> None:
+        self._secret_key = secret_key
+        self._algorithm = algorithm
+
+    def create_access_token(
+        self,
+        subject: str,
+        expires_delta: timedelta,
+        claims: Mapping[str, Any] | None = None,
+    ) -> str:
+        now = datetime.now(timezone.utc)
+        payload: dict[str, Any] = {
+            "sub": subject,
+            "iat": now,
+            "exp": now + expires_delta,
+        }
+        if claims:
+            payload.update(claims)
+        return jwt.encode(payload, self._secret_key, algorithm=self._algorithm)
+
+    def decode(self, token: str) -> dict[str, Any]:
+        return jwt.decode(token, self._secret_key, algorithms=[self._algorithm])
+
+
+password_hasher = PasswordHasher()
+jwt_service = JWTService(
+    secret_key=settings.jwt_secret_key.get_secret_value(),
+    algorithm=settings.jwt_algorithm,
+)