from datetime import datetime, timedelta, timezone from fastapi import Depends, HTTPException, status from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from jose import JWTError, jwt from app.config import settings security = HTTPBearer() def create_access_token(subject: str) -> str: expire = datetime.now(timezone.utc) + timedelta(hours=settings.JWT_EXPIRE_HOURS) payload = {"sub": subject, "exp": expire} return jwt.encode(payload, settings.JWT_SECRET, algorithm=settings.JWT_ALGORITHM) def get_current_user( credentials: HTTPAuthorizationCredentials = Depends(security), ) -> str: try: payload = jwt.decode( credentials.credentials, settings.JWT_SECRET, algorithms=[settings.JWT_ALGORITHM], ) username: str | None = payload.get("sub") if username is None: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) return username except JWTError: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)