add jwt

3 files changed, 71 insertions, 32 deletions

diff --git a/app/auth/jwt.py b/app/auth/jwt.py
index e69de29..2d2aac5 100644
--- a/app/auth/jwt.py
+++ b/app/auth/jwt.py
@@ -0,0 +1,71 @@
+import os
+from datetime import datetime, timedelta
+from typing import Dict, Optional
+
+import jwt
+from dotenv import load_dotenv
+
+from app.utils.logger_cfg import logger
+
+load_dotenv()
+JWT_SECRET = os.getenv("JWT_SECRET")
+if not JWT_SECRET:
+    logger.critical("JWT_SECRET environment variable not set! Exiting.")
+    raise RuntimeError("JWT_SECRET environment variable not set!")
+
+JWT_ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 60
+REFRESH_TOKEN_EXPIRE_DAYS = 7
+
+
+def create_access_token(data: Dict, expires_delta: Optional[timedelta] = None) -> str:
+    try:
+        to_encode = data.copy()
+        expire = datetime.utcnow() + (
+            expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+        )
+        to_encode.update({"exp": expire})
+        safe_payload = {k: v for k, v in to_encode.items() if k != "password"}
+        logger.debug(f"Creating access token with payload: {safe_payload}")
+        return jwt.encode(to_encode, JWT_SECRET, algorithm=JWT_ALGORITHM)
+    except Exception as e:
+        logger.exception(f"Failed to create access token: {e}")
+        raise RuntimeError("Failed to create access token")
+
+
+def create_refresh_token(data: Dict, expires_delta: Optional[timedelta] = None) -> str:
+    try:
+        to_encode = data.copy()
+        expire = datetime.utcnow() + (
+            expires_delta or timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS)
+        )
+        to_encode.update({"exp": expire})
+        logger.debug(f"Creating refresh token with payload: {to_encode}")
+        return jwt.encode(to_encode, JWT_SECRET, algorithm=JWT_ALGORITHM)
+    except Exception as e:
+        logger.exception(f"Failed to create refresh token: {e}")
+        raise RuntimeError("Failed to create refresh token")
+
+
+def decode_token(token: str) -> Dict:
+    try:
+        logger.debug("Decoding JWT token...")
+        payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM])
+        safe_payload = {k: v for k, v in payload.items() if k != "password"}
+        logger.info(f"JWT decoded successfully: {safe_payload}")
+        return payload
+    except jwt.ExpiredSignatureError:
+        logger.warning("JWT token has expired")
+        raise ValueError("Token has expired")
+    except jwt.InvalidSignatureError:
+        logger.warning("JWT token signature invalid")
+        raise ValueError("Invalid token signature")
+    except jwt.DecodeError:
+        logger.warning("JWT token decode failed (possibly malformed)")
+        raise ValueError("Malformed token")
+    except jwt.InvalidTokenError:
+        logger.warning("JWT token invalid for unknown reason")
+        raise ValueError("Invalid token")
+    except Exception as e:
+        logger.exception(f"Unexpected error decoding JWT: {e}")
+        raise RuntimeError("Unexpected error while decoding token")
diff --git a/app/auth/login.py b/app/auth/login.py
deleted file mode 100644
index e69de29..0000000
--- a/app/auth/login.py
+++ /dev/null
diff --git a/app/auth/register.py b/app/auth/register.py
deleted file mode 100644
index f1c3ec3..0000000
--- a/app/auth/register.py
+++ /dev/null
@@ -1,32 +0,0 @@
-from app.models.auth import User
-from argon2 import PasswordHasher
-from fastapi import APIRouter, Depends, HTTPException, status
-from sqlalchemy.ext.asyncio import AsyncSession
-from sqlalchemy.future import select
-
-from app.schemas.auth import RegisterSchema
-from app.utils.db import get_db
-
-router = APIRouter()
-ph = PasswordHasher()
-
-
-@router.post("/register")
-async def register(user: RegisterSchema, db: AsyncSession = Depends(get_db)):
-    result = await db.execute(
-        select(User).where(
-            (User.username == user.username) | (User.email == user.email)
-        )
-    )
-    existing = result.scalar_one_or_none()
-    if existing:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Username or email already exists",
-        )
-
-    hashed = ph.hash(user.password)
-    new_user = User(username=user.username, email=user.email, password_hash=hashed)
-    db.add(new_user)
-    await db.commit()
-    return {"message": "User registered successfully"}