o ȟ1i@sddlmZmZmZddlmZddlmZmZmZddl m Z ddl m Z ddl mZddlmZedgd d Ze d d Zd edefddZdededefddZdZdZdefddZd eeeeffddZdefddZdS) )datetime timedeltatimezone) Annotated)Depends HTTPExceptionstatus)OAuth2PasswordBearer)jwt)InvalidTokenError) CryptContextZbcryptauto)Zschemes deprecatedtoken)tokenUrlpasswordreturncCs t|SN) pwd_contexthash)rr$/app/core/security/authentication.py hash_passwords rplain_passwordhashed_passwordcCs t||Sr)rverify)rrrrrverify_passwords rz$f4af2e339a059-489779c74ad750604d9b2fidatacCs<|}ttjttd}|d|itj |t ddS)N)minutesexpHS256) algorithm) copyrnowrutcrACCESS_TOKEN_EXPIRE_MINUTESupdater encode SECRET_KEY)rZ to_encodeZexpirerrrcreate_access_tokensr)c shttjdddid}ztj|tdgd}|ds||WSty&|ty3}z|d}~ww)NzCould not validate credentialszWWW-AuthenticateBearer) status_codedetailheadersr )Z algorithmsid)rrHTTP_401_UNAUTHORIZEDr decoder(r Exception)rZcredentials_exceptionpayloaderrrget_user!s  r4 required_rolecsttfdtffdd }|S)N current_usercs&|dkrttjddd|S)NZ user_typezInsufficient privileges, z role required)r+r,)rrHTTP_403_FORBIDDEN)r6r5rrrole_dependency2s  z%require_role..role_dependency)rr4dict)r5r9rr8r require_role1sr;N)rrrtypingrfastapirrrZfastapi.securityr Zjoser Zjwt.exceptionsr Zpasslib.contextr rZ oauth2_schemestrrboolrr(r%r:r)r4r;rrrrs