import os from datetime import datetime, timedelta, timezone from fastapi import APIRouter, Depends, HTTPException, status from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from jose import JWTError, jwt from pydantic import BaseModel PASSWORD = os.environ.get("REQ_PLANNER_PASSWORD", "what_is_this_2") SECRET_KEY = os.environ.get("REQ_PLANNER_SECRET", os.urandom(32).hex()) ALGORITHM = "HS256" TOKEN_EXPIRE_HOURS = 24 security = HTTPBearer() router = APIRouter(prefix="/api/auth", tags=["auth"]) class LoginRequest(BaseModel): password: str class TokenResponse(BaseModel): token: str def create_token() -> str: expire = datetime.now(timezone.utc) + timedelta(hours=TOKEN_EXPIRE_HOURS) return jwt.encode({"exp": expire}, SECRET_KEY, algorithm=ALGORITHM) def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> bool: try: jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM]) return True except JWTError: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or expired token", ) @router.post("/login", response_model=TokenResponse) def login(data: LoginRequest): if data.password != PASSWORD: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid password", ) return TokenResponse(token=create_token())