"""JWT token service for authentication.""" import jwt from datetime import datetime, timedelta from flask import current_app def generate_access_token(user_id, role): """ Generate JWT access token. Args: user_id: User UUID role: UserRole enum value Returns: str: Encoded JWT token """ payload = { 'user_id': str(user_id), 'role': role, 'type': 'access', 'exp': datetime.utcnow() + current_app.config['JWT_ACCESS_TOKEN_EXPIRES'], 'iat': datetime.utcnow() } token = jwt.encode( payload, current_app.config['JWT_SECRET_KEY'], algorithm=current_app.config['JWT_ALGORITHM'] ) return token def generate_refresh_token(user_id): """ Generate JWT refresh token. Args: user_id: User UUID Returns: str: Encoded JWT token """ payload = { 'user_id': str(user_id), 'type': 'refresh', 'exp': datetime.utcnow() + current_app.config['JWT_REFRESH_TOKEN_EXPIRES'], 'iat': datetime.utcnow() } token = jwt.encode( payload, current_app.config['JWT_SECRET_KEY'], algorithm=current_app.config['JWT_ALGORITHM'] ) return token def decode_token(token): """ Decode and verify JWT token. Args: token: JWT token string Returns: dict: Decoded payload or None if invalid """ try: payload = jwt.decode( token, current_app.config['JWT_SECRET_KEY'], algorithms=[current_app.config['JWT_ALGORITHM']] ) return payload except jwt.ExpiredSignatureError: return None except jwt.InvalidTokenError: return None def verify_access_token(token): """ Verify access token and return payload. Args: token: JWT token string Returns: dict: Payload if valid access token, None otherwise """ payload = decode_token(token) if payload and payload.get('type') == 'access': return payload return None def verify_refresh_token(token): """ Verify refresh token and return payload. Args: token: JWT token string Returns: dict: Payload if valid refresh token, None otherwise """ payload = decode_token(token) if payload and payload.get('type') == 'refresh': return payload return None