HermesMessages/backend/app/core/security.py

from datetime import datetime, timedelta, timezone

import bcrypt
from jose import jwt

from app.core.config import settings


def hash_password(password: str) -> str:
    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()


def verify_password(plain: str, hashed: str) -> bool:
    return bcrypt.checkpw(plain.encode(), hashed.encode())


def create_access_token(data: dict, expires_delta: timedelta | None = None) -> str:
    to_encode = data.copy()
    expire = datetime.now(timezone.utc) + (
        expires_delta or timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
    )
    to_encode["exp"] = expire
    return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)


def decode_token(token: str) -> dict:
    return jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
feat: initial commit — HermesMessages SaaS platform Backend (FastAPI + Python 3.12): - Multi-tenant auth with JWT: login, register, refresh, Meta OAuth - Business & BusinessConfig management - WhatsApp webhook with HMAC signature verification - Bot engine powered by Claude AI - Calendar availability with Redis caching - Reservations CRUD with status management - Dashboard analytics (stats, agenda, peak hours) - Billing & plan management - Admin panel with platform-wide stats - Async bcrypt via asyncio.to_thread - IntegrityError handling for concurrent registration race conditions Frontend (React 18 + Vite + Tailwind CSS): - Multi-step guided registration form with helper text on every field - Login page with show/hide password toggle - Protected routes with AuthContext - Dashboard with stats cards, bar chart, and daily agenda - Reservations list with search, filters, and inline status actions - Calendar with weekly view, slot availability, and date blocking - Config page: business info, schedules, bot personality - Billing page with plan comparison and usage bar Design system: - Bricolage Grotesque + DM Sans typography - Emerald primary palette with semantic color tokens - scale(0.97) button press feedback, ease-out animations - Skeleton loaders, stagger animations, prefers-reduced-motion support - Accessible: aria-labels, visible focus rings, 4.5:1 contrast Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-28 09:49:41 -05:00			`from datetime import datetime, timedelta, timezone`

			`import bcrypt`
			`from jose import jwt`

			`from app.core.config import settings`


			`def hash_password(password: str) -> str:`
			`return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()`


			`def verify_password(plain: str, hashed: str) -> bool:`
			`return bcrypt.checkpw(plain.encode(), hashed.encode())`


			`def create_access_token(data: dict, expires_delta: timedelta \| None = None) -> str:`
			`to_encode = data.copy()`
			`expire = datetime.now(timezone.utc) + (`
			`expires_delta or timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)`
			`)`
			`to_encode["exp"] = expire`
			`return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)`


			`def decode_token(token: str) -> dict:`
			`return jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])`