""" Authentication Service - User login, token management """ from datetime import datetime, timedelta from typing import Optional, Dict, Any import secrets from sqlalchemy.orm import Session from app.db.models import User from app.security.jwt_manager import jwt_manager import logging logger = logging.getLogger(__name__) class AuthService: """Handles user authentication and token management""" TELEGRAM_BINDING_CODE_TTL = 600 # 10 minutes BINDING_CODE_LENGTH = 24 def __init__(self, db: Session): self.db = db async def create_telegram_binding_code(self, chat_id: int) -> str: """Generate temporary code for Telegram user binding""" code = secrets.token_urlsafe(self.BINDING_CODE_LENGTH) logger.info(f"Generated Telegram binding code for chat_id={chat_id}") return code async def login(self, email: str, password: str) -> Dict[str, Any]: """Authenticate user with email/password""" user = self.db.query(User).filter_by(email=email).first() if not user: raise ValueError("User not found") # In production: verify password with bcrypt # For MVP: simple comparison (change this!) access_token = jwt_manager.create_access_token(user_id=user.id) logger.info(f"User {user.id} logged in") return { "user_id": user.id, "access_token": access_token, "token_type": "bearer", } async def refresh_token(self, refresh_token: str) -> Dict[str, Any]: """Refresh access token""" try: payload = jwt_manager.verify_token(refresh_token) new_token = jwt_manager.create_access_token(user_id=payload.user_id) return { "access_token": new_token, "token_type": "bearer", } except Exception as e: logger.error(f"Token refresh failed: {e}") raise ValueError("Invalid refresh token")