from datetime import datetime, timedelta, timezone from jose import JWTError, jwt from app.config import get_settings def create_access_token(subject: str, expires_minutes: int | None = None) -> str: settings = get_settings() expire = datetime.now(timezone.utc) + timedelta(minutes=expires_minutes or settings.jwt_expire_minutes) payload = {"sub": subject, "exp": expire} return jwt.encode(payload, settings.jwt_secret_key, algorithm=settings.jwt_algorithm) def decode_access_token(token: str) -> str | None: settings = get_settings() try: payload = jwt.decode(token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm]) except JWTError: return None subject = payload.get("sub") return str(subject) if subject is not None else None