Boilerplate FastAPI & Dockerfile + NGINX

app/core/config.py

@@ -0,0 +1,13 @@
+from pydantic_settings import BaseSettings
+
+class Settings(BaseSettings):
+    PROJECT_NAME: str = "Keywarden"
+    API_V1_STR: str = "/api/v1"
+    SECRET_KEY: str
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    POSTGRES_DSN: str  # e.g. postgresql+asyncpg://user:pass@db:5432/keywarden
+    OIDC_ISSUER: str | None = None
+    OIDC_CLIENT_ID: str | None = None
+    OIDC_CLIENT_SECRET: str | None = None
+
+settings = Settings()

app/core/security.py

@@ -0,0 +1,17 @@
+from datetime import datetime, timedelta, timezone
+from jose import jwt
+from passlib.hash import argon2
+from app.core.config import settings
+
+ALGO = "HS256"
+
+def create_access_token(sub: str, minutes: int | None = None) -> str:
+    expire = datetime.now(tz=timezone.utc) + timedelta(minutes=minutes or settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    to_encode = {"sub": sub, "exp": expire}
+    return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGO)
+
+def verify_password(password: str, hashed: str) -> bool:
+    return argon2.verify(password, hashed)
+
+def hash_password(password: str) -> str:
+    return argon2.hash(password)