from datetime import datetime, timedelta, timezone
import jwt
from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")

def hash_password(password: str) -> str:
    return pwd_context.hash(password)

def verify_password(password: str, password_hash: str) -> bool:
    return pwd_context.verify(password, password_hash)

def create_jwt(payload: dict, secret: str, expires_delta: timedelta) -> str:
    now = datetime.now(timezone.utc)
    data = payload.copy()
    data.update({"iat": int(now.timestamp()), "exp": int((now + expires_delta).timestamp())})
    token = jwt.encode(data, secret, algorithm="HS256")
    return str(token)

def decode_jwt(token: str, secret: str) -> dict:
    return jwt.decode(token, secret, algorithms=["HS256"], options={"require": ["iat", "exp"]})