Add foundational user authentication and registration system

Introduces schemas for user management, token handling, and password hashing. Implements routes for user registration, login, token refresh, and user info retrieval. Sets up authentication dependencies and integrates the API router with the application.

backend/app/auth/security.py

@@ -0,0 +1,111 @@
+from datetime import datetime, timedelta
+from typing import Optional, Tuple
+from uuid import uuid4
+
+from jose import jwt, JWTError
+from passlib.context import CryptContext
+from app.core.config import settings
+from .token import TokenPayload, TokenResponse
+
+# Configuration
+SECRET_KEY = settings.SECRET_KEY
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 30
+REFRESH_TOKEN_EXPIRE_DAYS = 7
+
+# Password hashing context
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """Verify a plain password against its hash."""
+    return pwd_context.verify(plain_password, hashed_password)
+
+
+def get_password_hash(password: str) -> str:
+    """Generate password hash."""
+    return pwd_context.hash(password)
+
+
+def create_tokens(user_id: str) -> TokenResponse:
+    """
+    Create both access and refresh tokens for a user.
+
+    Args:
+        user_id: The user's ID
+
+    Returns:
+        TokenResponse containing both tokens and metadata
+    """
+    access_token = create_access_token({"sub": user_id})
+    refresh_token = create_refresh_token({"sub": user_id})
+
+    return TokenResponse(
+        access_token=access_token,
+        refresh_token=refresh_token,
+        token_type="bearer",
+        expires_in=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
+        user_id=user_id
+    )
+
+
+def create_token(
+        data: dict,
+        expires_delta: Optional[timedelta] = None,
+        token_type: str = "access"
+) -> str:
+    """Create a JWT token with the specified type and expiration."""
+    to_encode = data.copy()
+
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + (
+            timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) if token_type == "access"
+            else timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS)
+        )
+
+    to_encode.update({
+        "exp": expire,
+        "type": token_type,
+        "iat": datetime.utcnow(),
+        "jti": str(uuid4())
+    })
+
+    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+
+
+def decode_token(token: str) -> TokenPayload:
+    """
+    Decode and validate a JWT token.
+
+    Args:
+        token: The JWT token to decode
+
+    Returns:
+        TokenPayload containing the decoded data
+
+    Raises:
+        JWTError: If token is invalid or expired
+    """
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return TokenPayload(
+            sub=payload["sub"],
+            type=payload["type"],
+            exp=datetime.fromtimestamp(payload["exp"]),
+            iat=datetime.fromtimestamp(payload["iat"]),
+            jti=payload.get("jti")
+        )
+    except JWTError as e:
+        raise JWTError(f"Invalid token: {str(e)}")
+
+
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str:
+    """Create a new access token."""
+    return create_token(data, expires_delta, "access")
+
+
+def create_refresh_token(data: dict, expires_delta: Optional[timedelta] = None) -> str:
+    """Create a new refresh token."""
+    return create_token(data, expires_delta, "refresh")