| import os | |
| import jwt | |
| from datetime import datetime, timedelta, timezone | |
| # In production, set JWT_SECRET in your Hugging Face Space secrets | |
| SECRET_KEY = os.environ.get("JWT_SECRET", "your-fallback-development-secret-key") | |
| ALGORITHM = "HS256" | |
| ACCESS_TOKEN_EXPIRE_MINUTES = 1440 # 24 hour session | |
| def create_access_token(user_id: int, role: str) -> str: | |
| """Generates a JWT with the exact payload structure required by the architecture.""" | |
| expire = datetime.now(timezone.utc) + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) | |
| # Payload structure defined in the architectural document | |
| payload = { | |
| "user_id": user_id, | |
| "role": role, | |
| "exp": expire | |
| } | |
| encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM) | |
| return encoded_jwt |