decnet/web/auth.py

@@ -2,21 +2,25 @@ import os
 from datetime import datetime, timedelta, timezone
 from typing import Optional, Any
 import jwt
-from passlib.context import CryptContext
+import bcrypt
 
 SECRET_KEY: str = os.environ.get("DECNET_SECRET_KEY", "super-secret-key-change-me")
 ALGORITHM: str = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES: int = 1440
 
-pwd_context: CryptContext = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    return bcrypt.checkpw(
+        plain_password.encode("utf-8"), 
+        hashed_password.encode("utf-8")
+    )
 
 
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    # Use a cost factor of 12 (default for passlib/bcrypt)
+    salt = bcrypt.gensalt(rounds=12)
+    hashed = bcrypt.hashpw(password.encode("utf-8"), salt)
+    return hashed.decode("utf-8")
 
 
 def create_access_token(data: dict[str, Any], expires_delta: Optional[timedelta] = None) -> str:

pyproject.toml

@@ -21,7 +21,6 @@ dependencies = [
     "uvicorn>=0.29.0",
     "aiosqlite>=0.20.0",
     "PyJWT>=2.8.0",
-    "passlib[bcrypt]>=1.7.4",
 ]
 
 [project.scripts]