Aggiunta endpoint healtcheck, modelli user,

logiche sicurezza e file config variabili

backend/app/core/config.py

@@ -0,0 +1,47 @@
+from pydantic_settings import BaseSettings, SettingsConfigDict
+from typing import Optional
+
+
+class Settings(BaseSettings):
+    model_config = SettingsConfigDict(env_file=".env", extra="ignore")
+
+    postgres_user: str = "gmg"
+    postgres_password: str = "gmgpassword"
+    postgres_db: str = "gmgdb"
+
+    database_url: str = "postgresql+asyncpg://gmg:gmgpassword@db:5432/gmgdb"
+    redis_url: str = "redis://redis:6379/0"
+
+    minio_endpoint: str = "minio:9000"
+    minio_public_url: str = "http://localhost:9000"
+    minio_access_key: str = "minioadmin"
+    minio_secret_key: str = "minioadmin123"
+    minio_bucket_photos: str = "photos"
+    minio_bucket_docs: str = "documents"
+    minio_secure: bool = False
+
+    jwt_secret_key: str = "changeme-super-secret-key"
+    jwt_algorithm: str = "HS256"
+    jwt_access_token_expire_minutes: int = 15
+    jwt_refresh_token_expire_days: int = 7
+
+    smtp_host: str = "smtp.example.com"
+    smtp_port: int = 587
+    smtp_user: str = "noreply@example.com"
+    smtp_password: str = ""
+    smtp_from: str = "GMG Smart Quote <noreply@example.com>"
+
+    motornet_user_id: str = "GmgTax77"
+    motornet_password: str = "EtaxWs77"
+    motornet_host: str = "https://webservice.motornet.it/api/v3_0/rest/public"
+    motornet_oauth_host: str = "https://webservice.motornet.it/auth/realms/webservices/protocol/openid-connect"
+
+    indicata_api_key: Optional[str] = None
+    eurotax_api_key: Optional[str] = None
+
+    vehicle_cache_ttl_days: int = 90
+    alert_days_threshold: int = 30
+    repair_alert_pct: int = 20
+
+
+settings = Settings()

backend/app/core/security.py

@@ -0,0 +1,41 @@
+from datetime import datetime, timedelta, timezone
+from typing import Optional, Any
+from jose import JWTError, jwt
+import bcrypt
+from app.core.config import settings
+
+
+def hash_password(password: str) -> str:
+    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return bcrypt.checkpw(plain_password.encode("utf-8"), hashed_password.encode("utf-8"))
+
+
+def create_access_token(subject: Any, extra_claims: Optional[dict] = None) -> str:
+    expire = datetime.now(timezone.utc) + timedelta(
+        minutes=settings.jwt_access_token_expire_minutes
+    )
+    payload = {"sub": str(subject), "exp": expire, "type": "access"}
+    if extra_claims:
+        payload.update(extra_claims)
+    return jwt.encode(payload, settings.jwt_secret_key, algorithm=settings.jwt_algorithm)
+
+
+def create_refresh_token(subject: Any) -> str:
+    expire = datetime.now(timezone.utc) + timedelta(
+        days=settings.jwt_refresh_token_expire_days
+    )
+    payload = {"sub": str(subject), "exp": expire, "type": "refresh"}
+    return jwt.encode(payload, settings.jwt_secret_key, algorithm=settings.jwt_algorithm)
+
+
+def decode_token(token: str) -> Optional[dict]:
+    try:
+        payload = jwt.decode(
+            token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm]
+        )
+        return payload
+    except JWTError:
+        return None