"""Shared JWT bearer header for route security tests (uses auth_jwt.jwt_secret()).""" from __future__ import annotations import uuid from datetime import datetime, timedelta, timezone from typing import Sequence import jwt from src.auth_jwt import jwt_secret def mint_bearer_token( *, roles: Sequence[str] = ("viewer",), sub: uuid.UUID | None = None, email: str = "security-test@ump.edu.vn", credential_version: int = 0, ) -> str: user_id = sub or uuid.uuid4() now = datetime.now(timezone.utc) payload = { "sub": str(user_id), "email": email, "roles": list(roles), "cv": credential_version, "iat": int(now.timestamp()), "exp": int((now + timedelta(hours=1)).timestamp()), } token = jwt.encode(payload, jwt_secret(), algorithm="HS256") return f"Bearer {token}"