From 513ff991ebae26dbca000aecfd07dba9d6c424b7 Mon Sep 17 00:00:00 2001
From: unknown <kim.kanghee>
Date: Sun, 14 Dec 2025 13:17:54 +0900
Subject: [PATCH] Update 2025-12-14 13:17:54

---
 app/utils/security.py | 24 +++++++++++++++++++-----
 requirements.txt      |  3 ++-
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/app/utils/security.py b/app/utils/security.py
index 3c76615..9ac8ab1 100644
--- a/app/utils/security.py
+++ b/app/utils/security.py
@@ -1,12 +1,26 @@
-from passlib.context import CryptContext
+import bcrypt
 
-# bcrypt 컨텍스트
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+# bcrypt 컨텍스트 제거 (직접 사용)
 
 def hash_password(password: str) -> str:
     """비밀번호 해시화"""
-    return pwd_context.hash(password)
+    # bcrypt는 bytes를 처리하므로 인코딩 필요
+    pwd_bytes = password.encode('utf-8')
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(pwd_bytes, salt)
+    return hashed.decode('utf-8')
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     """비밀번호 검증"""
-    return pwd_context.verify(plain_password, hashed_password)
+    try:
+        if not plain_password or not hashed_password:
+            return False
+            
+        pwd_bytes = plain_password.encode('utf-8')
+        # DB에 저장된 해시는 str일 수 있으므로 인코딩
+        hashed_bytes = hashed_password.encode('utf-8')
+        
+        return bcrypt.checkpw(pwd_bytes, hashed_bytes)
+    except Exception:
+        # 형식 오류 등 발생 시 인증 실패 처리
+        return False
diff --git a/requirements.txt b/requirements.txt
index f5c684a..0e95776 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,8 @@ alembic==1.13.1
 
 # Authentication & Security
 python-jose[cryptography]==3.3.0
-passlib[bcrypt]==1.7.4
+# passlib dependency removed
+bcrypt>=4.0.1
 python-dotenv==1.0.0
 pydantic-settings==2.1.0
 email-validator>=2.0.0