fix: 비밀번호 해싱 시 bcrypt 직접 사용

pyca/bcrypt#684

Author: ghwn

projects/geugeu/app/core/security.py

@@ -1,14 +1,11 @@
 from datetime import UTC, datetime, timedelta
 from typing import Any
 
+import bcrypt
 import jwt
-from passlib.context import CryptContext
 
 from app.core.config import settings
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
-
 ALGORITHM = "HS256"
 
 
@@ -20,8 +17,14 @@ def create_access_token(subject: str | Any, expires_delta: timedelta) -> str:
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    return bcrypt.checkpw(
+        password=plain_password.encode(),
+        hashed_password=hashed_password.encode(),
+    )
 
 
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    return bcrypt.hashpw(
+        password=password.encode(),
+        salt=bcrypt.gensalt(),
+    ).decode()

projects/geugeu/pyproject.toml

@@ -6,9 +6,9 @@ readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
     "alembic>=1.15.2",
+    "bcrypt>=4.3.0",
     "fastapi[standard]>=0.115.12",
     "nanoid>=2.0.0",
-    "passlib[bcrypt]>=1.7.4",
     "psycopg2-binary>=2.9.10",
     "pydantic-settings>=2.9.1",
     "pyjwt>=2.10.1",
@@ -23,5 +23,4 @@ dev = [
     "ruff>=0.11.7",
     "testcontainers>=4.10.0",
     "types-nanoid>=2.0.0.20240601",
-    "types-passlib>=1.7.7.20250408",
 ]