feat: implement pivot-currency model, rbac smart tokens & fix circular imports

backend/app/core/security.py

@@ -4,6 +4,20 @@ import bcrypt
 from jose import jwt, JWTError
 from app.core.config import settings
 
+# Master Book 5.0: RBAC Rank Definition Matrix
+# Ezek a szintek határozzák meg a hozzáférést a Middleware szintjén.
+RANK_MAP = {
+    "superadmin": 100,
+    "country_admin": 80,
+    "region_admin": 60,
+    "moderator": 40,
+    "sales": 20,
+    "user": 10,
+    "service": 15,
+    "fleet_manager": 25,
+    "driver": 5
+}
+
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     """Összehasonlítja a sima szöveges jelszót a hash-elt változattal."""
     if not hashed_password:
@@ -22,14 +36,23 @@ def get_password_hash(password: str) -> str:
     return bcrypt.hashpw(password.encode("utf-8"), salt).decode("utf-8")
 
 def create_access_token(data: Dict[str, Any], expires_delta: Optional[timedelta] = None) -> str:
-    """Létrehozza a JWT access tokent."""
+    """
+    Létrehozza a JWT access tokent bővített RBAC adatokkal.
+    Várt kulcsok: sub (user_id), role, rank, scope_level, scope_id
+    """
     to_encode = data.copy()
     if expires_delta:
         expire = datetime.now(timezone.utc) + expires_delta
     else:
         expire = datetime.now(timezone.utc) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
     
-    to_encode.update({"exp": expire})
+    # Rendszer szintű metaadatok hozzáadása
+    to_encode.update({
+        "exp": expire,
+        "iat": datetime.now(timezone.utc),
+        "iss": "service-finder-auth"
+    })
+    
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
     return encoded_jwt