diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py new file mode 100644 index 0000000..9681457 --- /dev/null +++ b/backend/app/api/auth.py @@ -0,0 +1,51 @@ +from fastapi import APIRouter, Depends, HTTPException, Response, status +from sqlalchemy.orm import Session +from app import models, schemas +from app.auth import create_access_token, get_current_user, hash_password, verify_password +from app.database import get_db + +router = APIRouter() + + +@router.post("/register", response_model=schemas.UserOut, status_code=201) +def register(body: schemas.UserCreate, db: Session = Depends(get_db)) -> models.User: + if db.query(models.User).filter(models.User.username == body.username).first(): + raise HTTPException(status_code=400, detail="Username already registered") + if db.query(models.User).filter(models.User.email == body.email).first(): + raise HTTPException(status_code=400, detail="Email already registered") + user = models.User( + username=body.username, + email=body.email, + hashed_password=hash_password(body.password), + ) + db.add(user) + db.commit() + db.refresh(user) + return user + + +@router.post("/login") +def login(body: schemas.LoginRequest, response: Response, db: Session = Depends(get_db)) -> dict: + user = db.query(models.User).filter(models.User.username == body.username).first() + if not user or not verify_password(body.password, user.hashed_password): + raise HTTPException(status_code=401, detail="Invalid credentials") + token = create_access_token(user.id) + response.set_cookie( + key="access_token", + value=token, + httponly=True, + samesite="lax", + max_age=3600, + ) + return {"message": "Logged in"} + + +@router.post("/logout") +def logout(response: Response) -> dict: + response.delete_cookie("access_token") + return {"message": "Logged out"} + + +@router.get("/me", response_model=schemas.UserOut) +def me(current_user: models.User = Depends(get_current_user)) -> models.User: + return current_user