utp_service/backend/app/routers/auth.py
2026-04-07 17:14:19 +03:00

54 lines
2 KiB
Python

from fastapi import APIRouter, Depends, HTTPException, Request, status
from sqlalchemy.ext.asyncio import AsyncSession
from app.dependencies import get_db
from app.schemas.auth import LoginRequest, LogoutRequest, RefreshRequest, TokenResponse
from app.services import auth as auth_service
router = APIRouter(prefix="/api/v1/auth", tags=["auth"])
@router.post("/login", response_model=TokenResponse)
async def login(body: LoginRequest, request: Request, db: AsyncSession = Depends(get_db)):
user = await auth_service.authenticate_user(db, body.username, body.password)
if user is None:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
access_token = auth_service.create_access_token(user.id)
refresh_token = await auth_service.create_session(
db,
user.id,
ip_address=request.client.host if request.client else None,
user_agent=request.headers.get("User-Agent"),
)
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token,
username=user.username,
role=user.role,
)
@router.post("/refresh", response_model=TokenResponse)
async def refresh(body: RefreshRequest, request: Request, db: AsyncSession = Depends(get_db)):
result = await auth_service.refresh_session(
db,
body.refresh_token,
ip_address=request.client.host if request.client else None,
)
if result is None:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or expired refresh token")
user, new_refresh_token = result
access_token = auth_service.create_access_token(user.id)
return TokenResponse(
access_token=access_token,
refresh_token=new_refresh_token,
username=user.username,
role=user.role,
)
@router.post("/logout", status_code=status.HTTP_204_NO_CONTENT)
async def logout(body: LogoutRequest, db: AsyncSession = Depends(get_db)):
await auth_service.revoke_session(db, body.refresh_token)