from fastapi import APIRouter, Depends, HTTPException, status from pydantic import BaseModel, EmailStr from sqlalchemy.ext.asyncio import AsyncSession from ..auth import create_access_token, verify_password from ..domain.services.account_service import AccountService from ..outbound.postgres.database import get_db from ..outbound.postgres.repositories import user_repository router = APIRouter(prefix="/auth", tags=["auth"]) class RegisterRequest(BaseModel): email: EmailStr password: str class LoginRequest(BaseModel): email: EmailStr password: str class TokenResponse(BaseModel): access_token: str token_type: str = "bearer" @router.post("/register", status_code=status.HTTP_201_CREATED) async def register(body: RegisterRequest, db: AsyncSession = Depends(get_db)): # TODO(email-verification): send verification email here once transactional # email is implemented. Set is_email_verified=False on the User model and # require verification before allowing login. try: account = await AccountService(db).create_account(body.email, body.password) except ValueError as exc: raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail=str(exc)) return {"id": account.id, "email": account.email} @router.post("/login", response_model=TokenResponse) async def login(body: LoginRequest, db: AsyncSession = Depends(get_db)): user = await user_repository.get_by_email(db, body.email) if user is None or not verify_password(body.password, user.hashed_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid email or password", ) if not user.is_active: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Account disabled", ) # TODO(email-verification): uncomment once email verification is in place # if not user.is_email_verified: # raise HTTPException( # status_code=status.HTTP_403_FORBIDDEN, # detail="Email address not verified", # ) token = create_access_token(str(user.id), user.email) return TokenResponse(access_token=token)