add jwt

1 files changed, 37 insertions, 0 deletions

diff --git a/app/routes/auth.py b/app/routes/auth.py
new file mode 100644
index 0000000..aa68c52
--- /dev/null
+++ b/app/routes/auth.py
@@ -0,0 +1,37 @@
+from fastapi import APIRouter, Depends, HTTPException
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.utils.logger_cfg import logger
+
+from app.auth.jwt import create_access_token, create_refresh_token
+from app.models.user import User
+from app.utils.db import get_async_session
+from app.utils.hash_cfg import verify_password
+
+router = APIRouter(tags=["auth"])
+
+
+@router.post("/login")
+async def login(
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    session: AsyncSession = Depends(get_async_session),
+):
+    user = await User.get_user_by_email(form_data.username, session=session)
+    if not user:
+        user = await User.get_user_by_username(form_data.username, session=session)
+
+    if not user or not verify_password(form_data.password, user.password):
+        logger.warning("Login failed | username/email={}", form_data.username)
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+
+    access_token = create_access_token({"sub": str(user.id)})
+    refresh_token = create_refresh_token({"sub": str(user.id)})
+
+    logger.info("User logged in | id={} username={}", user.id, user.username)
+
+    return {
+        "access_token": access_token,
+        "refresh_token": refresh_token,
+        "token_type": "bearer",
+    }