1 files changed, 58 insertions, 0 deletions

diff --git a/app/routes/auth/auth.py b/app/routes/auth/auth.py
new file mode 100644
index 0000000..6e0d410
--- /dev/null
+++ b/app/routes/auth/auth.py
@@ -0,0 +1,58 @@
+from fastapi import APIRouter, Depends, HTTPException, Response
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.auth.jwt import create_access_token, create_refresh_token
+from app.models.user import User
+from app.utils.db import get_async_session
+from app.utils.hash_cfg import verify_password
+from app.utils.logger_cfg import logger
+
+router = APIRouter(tags=["auth"])
+
+
+@router.post("/login")
+async def login(
+    response: Response,
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    session: AsyncSession = Depends(get_async_session),
+):
+    user = await User.get_user_by_email(form_data.username, session=session)
+    if not user:
+        user = await User.get_user_by_username(
+            form_data.username, session=session
+        )
+
+    if not user or not user.password:
+        logger.warning("Login failed | username/email={}", form_data.username)
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+
+    if not verify_password(form_data.password, user.password):
+        logger.warning("Login failed | username/email={}", form_data.username)
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+
+    access_token = create_access_token(
+        {"sub": str(user.id), "token_version": user.token_version}
+    )
+    refresh_token = create_refresh_token(
+        {"sub": str(user.id), "token_version": user.token_version}
+    )
+
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        httponly=True,
+        secure=False,
+        samesite="lax",
+        max_age=60 * 60,
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=True,
+        samesite="lax",
+        max_age=30 * 24 * 60 * 60,
+    )
+    logger.info("User logged in | id={} username={}", user.id, user.username)
+    return {"message": "Logged in successfully"}