4 files changed, 212 insertions, 0 deletions

diff --git a/app/routes/auth/__init__.py b/app/routes/auth/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/routes/auth/__init__.py
diff --git a/app/routes/auth/auth.py b/app/routes/auth/auth.py
new file mode 100644
index 0000000..6e0d410
--- /dev/null
+++ b/app/routes/auth/auth.py
@@ -0,0 +1,58 @@
+from fastapi import APIRouter, Depends, HTTPException, Response
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.auth.jwt import create_access_token, create_refresh_token
+from app.models.user import User
+from app.utils.db import get_async_session
+from app.utils.hash_cfg import verify_password
+from app.utils.logger_cfg import logger
+
+router = APIRouter(tags=["auth"])
+
+
+@router.post("/login")
+async def login(
+    response: Response,
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    session: AsyncSession = Depends(get_async_session),
+):
+    user = await User.get_user_by_email(form_data.username, session=session)
+    if not user:
+        user = await User.get_user_by_username(
+            form_data.username, session=session
+        )
+
+    if not user or not user.password:
+        logger.warning("Login failed | username/email={}", form_data.username)
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+
+    if not verify_password(form_data.password, user.password):
+        logger.warning("Login failed | username/email={}", form_data.username)
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+
+    access_token = create_access_token(
+        {"sub": str(user.id), "token_version": user.token_version}
+    )
+    refresh_token = create_refresh_token(
+        {"sub": str(user.id), "token_version": user.token_version}
+    )
+
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        httponly=True,
+        secure=False,
+        samesite="lax",
+        max_age=60 * 60,
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=True,
+        samesite="lax",
+        max_age=30 * 24 * 60 * 60,
+    )
+    logger.info("User logged in | id={} username={}", user.id, user.username)
+    return {"message": "Logged in successfully"}
diff --git a/app/routes/auth/logout.py b/app/routes/auth/logout.py
new file mode 100644
index 0000000..a55ea9e
--- /dev/null
+++ b/app/routes/auth/logout.py
@@ -0,0 +1,35 @@
+from fastapi import APIRouter, Depends, Response
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.auth.dependencies import get_current_user
+from app.models.user import User
+from app.utils.db import get_async_session
+from app.utils.logger_cfg import logger
+
+router = APIRouter(tags=["auth"])
+
+
+COOKIE_KWARGS = {
+    "httponly": True,
+    "secure": False,
+    "samesite": "lax",
+    "path": "/",
+}
+
+
+@router.post("/logout")
+async def logout(
+    response: Response,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(get_current_user),
+):
+    response.delete_cookie("access_token", **COOKIE_KWARGS)
+    response.delete_cookie("refresh_token", **COOKIE_KWARGS)
+
+    user.token_version += 1
+    session.add(user)
+    await session.commit()
+
+    logger.info("User logged out everywhere | user_id={}", user.id)
+
+    return {"message": "Logged out successfully"}
diff --git a/app/routes/auth/register.py b/app/routes/auth/register.py
new file mode 100644
index 0000000..f0b36ed
--- /dev/null
+++ b/app/routes/auth/register.py
@@ -0,0 +1,119 @@
+import re
+from typing import Optional
+
+from fastapi import APIRouter, Depends, HTTPException, Response
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.future import select
+
+from app.auth.jwt import create_access_token, create_refresh_token
+from app.models.integrations import UserIntegration
+from app.models.profile import Profile
+from app.models.user import User
+from app.schemas.user import UserCreate, UserRead
+from app.utils.db import get_async_session
+from app.utils.hash_cfg import hash_password
+from app.utils.logger_cfg import logger
+
+router = APIRouter(tags=["auth"])
+
+
+@router.post("/register", response_model=UserRead)
+async def register_user(
+    user: UserCreate,
+    response: Response,
+    session: AsyncSession = Depends(get_async_session),
+):
+    logger.debug("Register request received")
+
+    email: Optional[str] = user.email.strip() if user.email else None
+    logger.debug("Normalized email value: {}", email)
+    logger.info(
+        "Registration attempt | username={} email={}", user.username, email
+    )
+
+    if not (
+        re.search(r"[A-Za-z]", user.password)
+        and re.search(r"\d", user.password)
+        and re.search(r"[^\w\s]", user.password)
+    ):
+        logger.warning(
+            "Registration failed | password complexity requirement not met | username={}",
+            user.username,
+        )
+        raise HTTPException(
+            status_code=400,
+            detail={
+                "field": "password",
+                "message": "Попробуйте сочетание букв, цифр и символов.",
+            },
+        )
+
+    result = await session.execute(
+        select(User).where(User.username == user.username)
+    )
+    if result.scalars().first():
+        logger.warning(
+            "Registration failed | username already exists | username={}",
+            user.username,
+        )
+        raise HTTPException(
+            status_code=400,
+            detail={"field": "username", "message": "Никнейм уже занят."},
+        )
+
+    if email:
+        result = await session.execute(select(User).where(User.email == email))
+        if result.scalars().first():
+            logger.warning(
+                "Registration failed | email already exists | email={}", email
+            )
+            raise HTTPException(
+                status_code=400,
+                detail={"field": "email", "message": "Адрес уже занят."},
+            )
+
+    hashed_password = hash_password(user.password)
+
+    new_user = User(
+        username=user.username,
+        email=email,
+        password=hashed_password,
+        profile=Profile(),
+        integrations=UserIntegration(),
+    )
+
+    session.add(new_user)
+    await session.commit()
+    await session.refresh(new_user, ["profile", "integrations"])
+
+    logger.success(
+        "User successfully registered | id={} username={} email={}",
+        new_user.id,
+        new_user.username,
+        new_user.email,
+    )
+    access_token = create_access_token(
+        {"sub": str(new_user.id), "token_version": new_user.token_version}
+    )
+    refresh_token = create_refresh_token(
+        {"sub": str(new_user.id), "token_version": new_user.token_version}
+    )
+
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        httponly=True,
+        secure=False,
+        samesite="lax",
+        max_age=60 * 60,
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=False,
+        samesite="lax",
+        max_age=30 * 24 * 60 * 60,
+    )
+
+    return new_user