From 69e67d049411ceb5c839386b020ce2c77ffc2847 Mon Sep 17 00:00:00 2001
From: l3wdfut4pwr <l3wdfut4pwr@gmail.com>
Date: Thu, 2 Apr 2026 08:39:42 +0300
Subject: minor improvements

---
 app/routes/auth.py | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

(limited to 'app/routes/auth.py')

diff --git a/app/routes/auth.py b/app/routes/auth.py
index aa68c52..a2de6db 100644
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -1,19 +1,19 @@
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, Response
 from fastapi.security import OAuth2PasswordRequestForm
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from app.utils.logger_cfg import logger
-
 from app.auth.jwt import create_access_token, create_refresh_token
 from app.models.user import User
 from app.utils.db import get_async_session
 from app.utils.hash_cfg import verify_password
+from app.utils.logger_cfg import logger
 
 router = APIRouter(tags=["auth"])
 
 
 @router.post("/login")
 async def login(
+    response: Response,
     form_data: OAuth2PasswordRequestForm = Depends(),
     session: AsyncSession = Depends(get_async_session),
 ):
@@ -25,13 +25,28 @@ async def login(
         logger.warning("Login failed | username/email={}", form_data.username)
         raise HTTPException(status_code=401, detail="Invalid credentials")
 
-    access_token = create_access_token({"sub": str(user.id)})
-    refresh_token = create_refresh_token({"sub": str(user.id)})
-
+    access_token = create_access_token(
+        {"sub": str(user.id), "token_version": user.token_version}
+    )
+    refresh_token = create_refresh_token(
+        {"sub": str(user.id), "token_version": user.token_version}
+    )
+
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        httponly=True,
+        secure=False,
+        samesite="lax",
+        max_age=60 * 60,
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=True,
+        samesite="lax",
+        max_age=30 * 24 * 60 * 60,
+    )
     logger.info("User logged in | id={} username={}", user.id, user.username)
-
-    return {
-        "access_token": access_token,
-        "refresh_token": refresh_token,
-        "token_type": "bearer",
-    }
+    return {"message": "Logged in successfully"}
-- 
cgit v1.3-3-g829e