1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
from fastapi import APIRouter, Depends, HTTPException, Response
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.ext.asyncio import AsyncSession
from app.auth.jwt import create_access_token, create_refresh_token
from app.models.user import User
from app.utils.db import get_async_session
from app.utils.hash_cfg import verify_password
from app.utils.logger_cfg import logger
router = APIRouter(tags=["auth"])
@router.post("/login")
async def login(
response: Response,
form_data: OAuth2PasswordRequestForm = Depends(),
session: AsyncSession = Depends(get_async_session),
):
user = await User.get_user_by_email(form_data.username, session=session)
if not user:
user = await User.get_user_by_username(
form_data.username, session=session
)
if not user or not user.password:
logger.warning("Login failed | username/email={}", form_data.username)
raise HTTPException(status_code=401, detail="Invalid credentials")
if not verify_password(form_data.password, user.password):
logger.warning("Login failed | username/email={}", form_data.username)
raise HTTPException(status_code=401, detail="Invalid credentials")
access_token = create_access_token(
{"sub": str(user.id), "token_version": user.token_version}
)
refresh_token = create_refresh_token(
{"sub": str(user.id), "token_version": user.token_version}
)
response.set_cookie(
key="access_token",
value=access_token,
httponly=True,
secure=False,
samesite="lax",
max_age=60 * 60,
)
response.set_cookie(
key="refresh_token",
value=refresh_token,
httponly=True,
secure=True,
samesite="lax",
max_age=30 * 24 * 60 * 60,
)
logger.info("User logged in | id={} username={}", user.id, user.username)
return {"message": "Logged in successfully"}
|
