diff --git a/endpoints/login.post.py b/endpoints/login.post.py index a8ab4aa..c9cebe6 100644 --- a/endpoints/login.post.py +++ b/endpoints/login.post.py @@ -1,37 +1,35 @@ -from fastapi import APIRouter, Depends, HTTPException -from pydantic import BaseModel -from datetime import timedelta -from core.database import get_db +# Entity: User + +```python +from fastapi import APIRouter, Depends, HTTPException, status +from fastapi.security import OAuth2PasswordRequestForm from sqlalchemy.orm import Session -from core.auth import verify_password, create_access_token +from core.database import get_db +from core.security import verify_password, create_access_token from models.user import User +from schemas.user import UserSchema, TokenResponse router = APIRouter() -class UserAuth(BaseModel): - username: str - password: str - -@router.post("/login") +@router.post("/login", response_model=TokenResponse, status_code=status.HTTP_200_OK) async def login( - user_data: UserAuth, + form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db) ): - """User authentication endpoint""" - user = db.query(User).filter(User.username == user_data.username).first() + user = db.query(User).filter(User.email == form_data.username).first() - if not user or not verify_password(user_data.password, user.hashed_password): - raise HTTPException(status_code=400, detail="Invalid credentials") + if not user or not verify_password(form_data.password, user.hashed_password): + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail="Incorrect email or password", + headers={"WWW-Authenticate": "Bearer"}, + ) - # Generate token with expiration - access_token = create_access_token( - data={"sub": user.id}, - expires_delta=timedelta(hours=1) - ) + access_token = create_access_token(data={"sub": user.email}) return { "access_token": access_token, "token_type": "bearer", - "user_id": user.id, - "username": user.username + "user": user } +``` \ No newline at end of file