diff --git a/endpoints/login.post.py b/endpoints/login.post.py index a8ab4aa..4d4e155 100644 --- a/endpoints/login.post.py +++ b/endpoints/login.post.py @@ -1,37 +1,37 @@ -from fastapi import APIRouter, Depends, HTTPException -from pydantic import BaseModel -from datetime import timedelta -from core.database import get_db +# Entity: User + +```python +from fastapi import APIRouter, Depends, HTTPException, status from sqlalchemy.orm import Session -from core.auth import verify_password, create_access_token -from models.user import User +from core.database import get_db +from core.models.user import User +from core.schemas.user import UserSchema, UserLogin +from core.security import verify_password, create_access_token router = APIRouter() -class UserAuth(BaseModel): - username: str - password: str - -@router.post("/login") +@router.post("/login", status_code=200) async def login( - user_data: UserAuth, + login_data: UserLogin, db: Session = Depends(get_db) ): - """User authentication endpoint""" - user = db.query(User).filter(User.username == user_data.username).first() + user = db.query(User).filter(User.email == login_data.email).first() + if not user: + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail="Incorrect email or password" + ) - if not user or not verify_password(user_data.password, user.hashed_password): - raise HTTPException(status_code=400, detail="Invalid credentials") - - # Generate token with expiration - access_token = create_access_token( - data={"sub": user.id}, - expires_delta=timedelta(hours=1) - ) + if not verify_password(login_data.password, user.hashed_password): + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail="Incorrect email or password" + ) + access_token = create_access_token(data={"sub": user.email}) return { "access_token": access_token, "token_type": "bearer", - "user_id": user.id, - "username": user.username + "user": UserSchema.from_orm(user) } +``` \ No newline at end of file