"""Authentication endpoints.""" from __future__ import annotations from fastapi import APIRouter, Depends, HTTPException, status from fastapi.security import OAuth2PasswordRequestForm from sqlalchemy import select from sqlalchemy.ext.asyncio import AsyncSession from app.core.deps import get_current_user from app.core.security import create_access_token, verify_password from app.database import get_db from app.models.user import User from app.schemas import Token, UserOut router = APIRouter(prefix="/api/auth", tags=["auth"]) @router.post("/login", response_model=Token) async def login( form: OAuth2PasswordRequestForm = Depends(), db: AsyncSession = Depends(get_db), ): result = await db.execute(select(User).where(User.email == form.username)) user = result.scalar_one_or_none() if not user or not verify_password(form.password, user.hashed_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password" ) if not user.is_active: raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is disabled") token = create_access_token(subject=user.email, role=user.role.value) return Token(access_token=token, role=user.role, email=user.email) @router.get("/me", response_model=UserOut) async def me(user: User = Depends(get_current_user)): return user