from fastapi import APIRouter, Depends, HTTPException, status from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy import select from ..database import get_db from ..models.user import User from ..schemas.user import UserCreate, UserLogin, UserResponse, Token from ..utils.security import get_password_hash, verify_password, create_access_token from ..services.auth import get_current_user router = APIRouter(prefix="/api/auth", tags=["auth"]) @router.post("/register", response_model=Token) async def register(user_data: UserCreate, db: AsyncSession = Depends(get_db)): # Check if email exists result = await db.execute(select(User).where(User.email == user_data.email)) if result.scalar_one_or_none(): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Email already registered", ) # Check if username exists result = await db.execute(select(User).where(User.username == user_data.username)) if result.scalar_one_or_none(): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Username already taken", ) # Create user user = User( username=user_data.username, email=user_data.email, password_hash=get_password_hash(user_data.password), ) db.add(user) await db.flush() # Create token access_token = create_access_token(data={"sub": str(user.id)}) return Token(access_token=access_token) @router.post("/login", response_model=Token) async def login(user_data: UserLogin, db: AsyncSession = Depends(get_db)): result = await db.execute(select(User).where(User.email == user_data.email)) user = result.scalar_one_or_none() if not user or not verify_password(user_data.password, user.password_hash): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid email or password", ) access_token = create_access_token(data={"sub": str(user.id)}) return Token(access_token=access_token) @router.get("/me", response_model=UserResponse) async def get_me(current_user: User = Depends(get_current_user)): return current_user