feat: auth backend implementation

2025-06-09 07:04:33 -04:00
parent eb84ff2060
commit df5b247cdd
8 changed files with 419 additions and 3 deletions
@@ -1,5 +1,8 @@
-from fastapi import FastAPI, Depends, HTTPException
+from fastapi import FastAPI, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordRequestForm
 from sqlalchemy.orm import Session
+
+from app.utils import create_access_token
 from . import schemas, crud
 from .database import SessionLocal, engine, Base

@@ -46,3 +49,36 @@ def delete_item(item_id: int, db: Session = Depends(get_db)):
    if item is None:
        raise HTTPException(status_code=404, detail="Item not found")
    return item
+
+
+# Users
+
+
+@app.post("/login", response_model=schemas.Token)
+def user_login(
+    form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)
+):
+    user = crud.authenticate_user(db, form_data.username, form_data.password)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    access_token = create_access_token(data={"sub": user.username})
+    return {"access_token": access_token, "token_type": "bearer"}
+
+
+@app.post("/register", response_model=schemas.UserOut)
+def register_user(user: schemas.UserCreate, db: Session = Depends(get_db)):
+    if crud.get_user_by_username(db, user.username):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Username already registered",
+        )
+    if crud.get_user_by_email(db, user.email):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Account with that email already registered",
+        )
+    return crud.create_user(db, user)