Files
pokedexter/backend/app/routers/auth.py
T

53 lines
1.6 KiB
Python
Raw Normal View History

2026-07-01 21:10:06 +02:00
from fastapi import APIRouter, Depends, HTTPException, status, Request
from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
2026-07-01 21:10:06 +02:00
from fastapi.templating import Jinja2Templates
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from pydantic import BaseModel
from ..database import get_db
from ..models import User
from ..auth import verify_password, create_token, hash_password
2026-07-01 21:10:06 +02:00
router = APIRouter()
templates = Jinja2Templates(directory="app/templates")
class LoginForm(BaseModel):
username: str
password: str
class CreateUserForm(BaseModel):
username: str
password: str
role: str = "user"
@router.get("/login", response_class=HTMLResponse)
async def login_page(request: Request):
return templates.TemplateResponse("login.html", {"request": request})
@router.post("/api/login")
async def login(data: LoginForm, db: AsyncSession = Depends(get_db)):
result = await db.execute(select(User).where(User.username == data.username))
user = result.scalar_one_or_none()
if not user or not verify_password(data.password, user.password_hash):
raise HTTPException(status_code=401, detail="Forkert brugernavn eller adgangskode")
token = create_token(user.username, user.role)
resp = JSONResponse(content={"ok": True, "redirect": "/"})
2026-07-01 21:10:06 +02:00
resp.set_cookie(
key="token", value=token, httponly=True, max_age=30 * 24 * 3600,
samesite="lax"
)
return resp
@router.post("/api/logout")
async def logout():
resp = JSONResponse(content={"ok": True, "redirect": "/login"})
2026-07-01 21:10:06 +02:00
resp.delete_cookie("token")
return resp