Files
pokedexter/backend/app/routers/auth.py
T

53 lines
1.6 KiB
Python

from fastapi import APIRouter, Depends, HTTPException, status, Request
from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
from fastapi.templating import Jinja2Templates
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from pydantic import BaseModel
from ..database import get_db
from ..models import User
from ..auth import verify_password, create_token, hash_password
router = APIRouter()
templates = Jinja2Templates(directory="app/templates")
class LoginForm(BaseModel):
username: str
password: str
class CreateUserForm(BaseModel):
username: str
password: str
role: str = "user"
@router.get("/login", response_class=HTMLResponse)
async def login_page(request: Request):
return templates.TemplateResponse("login.html", {"request": request})
@router.post("/api/login")
async def login(data: LoginForm, db: AsyncSession = Depends(get_db)):
result = await db.execute(select(User).where(User.username == data.username))
user = result.scalar_one_or_none()
if not user or not verify_password(data.password, user.password_hash):
raise HTTPException(status_code=401, detail="Forkert brugernavn eller adgangskode")
token = create_token(user.username, user.role)
resp = JSONResponse(content={"ok": True, "redirect": "/"})
resp.set_cookie(
key="token", value=token, httponly=True, max_age=30 * 24 * 3600,
samesite="lax"
)
return resp
@router.post("/api/logout")
async def logout():
resp = JSONResponse(content={"ok": True, "redirect": "/login"})
resp.delete_cookie("token")
return resp