from fastapi import APIRouter, Depends, HTTPException, status from sqlmodel import Session, select from app.connection import get_session from app.models.user import User from app.schemas.user import UserCreate, UserRead, Token, LoginRequest from app.auth.utils import hash_password, verify_password, create_access_token router = APIRouter(prefix="/auth", tags=["Auth"]) @router.post("/register", response_model=UserRead, status_code=status.HTTP_201_CREATED) def register(data: UserCreate, session: Session = Depends(get_session)) -> User: existing = session.exec(select(User).where(User.email == data.email)).first() if existing: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Пользователь с таким email уже существует", ) user = User( name=data.name, email=data.email, phone=data.phone, hashed_password=hash_password(data.password), is_organizer=data.is_organizer, ) session.add(user) session.commit() session.refresh(user) return user @router.post("/login", response_model=Token) def login(data: LoginRequest, session: Session = Depends(get_session)) -> dict: user = session.exec(select(User).where(User.email == data.email)).first() if not user or not verify_password(data.password, user.hashed_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Неверный email или пароль", ) access_token = create_access_token({"sub": str(user.id)}) return {"access_token": access_token, "token_type": "bearer"}