from fastapi import APIRouter, Depends, HTTPException, status from sqlmodel import Session, select from app.connection import get_session from app.models.user import User from app.schemas.user import UserRead, UserUpdate, PasswordChange from app.auth.dependencies import get_current_user from app.auth.utils import verify_password, hash_password router = APIRouter(prefix="/users", tags=["Users"]) @router.get("/me", response_model=UserRead) def get_me(current_user: User = Depends(get_current_user)) -> User: return current_user @router.get("/", response_model=list[UserRead]) def list_users( session: Session = Depends(get_session), current_user: User = Depends(get_current_user), ) -> list[User]: return list(session.exec(select(User)).all()) @router.get("/{user_id}", response_model=UserRead) def get_user( user_id: int, session: Session = Depends(get_session), current_user: User = Depends(get_current_user), ) -> User: user = session.get(User, user_id) if not user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Пользователь не найден") return user @router.patch("/me", response_model=UserRead) def update_me( data: UserUpdate, session: Session = Depends(get_session), current_user: User = Depends(get_current_user), ) -> User: for field, value in data.model_dump(exclude_unset=True).items(): setattr(current_user, field, value) session.add(current_user) session.commit() session.refresh(current_user) return current_user @router.post("/me/change-password", status_code=status.HTTP_200_OK) def change_password( data: PasswordChange, session: Session = Depends(get_session), current_user: User = Depends(get_current_user), ) -> dict: if not verify_password(data.old_password, current_user.hashed_password): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Неверный старый пароль", ) current_user.hashed_password = hash_password(data.new_password) session.add(current_user) session.commit() return {"detail": "Пароль успешно изменён"}