Jonathan
ce227e47d6
Split UserCreate into UserCreate (with min_length constraints) and UserLogin (no constraints) so existing short passwords can still log in. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
51 lines
1.6 KiB
Python
51 lines
1.6 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
from pydantic import BaseModel, Field
|
|
|
|
from ..database import get_db
|
|
from .. import models
|
|
from ..auth import hash_password, verify_password, create_access_token
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
class UserCreate(BaseModel):
|
|
username: str = Field(min_length=3, max_length=50)
|
|
password: str = Field(min_length=8)
|
|
|
|
|
|
class UserLogin(BaseModel):
|
|
username: str
|
|
password: str
|
|
|
|
|
|
class Token(BaseModel):
|
|
access_token: str
|
|
token_type: str
|
|
is_admin: bool
|
|
|
|
|
|
@router.post("/register", status_code=status.HTTP_201_CREATED)
|
|
def register(user_in: UserCreate, db: Session = Depends(get_db)):
|
|
existing = db.query(models.User).filter(models.User.username == user_in.username).first()
|
|
if existing:
|
|
raise HTTPException(status_code=400, detail="Username already taken")
|
|
no_users_yet = db.query(models.User).first() is None
|
|
user = models.User(
|
|
username=user_in.username,
|
|
password=hash_password(user_in.password),
|
|
is_admin=no_users_yet,
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
return {"message": "User created"}
|
|
|
|
|
|
@router.post("/login", response_model=Token)
|
|
def login(user_in: UserLogin, db: Session = Depends(get_db)):
|
|
user = db.query(models.User).filter(models.User.username == user_in.username).first()
|
|
if not user or not verify_password(user_in.password, user.password):
|
|
raise HTTPException(status_code=401, detail="Invalid credentials")
|
|
token = create_access_token({"sub": user.username})
|
|
return {"access_token": token, "token_type": "bearer", "is_admin": user.is_admin}
|