from fastapi import APIRouter, Depends, HTTPException, status from fastapi.security import OAuth2PasswordRequestForm from sqlalchemy.orm import Session from datetime import timedelta from app.database import get_db from app.core.security import create_access_token, create_refresh_token from app.crud.user import user_crud from app.schemas.user import UserCreate, UserResponse, Token from app.core.deps import get_current_active_user from app.models.user import User router = APIRouter(prefix="/auth", tags=["authentication"]) @router.post("/register", response_model=UserResponse) def register(user_create: UserCreate, db: Session = Depends(get_db)): """Inscrire un nouvel utilisateur""" # Vérifier si l'email existe déjà if user_crud.get_by_email(db, user_create.email): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Un utilisateur avec cet email existe déjà" ) # Vérifier si le nom d'utilisateur existe déjà if user_crud.get_by_username(db, user_create.username): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Un utilisateur avec ce nom d'utilisateur existe déjà" ) user = user_crud.create(db, user_create) return user @router.post("/login", response_model=Token) def login(form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)): """Se connecter et obtenir un token d'accès""" user = user_crud.authenticate(db, form_data.username, form_data.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Email ou mot de passe incorrect", headers={"WWW-Authenticate": "Bearer"}, ) if not user.is_active: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Compte utilisateur inactif" ) # Créer les tokens access_token_expires = timedelta(minutes=30) access_token = create_access_token( data={"sub": user.email, "user_id": user.id}, expires_delta=access_token_expires ) refresh_token = create_refresh_token(data={"sub": user.email, "user_id": user.id}) return { "access_token": access_token, "token_type": "bearer", "expires_in": 1800, # 30 minutes en secondes "refresh_token": refresh_token } @router.post("/refresh", response_model=Token) def refresh_token(refresh_token: str, db: Session = Depends(get_db)): """Rafraîchir un token d'accès""" from app.core.security import verify_token payload = verify_token(refresh_token) if not payload or payload.get("type") != "refresh": raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Token de rafraîchissement invalide" ) user_id = payload.get("user_id") user = user_crud.get_by_id(db, user_id) if not user or not user.is_active: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Utilisateur non trouvé ou inactif" ) # Créer un nouveau token d'accès access_token_expires = timedelta(minutes=30) access_token = create_access_token( data={"sub": user.email, "user_id": user.id}, expires_delta=access_token_expires ) return { "access_token": access_token, "token_type": "bearer", "expires_in": 1800 } @router.get("/me", response_model=UserResponse) def get_current_user_info(current_user: User = Depends(get_current_active_user)): """Obtenir les informations de l'utilisateur actuel""" return current_user @router.post("/verify-email/{user_id}") def verify_email(user_id: int, db: Session = Depends(get_db)): """Vérifier l'email d'un utilisateur (pour les tests)""" user = user_crud.verify_email(db, user_id) if not user: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Utilisateur non trouvé" ) return {"message": "Email vérifié avec succès"}