refactor: modularize API routes into separate files and clean up dependencies

2026-04-09 11:58:57 -04:00
parent 551664bc43
commit 29a2cf2738
45 changed files with 541 additions and 344 deletions
--- a/decnet/web/router/auth/api_login.py
+++ b/decnet/web/router/auth/api_login.py
@@ -0,0 +1,36 @@
+from datetime import timedelta
+from typing import Any, Optional
+
+from fastapi import APIRouter, HTTPException, status
+
+from decnet.web.auth import (
+    ACCESS_TOKEN_EXPIRE_MINUTES,
+    create_access_token,
+    verify_password,
+)
+from decnet.web.dependencies import repo
+from decnet.web.models import LoginRequest, Token
+
+router = APIRouter()
+
+
+@router.post("/auth/login", response_model=Token, tags=["Authentication"])
+async def login(request: LoginRequest) -> dict[str, Any]:
+    _user: Optional[dict[str, Any]] = await repo.get_user_by_username(request.username)
+    if not _user or not verify_password(request.password, _user["password_hash"]):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    _access_token_expires: timedelta = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    # Token uses uuid instead of sub
+    _access_token: str = create_access_token(
+        data={"uuid": _user["uuid"]}, expires_delta=_access_token_expires
+    )
+    return {
+        "access_token": _access_token, 
+        "token_type": "bearer",  # nosec B105
+        "must_change_password": bool(_user.get("must_change_password", False))
+    }