init

backend/app/api/routes_auth.py

@@ -0,0 +1,32 @@
+from __future__ import annotations
+
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, HTTPException, status
+
+from app.api.deps import get_current_user
+from app.core.database import get_connection
+from app.core.schemas import LoginRequest, LoginResponse, UserProfile
+from app.core.security import verify_password
+from app.services import repository
+
+router = APIRouter(prefix="/api/auth", tags=["auth"])
+
+
+@router.post("/login", response_model=LoginResponse)
+def login(payload: LoginRequest) -> LoginResponse:
+    with get_connection() as connection:
+        row = connection.execute(
+            "SELECT id, username, password_hash, role, display_name FROM users WHERE username = ?",
+            (payload.username,),
+        ).fetchone()
+        if row is None or not verify_password(payload.password, row["password_hash"]):
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="invalid_credentials")
+        token = repository.create_session(connection, row["id"])
+        user = repository.profile_from_row(row)
+    return LoginResponse(token=token, user=user)
+
+
+@router.get("/me", response_model=UserProfile)
+def me(user: Annotated[UserProfile, Depends(get_current_user)]) -> UserProfile:
+    return user