Phase 1 Complete by Claude Code

2026-02-16 22:32:28 +02:00
parent 19c069949d
commit 5e2d4b6b1b
20 changed files with 692 additions and 32 deletions
--- a/backend/auth/router.py
+++ b/backend/auth/router.py
@@ -1 +1,42 @@
-# TODO: Login / token endpoints
+from fastapi import APIRouter
+from shared.firebase import get_db
+from auth.models import LoginRequest, TokenResponse
+from auth.utils import verify_password, create_access_token
+from shared.exceptions import AuthenticationError
+
+router = APIRouter(prefix="/api/auth", tags=["auth"])
+
+
+@router.post("/login", response_model=TokenResponse)
+async def login(body: LoginRequest):
+    db = get_db()
+    if not db:
+        raise AuthenticationError("Service unavailable")
+
+    users_ref = db.collection("admin_users")
+    query = users_ref.where("email", "==", body.email).limit(1).get()
+
+    if not query:
+        raise AuthenticationError("Invalid email or password")
+
+    doc = query[0]
+    user_data = doc.to_dict()
+
+    if not user_data.get("is_active", True):
+        raise AuthenticationError("Account is disabled")
+
+    if not verify_password(body.password, user_data["hashed_password"]):
+        raise AuthenticationError("Invalid email or password")
+
+    token = create_access_token({
+        "sub": doc.id,
+        "email": user_data["email"],
+        "role": user_data["role"],
+        "name": user_data["name"],
+    })
+
+    return TokenResponse(
+        access_token=token,
+        role=user_data["role"],
+        name=user_data["name"],
+    )