api/routes.py

from fastapi import APIRouter, HTTPException, Depends
from fastapi.security import OAuth2PasswordRequestForm
from models.schemas import SignupForm, TokenResponse
from db.mongo import users_collection
from core.security import hash_password, verify_password, create_access_token
from datetime import datetime

router = APIRouter()

@router.post("/signup")
async def signup(data: SignupForm):
    email = data.email.lower().strip()
    existing = await users_collection.find_one({"email": email})
    if existing:
        raise HTTPException(status_code=409, detail="Email already exists")
    
    hashed_pw = hash_password(data.password)
    user_doc = {
        "email": email,
        "password": hashed_pw,
        "created_at": datetime.utcnow()
    }
    await users_collection.insert_one(user_doc)
    return {"success": True, "message": "Account created"}

@router.post("/login", response_model=TokenResponse)
async def login(form_data: OAuth2PasswordRequestForm = Depends()):
    email = form_data.username.lower().strip()
    user = await users_collection.find_one({"email": email})
    if not user or not verify_password(form_data.password, user["password"]):
        raise HTTPException(status_code=401, detail="Invalid credentials")
    
    access_token = create_access_token(data={"sub": user["email"]})
    return {"access_token": access_token, "token_type": "bearer"}