Update api/routes/auth.py

api/routes/auth.py

@@ -1,137 +1,74 @@
-from fastapi import APIRouter, HTTPException, Depends, status, Request, Depends
+from fastapi import APIRouter, HTTPException, status, Depends, Request
 from fastapi.security import OAuth2PasswordRequestForm
 from db.mongo import users_collection
 from core.security import hash_password, verify_password, create_access_token, get_current_user
-from models.schemas import SignupForm, TokenResponse, DoctorCreate
+from models.schemas import SignupForm, TokenResponse
 from datetime import datetime
 import logging
 
-# Configure logging
-logging.basicConfig(
-    level=logging.INFO,
-    format='%(asctime)s - %(levelname)s - %(name)s - %(message)s'
-)
-logger = logging.getLogger(__name__)
-
 router = APIRouter()
+logger = logging.getLogger(__name__)
 
-@router.post("/signup", status_code=status.HTTP_201_CREATED)
-async def signup(data: SignupForm):
-    logger.info(f"Signup attempt for email: {data.email}")
-    email = data.email.lower().strip()
-    existing = await users_collection.find_one({"email": email})
-    if existing:
-        logger.warning(f"Signup failed: Email already exists: {email}")
-        raise HTTPException(
-            status_code=status.HTTP_409_CONFLICT,
-            detail="Email already exists"
-        )
-    
-    hashed_pw = hash_password(data.password)
-    user_doc = {
-        "email": email,
-        "full_name": data.full_name.strip(),
-        "password": hashed_pw,
-        "role": "patient",
-        "created_at": datetime.utcnow().isoformat(),
-        "updated_at": datetime.utcnow().isoformat()
-    }
+@router.post("/login", response_model=TokenResponse)
+async def login(
+    request: Request,
+    form_data: OAuth2PasswordRequestForm = Depends()
+):
+    logger.info(f"Login attempt from {request.client.host} for email: {form_data.username}")
     
     try:
-        result = await users_collection.insert_one(user_doc)
-        logger.info(f"User created successfully: {email}")
+        user = await users_collection.find_one({"email": form_data.username.lower()})
+        if not user:
+            logger.warning(f"Login failed - user not found: {form_data.username}")
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid credentials",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+
+        if not verify_password(form_data.password, user["password"]):
+            logger.warning(f"Login failed - invalid password for: {form_data.username}")
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid credentials",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+
+        access_token = create_access_token(data={"sub": user["email"]})
+        logger.info(f"Successful login for {user['email']}")
+        
         return {
-            "status": "success",
-            "id": str(result.inserted_id),
-            "email": email
+            "access_token": access_token,
+            "token_type": "bearer",
+            "role": user.get("role", "patient")
         }
+        
+    except HTTPException:
+        raise
     except Exception as e:
-        logger.error(f"Failed to create user {email}: {str(e)}")
+        logger.error(f"Login error for {form_data.username}: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Failed to create user: {str(e)}"
+            detail="Internal server error during login"
         )
 
-@router.post("/admin/doctors", status_code=status.HTTP_201_CREATED)
-async def create_doctor(
-    data: DoctorCreate,
+@router.get("/me")
+async def get_current_user_profile(
+    request: Request,
     current_user: dict = Depends(get_current_user)
 ):
-    logger.info(f"Doctor creation attempt by {current_user.get('email')}")
-    if current_user.get('role') != 'admin':
-        logger.warning(f"Unauthorized doctor creation attempt by {current_user.get('email')}")
-        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Only admins can create doctor accounts"
-        )
-    
-    email = data.email.lower().strip()
-    existing = await users_collection.find_one({"email": email})
-    if existing:
-        logger.warning(f"Doctor creation failed: Email already exists: {email}")
-        raise HTTPException(
-            status_code=status.HTTP_409_CONFLICT,
-            detail="Email already exists"
-        )
-    
-    hashed_pw = hash_password(data.password)
-    doctor_doc = {
-        "email": email,
-        "full_name": data.full_name.strip(),
-        "password": hashed_pw,
-        "role": "doctor",
-        "specialty": data.specialty,
-        "license_number": data.license_number,
-        "created_at": datetime.utcnow().isoformat(),
-        "updated_at": datetime.utcnow().isoformat()
-    }
+    logger.info(f"Profile request for {current_user['email']} from {request.client.host}")
     
     try:
-        result = await users_collection.insert_one(doctor_doc)
-        logger.info(f"Doctor created successfully: {email}")
         return {
-            "status": "success",
-            "id": str(result.inserted_id),
-            "email": email
+            "email": current_user["email"],
+            "full_name": current_user.get("full_name"),
+            "role": current_user.get("role"),
+            "created_at": current_user.get("created_at")
         }
     except Exception as e:
-        logger.error(f"Failed to create doctor {email}: {str(e)}")
+        logger.error(f"Profile error for {current_user['email']}: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Failed to create doctor: {str(e)}"
-        )
-
-@router.post("/login", response_model=TokenResponse)
-async def login(form_data: OAuth2PasswordRequestForm = Depends()):
-    logger.info(f"Login attempt for email: {form_data.username}")
-    user = await users_collection.find_one({"email": form_data.username.lower()})
-    if not user or not verify_password(form_data.password, user["password"]):
-        logger.warning(f"Login failed for {form_data.username}: Invalid credentials")
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid credentials",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    
-    access_token = create_access_token(data={"sub": user["email"]})
-    logger.info(f"Successful login for {form_data.username}")
-    return {
-        "access_token": access_token,
-        "token_type": "bearer",
-        "role": user.get("role", "patient")
-    }
-
-@router.get("/me")
-async def get_me(request: Request, current_user: dict = Depends(get_current_user)):
-    logger.info(f"Fetching user profile for {current_user['email']}")
-    return {
-        "email": current_user["email"],
-        "full_name": current_user.get("full_name"),
-        "role": current_user.get("role")
-    }
-@router.get("/test-auth")
-async def test_token_auth(current_user: dict = Depends(get_current_user)):
-    return {"status": "ok", "email": current_user.get("email")}
-
-# Export the router as 'auth' for api.__init__.py
-auth = router
+            detail="Failed to retrieve profile"
+        )