Create api/routes.py

api/routes.py

@@ -0,0 +1,34 @@
+from fastapi import APIRouter, HTTPException, Depends
+from fastapi.security import OAuth2PasswordRequestForm
+from app.models.schemas import SignupForm, TokenResponse
+from app.db.mongo import users_collection
+from app.core.security import hash_password, verify_password, create_access_token
+from datetime import datetime
+
+router = APIRouter()
+
+@router.post("/signup")
+async def signup(data: SignupForm):
+    email = data.email.lower().strip()
+    existing = await users_collection.find_one({"email": email})
+    if existing:
+        raise HTTPException(status_code=409, detail="Email already exists")
+    
+    hashed_pw = hash_password(data.password)
+    user_doc = {
+        "email": email,
+        "password": hashed_pw,
+        "created_at": datetime.utcnow()
+    }
+    await users_collection.insert_one(user_doc)
+    return {"success": True, "message": "Account created"}
+
+@router.post("/login", response_model=TokenResponse)
+async def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    email = form_data.username.lower().strip()
+    user = await users_collection.find_one({"email": email})
+    if not user or not verify_password(form_data.password, user["password"]):
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+    
+    access_token = create_access_token(data={"sub": user["email"]})
+    return {"access_token": access_token, "token_type": "bearer"}