from flask import Blueprint, request, jsonify, session from ..models.user import User from .. import db auth_bp = Blueprint("auth", __name__, url_prefix="/api/auth") @auth_bp.route("/signup", methods=["POST"]) def signup(): data = request.get_json(silent=True) or {} username = (data.get("username") or "").strip() email = (data.get("email") or "").strip().lower() password = data.get("password") or "" if not username or not email or not password: return jsonify({"error": "username, email and password are required"}), 400 if len(password) < 8: return jsonify({"error": "Password must be at least 8 characters"}), 400 if User.query.filter( (User.username == username) | (User.email == email) ).first(): return jsonify({"error": "Username or email already exists"}), 409 user = User(username=username, email=email) user.set_password(password) db.session.add(user) db.session.commit() session["user_id"] = user.id return jsonify({"message": "Account created", "user": user.to_dict()}), 201 @auth_bp.route("/login", methods=["POST"]) def login(): data = request.get_json(silent=True) or {} identity = (data.get("email") or data.get("username") or "").strip() password = data.get("password") or "" if not identity or not password: return jsonify({"error": "Email/username and password are required"}), 400 user = User.query.filter( (User.email == identity.lower()) | (User.username == identity) ).first() if not user or not user.check_password(password): return jsonify({"error": "Invalid credentials"}), 401 session["user_id"] = user.id return jsonify({"message": "Logged in", "user": user.to_dict()}), 200 @auth_bp.route("/logout", methods=["POST"]) def logout(): session.pop("user_id", None) return jsonify({"message": "Logged out"}), 200 @auth_bp.route("/me", methods=["GET"]) def me(): uid = session.get("user_id") if not uid: return jsonify({"error": "Not authenticated"}), 401 user = User.query.get(uid) if not user: return jsonify({"error": "User not found"}), 404 return jsonify({"user": user.to_dict()}), 200