добавление редисаъ

backend/app/routers/auth.py

@@ -1,50 +1,58 @@
 """Authentication router"""
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from sqlalchemy.orm import Session
+from typing import Optional
+
 from ..database import get_db
-from ..models.employee import Employee
-from ..schemas.auth import AdminLogin, EmployeeLogin
-from passlib.context import CryptContext
+from ..crud import employees
+from ..schemas.auth import Token
+from ..utils.auth import verify_password
+from ..utils.jwt import create_and_save_token
 
 router = APIRouter()
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
 
-@router.post("/admin/login")
-def admin_login(login_data: AdminLogin, db: Session = Depends(get_db)):
-    """Admin login endpoint"""
-    if login_data.username == "admin" and login_data.password == "admin123":
-        return {
-            "access_token": "admin_token",
-            "token_type": "bearer"
-        }
-    raise HTTPException(status_code=401, detail="Invalid credentials")
-
-@router.post("/login")
-def employee_login(login_data: EmployeeLogin, db: Session = Depends(get_db)):
-    """Employee login endpoint"""
-    # Ищем сотрудника по фамилии
-    employee = db.query(Employee).filter(Employee.last_name == login_data.last_name).first()
-    
-    if not employee:
+@router.post("/token", response_model=Token)
+async def login_for_access_token(
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    db: Session = Depends(get_db)
+):
+    # Проверяем учетные данные сотрудника
+    employee = employees.get_employee_by_last_name(db, form_data.username)
+    if not employee or not verify_password(form_data.password, employee.hashed_password):
         raise HTTPException(
-            status_code=401,
-            detail="Сотрудник с такой фамилией не найден"
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password",
+            headers={"WWW-Authenticate": "Bearer"},
         )
     
-    # Проверяем пароль
-    if not pwd_context.verify(login_data.password, employee.password):
-        raise HTTPException(
-            status_code=401,
-            detail="Неверный пароль"
-        )
+    # Создаем и сохраняем токен
+    access_token = create_and_save_token(employee.id, db)
     
-    # Возвращаем данные сотрудника
     return {
-        "id": employee.id,
-        "first_name": employee.first_name,
-        "last_name": employee.last_name,
-        "department": employee.department,
-        "office": employee.office,
-        "access_token": f"employee_token_{employee.id}",  # Добавляем токен для авторизации
+        "access_token": access_token,
+        "token_type": "bearer"
+    }
+
+@router.post("/admin/token", response_model=Token)
+async def admin_login(
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    db: Session = Depends(get_db)
+):
+    # Проверяем учетные данные администратора
+    if form_data.username != "admin" or form_data.password != "admin123":
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    # Для админа используем специальный ID
+    admin_id = -1
+    access_token = create_and_save_token(admin_id, db)
+    
+    return {
+        "access_token": access_token,
         "token_type": "bearer"
     }