feat: Addition of authentication and user management systems

app/api/v1/endpoints/auth.py

@@ -0,0 +1,68 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Response
+
+from sqlalchemy import select
+from sqlalchemy.orm import Session
+
+from app.core import settings
+from app.core.security import (
+    verify_password,
+    create_access_token,
+    set_auth_cookie,
+)
+
+from app.db import get_async_db
+from app.db.models import User
+
+from app.api.v1.schemas import TokenRequest, TokenResponse
+
+
+router = APIRouter()
+
+
+# ------------------------
+# Authentication
+# ------------------------
+
+@router.post(
+    "/login",
+    response_model=TokenResponse,
+    status_code=status.HTTP_200_OK,
+    tags=["Authentication"]
+)
+async def get_token(payload: TokenRequest, response: Response, db: Session = Depends(get_async_db)):
+    result = await db.execute(select(User).where(User.username == payload.username))
+    user = result.scalar_one_or_none()
+    if not user or not verify_password(payload.password, user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid crendentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    access_token = create_access_token(
+        data = {"sub": str(user.id)}
+    )
+
+    set_auth_cookie(
+        response,
+        token=access_token,
+        max_age=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
+    )
+
+    return {"access_token": access_token}
+
+
+@router.post(
+    "/logout",
+    status_code=status.HTTP_200_OK,
+    tags=["Authentication"],
+)
+def logout(response: Response) -> dict:
+    response.delete_cookie(
+        key="access_token",
+        path="/",               # même chemin que lors du set_cookie
+        httponly=True,
+        samesite="lax" if settings.ENV == "dev" else "strict",
+        secure=settings.USE_SSL,          # mettre True en prod sur HTTPS
+    )
+    return {"detail": "Logged out successfully"}