"""Single-admin login endpoints.""" from fastapi import APIRouter, Depends, HTTPException, Response, status from pydantic import BaseModel from services.auth import ( AdminUser, authenticate_admin, clear_auth_cookie, create_admin_token, require_admin, set_auth_cookie, ) router = APIRouter(prefix="/api/auth", tags=["auth"]) class LoginIn(BaseModel): username: str password: str class AdminUserOut(BaseModel): username: str displayName: str role: str def _to_out(user: AdminUser) -> AdminUserOut: return AdminUserOut( username=user.username, displayName=user.display_name, role=user.role, ) @router.post("/login", response_model=AdminUserOut) async def login(body: LoginIn, response: Response): user = authenticate_admin(body.username, body.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="用户名或密码错误", ) set_auth_cookie(response, create_admin_token()) return _to_out(user) @router.post("/logout") async def logout(response: Response): clear_auth_cookie(response) return {"ok": True} @router.get("/me", response_model=AdminUserOut) async def me(user: AdminUser = Depends(require_admin)): return _to_out(user)