major refactoring adding vendor and customer features

2025-10-11 09:09:25 +02:00
parent f569995883
commit dd16198276
126 changed files with 15109 additions and 3747 deletions
--- a/app/api/v1/vendor/auth.py
+++ b/app/api/v1/vendor/auth.py
@@ -0,0 +1,83 @@
+# app/api/v1/vendor/auth.py
+"""
+Vendor team authentication endpoints.
+
+This module provides:
+- Vendor team member login
+- Vendor owner login
+- Vendor-scoped authentication
+"""
+
+import logging
+from fastapi import APIRouter, Depends, Request
+from sqlalchemy.orm import Session
+
+from app.core.database import get_db
+from app.services.auth_service import auth_service
+from app.exceptions import InvalidCredentialsException
+from middleware.vendor_context import get_current_vendor
+from models.schemas.auth import LoginResponse, UserLogin
+from models.database.vendor import Vendor
+
+router = APIRouter()
+logger = logging.getLogger(__name__)
+
+
+@router.post("/login", response_model=LoginResponse)
+def vendor_login(
+        user_credentials: UserLogin,
+        request: Request,
+        db: Session = Depends(get_db)
+):
+    """
+    Vendor team member login.
+
+    Authenticates users who are part of a vendor team.
+    Validates against vendor context if available.
+    """
+    # Authenticate user
+    login_result = auth_service.login_user(db=db, user_credentials=user_credentials)
+    user = login_result["user"]
+
+    # Prevent admin users from using vendor login
+    if user.role == "admin":
+        logger.warning(f"Admin user attempted vendor login: {user.username}")
+        raise InvalidCredentialsException("Please use admin portal to login")
+
+    # Optional: Validate user belongs to current vendor context
+    vendor = get_current_vendor(request)
+    if vendor:
+        # Check if user is vendor owner or team member
+        is_owner = any(v.id == vendor.id for v in user.owned_vendors)
+        is_team_member = any(
+            vm.vendor_id == vendor.id and vm.is_active
+            for vm in user.vendor_memberships
+        )
+
+        if not (is_owner or is_team_member):
+            logger.warning(
+                f"User {user.username} attempted login to vendor {vendor.vendor_code} "
+                f"but is not authorized"
+            )
+            raise InvalidCredentialsException(
+                "You do not have access to this vendor"
+            )
+
+    logger.info(f"Vendor team login successful: {user.username}")
+
+    return LoginResponse(
+        access_token=login_result["token_data"]["access_token"],
+        token_type=login_result["token_data"]["token_type"],
+        expires_in=login_result["token_data"]["expires_in"],
+        user=login_result["user"],
+    )
+
+
+@router.post("/logout")
+def vendor_logout():
+    """
+    Vendor team member logout.
+
+    Client should remove token from storage.
+    """
+    return {"message": "Logged out successfully"}