84 lines
2.5 KiB
Python
84 lines
2.5 KiB
Python
# app/api/v1/vendor/auth.py
|
|
"""
|
|
Vendor team authentication endpoints.
|
|
|
|
This module provides:
|
|
- Vendor team member login
|
|
- Vendor owner login
|
|
- Vendor-scoped authentication
|
|
"""
|
|
|
|
import logging
|
|
from fastapi import APIRouter, Depends, Request
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.core.database import get_db
|
|
from app.services.auth_service import auth_service
|
|
from app.exceptions import InvalidCredentialsException
|
|
from middleware.vendor_context import get_current_vendor
|
|
from models.schema.auth import LoginResponse, UserLogin
|
|
from models.database.vendor import Vendor
|
|
|
|
router = APIRouter()
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
@router.post("/login", response_model=LoginResponse)
|
|
def vendor_login(
|
|
user_credentials: UserLogin,
|
|
request: Request,
|
|
db: Session = Depends(get_db)
|
|
):
|
|
"""
|
|
Vendor team member login.
|
|
|
|
Authenticates users who are part of a vendor team.
|
|
Validates against vendor context if available.
|
|
"""
|
|
# Authenticate user
|
|
login_result = auth_service.login_user(db=db, user_credentials=user_credentials)
|
|
user = login_result["user"]
|
|
|
|
# Prevent admin users from using vendor login
|
|
if user.role == "admin":
|
|
logger.warning(f"Admin user attempted vendor login: {user.username}")
|
|
raise InvalidCredentialsException("Please use admin portal to login")
|
|
|
|
# Optional: Validate user belongs to current vendor context
|
|
vendor = get_current_vendor(request)
|
|
if vendor:
|
|
# Check if user is vendor owner or team member
|
|
is_owner = any(v.id == vendor.id for v in user.owned_vendors)
|
|
is_team_member = any(
|
|
vm.vendor_id == vendor.id and vm.is_active
|
|
for vm in user.vendor_memberships
|
|
)
|
|
|
|
if not (is_owner or is_team_member):
|
|
logger.warning(
|
|
f"User {user.username} attempted login to vendor {vendor.vendor_code} "
|
|
f"but is not authorized"
|
|
)
|
|
raise InvalidCredentialsException(
|
|
"You do not have access to this vendor"
|
|
)
|
|
|
|
logger.info(f"Vendor team login successful: {user.username}")
|
|
|
|
return LoginResponse(
|
|
access_token=login_result["token_data"]["access_token"],
|
|
token_type=login_result["token_data"]["token_type"],
|
|
expires_in=login_result["token_data"]["expires_in"],
|
|
user=login_result["user"],
|
|
)
|
|
|
|
|
|
@router.post("/logout")
|
|
def vendor_logout():
|
|
"""
|
|
Vendor team member logout.
|
|
|
|
Client should remove token from storage.
|
|
"""
|
|
return {"message": "Logged out successfully"}
|