from dmr.controller import Controller
from dmr.components import Body, Cookie, ResponseContext
from django.http import JsonResponse
from .schemas import (
LoginRequestSchema, LoginResponseSchema,
RefreshResponseSchema, LogoutResponseSchema
)
from .services import AuthService
class AuthController(Controller):
"""Контроллер управления сессиями и JWT-токенами."""
async def post_login(
self,
body: Body[LoginRequestSchema],
ctx: ResponseContext
) -> LoginResponseSchema:
"""Аутентификация пользователя и установка HttpOnly Cookie."""
payload = body.value
user = await AuthService.authenticate_user(email=payload.email, password=payload.password)
access_token = await AuthService.generate_access_token(user)
refresh_token = await AuthService.generate_refresh_token(user)
ctx.set_cookie(
key="refresh",
value=refresh_token,
httponly=True,
secure=True, # Требует HTTPS в продакшене
samesite="Lax",
path="/api/v1/auth/refresh/",
max_age=604800 # 7 дней
)
return LoginResponseSchema(access=access_token)
async def post_refresh(self, refresh_cookie: Cookie[str, "refresh"]) -> RefreshResponseSchema:
"""Обновление сессии по Refresh-токену из куки."""
try:
new_access_token = await AuthService.refresh_session(refresh_cookie.value)
return RefreshResponseSchema(access=new_access_token)
except AuthService.InvalidTokenError:
return JsonResponse({"detail": "Invalid or expired refresh token"}, status=401)
async def post_logout(self, ctx: ResponseContext) -> LogoutResponseSchema:
"""Выход из системы с затиранием авторизационной куки."""
ctx.set_cookie(
key="refresh",
value="",
httponly=True,
secure=True,
samesite="Lax",
path="/api/v1/auth/refresh/",
max_age=0
)
return LogoutResponseSchema(detail="Successfully logged out.")