Загрузка данных


from dmr.controller import Controller
from dmr.components import Body, Cookie, ResponseContext
from django.http import JsonResponse

from .schemas import (
    LoginRequestSchema, LoginResponseSchema,
    RefreshResponseSchema, LogoutResponseSchema
)
from .services import AuthService

class AuthController(Controller):
    """Контроллер управления сессиями и JWT-токенами."""

    async def post_login(
        self, 
        body: Body[LoginRequestSchema], 
        ctx: ResponseContext
    ) -> LoginResponseSchema:
        """Аутентификация пользователя и установка HttpOnly Cookie."""
        payload = body.value
        user = await AuthService.authenticate_user(email=payload.email, password=payload.password)
        
        access_token = await AuthService.generate_access_token(user)
        refresh_token = await AuthService.generate_refresh_token(user)
        
        ctx.set_cookie(
            key="refresh",
            value=refresh_token,
            httponly=True,
            secure=True,  # Требует HTTPS в продакшене
            samesite="Lax",
            path="/api/v1/auth/refresh/",
            max_age=604800  # 7 дней
        )
        return LoginResponseSchema(access=access_token)

    async def post_refresh(self, refresh_cookie: Cookie[str, "refresh"]) -> RefreshResponseSchema:
        """Обновление сессии по Refresh-токену из куки."""
        try:
            new_access_token = await AuthService.refresh_session(refresh_cookie.value)
            return RefreshResponseSchema(access=new_access_token)
        except AuthService.InvalidTokenError:
            return JsonResponse({"detail": "Invalid or expired refresh token"}, status=401)

    async def post_logout(self, ctx: ResponseContext) -> LogoutResponseSchema:
        """Выход из системы с затиранием авторизационной куки."""
        ctx.set_cookie(
            key="refresh",
            value="",
            httponly=True,
            secure=True,
            samesite="Lax",
            path="/api/v1/auth/refresh/",
            max_age=0
        )
        return LogoutResponseSchema(detail="Successfully logged out.")