HermesMessages/backend/app/modules/auth/router.py

from fastapi import APIRouter, Depends, HTTPException, Response, status
from jose import JWTError
from sqlalchemy.ext.asyncio import AsyncSession

from app.core.database import get_db
from app.core.security import create_access_token, decode_token
from app.modules.auth import schemas, service

router = APIRouter()


@router.post("/register", response_model=schemas.RegisterResponse, status_code=201)
async def register(body: schemas.RegisterRequest, db: AsyncSession = Depends(get_db)):
    token, business_id, user_id = await service.register_business(
        db,
        business_name=body.business_name,
        business_type=body.business_type,
        timezone=body.timezone,
        email=body.email,
        password=body.password,
    )
    return schemas.RegisterResponse(
        access_token=token,
        business_id=business_id,
        user_id=user_id,
    )


@router.post("/login", response_model=schemas.TokenResponse)
async def login(body: schemas.LoginRequest, db: AsyncSession = Depends(get_db)):
    token = await service.authenticate_user(db, body.email, body.password)
    return schemas.TokenResponse(access_token=token)


@router.post("/meta-callback", response_model=schemas.TokenResponse)
async def meta_callback(body: schemas.MetaCallbackRequest, db: AsyncSession = Depends(get_db)):
    token = await service.meta_oauth_login(db, body.code, body.redirect_uri)
    return schemas.TokenResponse(access_token=token)


@router.post("/refresh", response_model=schemas.TokenResponse)
async def refresh(body: schemas.RefreshRequest):
    try:
        payload = decode_token(body.access_token)
    except JWTError:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Token inválido")
    new_token = create_access_token(
        {"sub": payload["sub"], "business_id": payload["business_id"]}
    )
    return schemas.TokenResponse(access_token=new_token)


@router.post("/logout", status_code=204)
async def logout():
    return Response(status_code=204)
feat: initial commit — HermesMessages SaaS platform Backend (FastAPI + Python 3.12): - Multi-tenant auth with JWT: login, register, refresh, Meta OAuth - Business & BusinessConfig management - WhatsApp webhook with HMAC signature verification - Bot engine powered by Claude AI - Calendar availability with Redis caching - Reservations CRUD with status management - Dashboard analytics (stats, agenda, peak hours) - Billing & plan management - Admin panel with platform-wide stats - Async bcrypt via asyncio.to_thread - IntegrityError handling for concurrent registration race conditions Frontend (React 18 + Vite + Tailwind CSS): - Multi-step guided registration form with helper text on every field - Login page with show/hide password toggle - Protected routes with AuthContext - Dashboard with stats cards, bar chart, and daily agenda - Reservations list with search, filters, and inline status actions - Calendar with weekly view, slot availability, and date blocking - Config page: business info, schedules, bot personality - Billing page with plan comparison and usage bar Design system: - Bricolage Grotesque + DM Sans typography - Emerald primary palette with semantic color tokens - scale(0.97) button press feedback, ease-out animations - Skeleton loaders, stagger animations, prefers-reduced-motion support - Accessible: aria-labels, visible focus rings, 4.5:1 contrast Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-28 09:49:41 -05:00			`from fastapi import APIRouter, Depends, HTTPException, Response, status`
			`from jose import JWTError`
			`from sqlalchemy.ext.asyncio import AsyncSession`

			`from app.core.database import get_db`
			`from app.core.security import create_access_token, decode_token`
			`from app.modules.auth import schemas, service`

			`router = APIRouter()`


			`@router.post("/register", response_model=schemas.RegisterResponse, status_code=201)`
			`async def register(body: schemas.RegisterRequest, db: AsyncSession = Depends(get_db)):`
			`token, business_id, user_id = await service.register_business(`
			`db,`
			`business_name=body.business_name,`
			`business_type=body.business_type,`
			`timezone=body.timezone,`
			`email=body.email,`
			`password=body.password,`
			`)`
			`return schemas.RegisterResponse(`
			`access_token=token,`
			`business_id=business_id,`
			`user_id=user_id,`
			`)`


			`@router.post("/login", response_model=schemas.TokenResponse)`
			`async def login(body: schemas.LoginRequest, db: AsyncSession = Depends(get_db)):`
			`token = await service.authenticate_user(db, body.email, body.password)`
			`return schemas.TokenResponse(access_token=token)`


			`@router.post("/meta-callback", response_model=schemas.TokenResponse)`
			`async def meta_callback(body: schemas.MetaCallbackRequest, db: AsyncSession = Depends(get_db)):`
			`token = await service.meta_oauth_login(db, body.code, body.redirect_uri)`
			`return schemas.TokenResponse(access_token=token)`


			`@router.post("/refresh", response_model=schemas.TokenResponse)`
			`async def refresh(body: schemas.RefreshRequest):`
			`try:`
			`payload = decode_token(body.access_token)`
			`except JWTError:`
			`raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Token inválido")`
			`new_token = create_access_token(`
			`{"sub": payload["sub"], "business_id": payload["business_id"]}`
			`)`
			`return schemas.TokenResponse(access_token=new_token)`


			`@router.post("/logout", status_code=204)`
			`async def logout():`
			`return Response(status_code=204)`