bakery-ia/services/auth/app/api/auth.py

# services/auth/app/api/auth.py - UPDATED TO RETURN TOKENS FROM REGISTRATION
"""
Authentication API routes - Updated to return tokens directly from registration
Following industry best practices with unified token response format
"""

from fastapi import APIRouter, Depends, HTTPException, status, Request
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from sqlalchemy.ext.asyncio import AsyncSession
from typing import Optional
import structlog

from app.core.database import get_db
from app.schemas.auth import (
    UserRegistration, UserLogin, TokenResponse, 
    RefreshTokenRequest, UserResponse, PasswordChange,
    PasswordReset, TokenVerification
)
from app.services.auth_service import AuthService
from app.core.security import SecurityManager
from shared.monitoring.decorators import track_execution_time

logger = structlog.get_logger()
router = APIRouter()
security = HTTPBearer(auto_error=False)

def get_metrics_collector(request: Request):
    """Get metrics collector from app state"""
    return getattr(request.app.state, 'metrics_collector', None)

# ================================================================
# AUTHENTICATION ENDPOINTS
# ================================================================

@router.post("/register", response_model=TokenResponse)
@track_execution_time("registration_duration_seconds", "auth-service")
async def register(
    user_data: UserRegistration,
    request: Request,
    db: AsyncSession = Depends(get_db)
):
    """Register a new user and return tokens directly"""
    metrics = get_metrics_collector(request)
    
    try:
        # Validate password strength
        if not SecurityManager.validate_password(user_data.password):
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="Password does not meet security requirements"
            )
        
        # Create user and generate tokens in one operation
        result = await AuthService.register_user_with_tokens(
            email=user_data.email,
            password=user_data.password,
            full_name=user_data.full_name,
            db=db
        )
        
        # Record successful registration
        if metrics:
            metrics.increment_counter("registration_total", labels={"status": "success"})
        
        logger.info(f"User registration with tokens successful: {user_data.email}")
        
        return TokenResponse(**result)
        
    except HTTPException as e:
        if metrics:
            metrics.increment_counter("registration_total", labels={"status": "failed"})
        logger.warning(f"Registration failed for {user_data.email}: {e.detail}")
        raise
    except Exception as e:
        if metrics:
            metrics.increment_counter("registration_total", labels={"status": "error"})
        logger.error(f"Registration error for {user_data.email}: {e}")
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Registration failed"
        )

@router.post("/login", response_model=TokenResponse)
@track_execution_time("login_duration_seconds", "auth-service")
async def login(
    login_data: UserLogin,
    request: Request,
    db: AsyncSession = Depends(get_db)
):
    """Login user and return tokens"""
    metrics = get_metrics_collector(request)
    
    try:
        # Check login attempts (rate limiting)
        #attempts = await SecurityManager.get_login_attempts(login_data.email)
        #if attempts >= 5:
        #    raise HTTPException(
        #        status_code=status.HTTP_429_TOO_MANY_REQUESTS,
        #        detail="Too many login attempts. Please try again later."
        #    )
        
        # Attempt login
        result = await AuthService.login(login_data.email, login_data.password, db)
        
        # Clear login attempts on success
        await SecurityManager.clear_login_attempts(login_data.email)
        
        # Record successful login
        if metrics:
            metrics.increment_counter("login_success_total")
        
        logger.info(f"Login successful for {login_data.email}")
        return TokenResponse(**result)
        
    except HTTPException as e:
        # Increment login attempts on failure
        await SecurityManager.increment_login_attempts(login_data.email)
        
        # Record failed login
        if metrics:
            metrics.increment_counter("login_failure_total", labels={"reason": "auth_failed"})
        logger.warning(f"Login failed for {login_data.email}: {e.detail}")
        raise
        
    except Exception as e:
        # Record login error
        if metrics:
            metrics.increment_counter("login_failure_total", labels={"reason": "error"})
        logger.error(f"Login error for {login_data.email}: {e}")
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Login failed"
        )

@router.post("/refresh", response_model=TokenResponse)
@track_execution_time("token_refresh_duration_seconds", "auth-service")
async def refresh_token(
    refresh_data: RefreshTokenRequest,
    request: Request,
    db: AsyncSession = Depends(get_db)
):
    """Refresh access token"""
    metrics = get_metrics_collector(request)
    
    try:
        result = await AuthService.refresh_access_token(refresh_data.refresh_token, db)
        
        # Record successful refresh
        if metrics:
            metrics.increment_counter("token_refresh_success_total")
        
        logger.info("Token refresh successful")
        return TokenResponse(**result)
        
    except HTTPException as e:
        if metrics:
            metrics.increment_counter("token_refresh_failure_total")
        logger.warning(f"Token refresh failed: {e.detail}")
        raise
        
    except Exception as e:
        if metrics:
            metrics.increment_counter("token_refresh_failure_total")
        logger.error(f"Token refresh error: {e}")
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Token refresh failed"
        )

@router.post("/verify", response_model=TokenVerification)
@track_execution_time("token_verification_duration_seconds", "auth-service")
async def verify_token(
    credentials: HTTPAuthorizationCredentials = Depends(security),
    request: Request = None
):
    """Verify access token"""
    metrics = get_metrics_collector(request) if request else None
    
    if not credentials:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Authorization header required"
        )
    
    try:
        result = await AuthService.verify_user_token(credentials.credentials)
        
        if metrics:
            metrics.increment_counter("token_verify_success_total")
        
        return TokenVerification(
            valid=True,
            user_id=result.get("user_id"),
            email=result.get("email"),
            exp=result.get("exp")
        )
        
    except HTTPException as e:
        if metrics:
            metrics.increment_counter("token_verify_failure_total")
        raise
    except Exception as e:
        if metrics:
            metrics.increment_counter("token_verify_failure_total")
        logger.error(f"Token verification error: {e}")
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid token"
        )

@router.post("/logout")
@track_execution_time("logout_duration_seconds", "auth-service")
async def logout(
    refresh_data: RefreshTokenRequest,
    request: Request,
    db: AsyncSession = Depends(get_db)
):
    """Logout user by revoking refresh token"""
    metrics = get_metrics_collector(request)
    
    try:
        success = await AuthService.logout(refresh_data.refresh_token, db)
        
        if metrics:
            status_label = "success" if success else "failed"
            metrics.increment_counter("logout_total", labels={"status": status_label})
        
        return {"message": "Logout successful" if success else "Logout failed"}
        
    except Exception as e:
        if metrics:
            metrics.increment_counter("logout_total", labels={"status": "error"})
        logger.error(f"Logout error: {e}")
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Logout failed"
        )

# ================================================================
# PASSWORD MANAGEMENT ENDPOINTS
# ================================================================

@router.post("/change-password")
async def change_password(
    password_data: PasswordChange,
    credentials: HTTPAuthorizationCredentials = Depends(security),
    request: Request = None,
    db: AsyncSession = Depends(get_db)
):
    """Change user password"""
    metrics = get_metrics_collector(request) if request else None
    
    try:
        if not credentials:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Authentication required"
            )
        
        # Verify current token
        payload = await AuthService.verify_user_token(credentials.credentials)
        user_id = payload.get("user_id")
        
        if not user_id:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Invalid token"
            )
        
        # Validate new password
        if not SecurityManager.validate_password(password_data.new_password):
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="New password does not meet security requirements"
            )
        
        # Change password logic would go here
        # This is a simplified version - you'd need to implement the actual password change in AuthService
        
        # Record password change
        if metrics:
            metrics.increment_counter("password_change_total", labels={"status": "success"})
        
        logger.info(f"Password changed for user: {user_id}")
        return {"message": "Password changed successfully"}
        
    except HTTPException:
        raise
    except Exception as e:
        # Record password change error
        if metrics:
            metrics.increment_counter("password_change_total", labels={"status": "error"})
        logger.error(f"Password change error: {e}")
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Password change failed"
        )

@router.post("/reset-password")
async def reset_password(
    reset_data: PasswordReset,
    request: Request,
    db: AsyncSession = Depends(get_db)
):
    """Request password reset"""
    metrics = get_metrics_collector(request)
    
    try:
        # Password reset logic would go here
        # This is a simplified version - you'd need to implement email sending, etc.
        
        # Record password reset request
        if metrics:
            metrics.increment_counter("password_reset_total", labels={"status": "requested"})
        
        logger.info(f"Password reset requested for: {reset_data.email}")
        return {"message": "Password reset email sent if account exists"}
        
    except Exception as e:
        # Record password reset error
        if metrics:
            metrics.increment_counter("password_reset_total", labels={"status": "error"})
        logger.error(f"Password reset error: {e}")
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Password reset failed"
        )

# ================================================================
# HEALTH AND STATUS ENDPOINTS
# ================================================================

@router.get("/health")
async def health_check():
    """Health check endpoint"""
    return {
        "status": "healthy",
        "service": "auth-service",
        "version": "1.0.0"
    }
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`# services/auth/app/api/auth.py - UPDATED TO RETURN TOKENS FROM REGISTRATION`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`"""`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`Authentication API routes - Updated to return tokens directly from registration`
			`Following industry best practices with unified token response format`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`"""`

			`from fastapi import APIRouter, Depends, HTTPException, status, Request`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`from sqlalchemy.ext.asyncio import AsyncSession`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`from typing import Optional`
Fix imports 2025-07-18 14:41:39 +02:00			`import structlog`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
			`from app.core.database import get_db`
Adds auth module 2025-07-17 21:25:27 +02:00			`from app.schemas.auth import (`
			`UserRegistration, UserLogin, TokenResponse,`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`RefreshTokenRequest, UserResponse, PasswordChange,`
			`PasswordReset, TokenVerification`
Adds auth module 2025-07-17 21:25:27 +02:00			`)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`from app.services.auth_service import AuthService`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`from app.core.security import SecurityManager`
			`from shared.monitoring.decorators import track_execution_time`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix imports 2025-07-18 14:41:39 +02:00			`logger = structlog.get_logger()`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`router = APIRouter()`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`security = HTTPBearer(auto_error=False)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`def get_metrics_collector(request: Request):`
			`"""Get metrics collector from app state"""`
			`return getattr(request.app.state, 'metrics_collector', None)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# ================================================================`
			`# AUTHENTICATION ENDPOINTS`
			`# ================================================================`

Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`@router.post("/register", response_model=TokenResponse)`
Fix shared issues 2025-07-18 12:34:28 +02:00			`@track_execution_time("registration_duration_seconds", "auth-service")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`async def register(`
			`user_data: UserRegistration,`
Fix shared issues 2025-07-18 12:34:28 +02:00			`request: Request,`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`db: AsyncSession = Depends(get_db)`
			`):`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`"""Register a new user and return tokens directly"""`
Fix shared issues 2025-07-18 12:34:28 +02:00			`metrics = get_metrics_collector(request)`

Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`try:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Validate password strength`
			`if not SecurityManager.validate_password(user_data.password):`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="Password does not meet security requirements"`
			`)`

Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`# Create user and generate tokens in one operation`
			`result = await AuthService.register_user_with_tokens(`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`email=user_data.email,`
			`password=user_data.password,`
			`full_name=user_data.full_name,`
			`db=db`
			`)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`# Record successful registration`
			`if metrics:`
			`metrics.increment_counter("registration_total", labels={"status": "success"})`

Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`logger.info(f"User registration with tokens successful: {user_data.email}")`
Improve auth process 2 2025-07-20 08:33:23 +02:00
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`return TokenResponse(**result)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`except HTTPException as e:`
			`if metrics:`
			`metrics.increment_counter("registration_total", labels={"status": "failed"})`
			`logger.warning(f"Registration failed for {user_data.email}: {e.detail}")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise`
			`except Exception as e:`
Fix shared issues 2025-07-18 12:34:28 +02:00			`if metrics:`
			`metrics.increment_counter("registration_total", labels={"status": "error"})`
Adds auth module 2025-07-17 21:25:27 +02:00			`logger.error(f"Registration error for {user_data.email}: {e}")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
			`detail="Registration failed"`
			`)`

			`@router.post("/login", response_model=TokenResponse)`
Fix shared issues 2025-07-18 12:34:28 +02:00			`@track_execution_time("login_duration_seconds", "auth-service")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`async def login(`
			`login_data: UserLogin,`
			`request: Request,`
			`db: AsyncSession = Depends(get_db)`
			`):`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`"""Login user and return tokens"""`
Fix shared issues 2025-07-18 12:34:28 +02:00			`metrics = get_metrics_collector(request)`

Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`try:`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`# Check login attempts (rate limiting)`
			`#attempts = await SecurityManager.get_login_attempts(login_data.email)`
			`#if attempts >= 5:`
Fix tenant register 2 2025-07-20 23:43:42 +02:00			`# raise HTTPException(`
			`# status_code=status.HTTP_429_TOO_MANY_REQUESTS,`
			`# detail="Too many login attempts. Please try again later."`
			`# )`
Improve auth process 2 2025-07-20 08:33:23 +02:00
			`# Attempt login`
			`result = await AuthService.login(login_data.email, login_data.password, db)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Clear login attempts on success`
			`await SecurityManager.clear_login_attempts(login_data.email)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`# Record successful login`
			`if metrics:`
			`metrics.increment_counter("login_success_total")`

			`logger.info(f"Login successful for {login_data.email}")`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`return TokenResponse(**result)`
Fix shared issues 2025-07-18 12:34:28 +02:00
Adds auth module 2025-07-17 21:25:27 +02:00			`except HTTPException as e:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Increment login attempts on failure`
			`await SecurityManager.increment_login_attempts(login_data.email)`

Fix shared issues 2025-07-18 12:34:28 +02:00			`# Record failed login`
			`if metrics:`
			`metrics.increment_counter("login_failure_total", labels={"reason": "auth_failed"})`
Adds auth module 2025-07-17 21:25:27 +02:00			`logger.warning(f"Login failed for {login_data.email}: {e.detail}")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise`
Fix shared issues 2025-07-18 12:34:28 +02:00
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`except Exception as e:`
Fix shared issues 2025-07-18 12:34:28 +02:00			`# Record login error`
			`if metrics:`
			`metrics.increment_counter("login_failure_total", labels={"reason": "error"})`
Adds auth module 2025-07-17 21:25:27 +02:00			`logger.error(f"Login error for {login_data.email}: {e}")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
			`detail="Login failed"`
			`)`

			`@router.post("/refresh", response_model=TokenResponse)`
Fix shared issues 2025-07-18 12:34:28 +02:00			`@track_execution_time("token_refresh_duration_seconds", "auth-service")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`async def refresh_token(`
			`refresh_data: RefreshTokenRequest,`
Fix shared issues 2025-07-18 12:34:28 +02:00			`request: Request,`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`db: AsyncSession = Depends(get_db)`
			`):`
			`"""Refresh access token"""`
Fix shared issues 2025-07-18 12:34:28 +02:00			`metrics = get_metrics_collector(request)`

Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`try:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`result = await AuthService.refresh_access_token(refresh_data.refresh_token, db)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`# Record successful refresh`
			`if metrics:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`metrics.increment_counter("token_refresh_success_total")`
Fix shared issues 2025-07-18 12:34:28 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`logger.info("Token refresh successful")`
			`return TokenResponse(**result)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`except HTTPException as e:`
			`if metrics:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`metrics.increment_counter("token_refresh_failure_total")`
			`logger.warning(f"Token refresh failed: {e.detail}")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise`
Fix shared issues 2025-07-18 12:34:28 +02:00
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`except Exception as e:`
Fix shared issues 2025-07-18 12:34:28 +02:00			`if metrics:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`metrics.increment_counter("token_refresh_failure_total")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`logger.error(f"Token refresh error: {e}")`
			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
			`detail="Token refresh failed"`
			`)`

Improve auth process 2 2025-07-20 08:33:23 +02:00			`@router.post("/verify", response_model=TokenVerification)`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`@track_execution_time("token_verification_duration_seconds", "auth-service")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`async def verify_token(`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`credentials: HTTPAuthorizationCredentials = Depends(security),`
			`request: Request = None`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`):`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`"""Verify access token"""`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`metrics = get_metrics_collector(request) if request else None`
Fix shared issues 2025-07-18 12:34:28 +02:00
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`if not credentials:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Authorization header required"`
			`)`

Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`try:`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`result = await AuthService.verify_user_token(credentials.credentials)`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00
Fix shared issues 2025-07-18 12:34:28 +02:00			`if metrics:`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`metrics.increment_counter("token_verify_success_total")`
Fix shared issues 2025-07-18 12:34:28 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`return TokenVerification(`
			`valid=True,`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`user_id=result.get("user_id"),`
			`email=result.get("email"),`
			`exp=result.get("exp")`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`)`
Fix shared issues 2025-07-18 12:34:28 +02:00
			`except HTTPException as e:`
			`if metrics:`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`metrics.increment_counter("token_verify_failure_total")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise`
			`except Exception as e:`
Fix shared issues 2025-07-18 12:34:28 +02:00			`if metrics:`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`metrics.increment_counter("token_verify_failure_total")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`logger.error(f"Token verification error: {e}")`
			`raise HTTPException(`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Invalid token"`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`)`

			`@router.post("/logout")`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`@track_execution_time("logout_duration_seconds", "auth-service")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`async def logout(`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`refresh_data: RefreshTokenRequest,`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`request: Request,`
			`db: AsyncSession = Depends(get_db)`
			`):`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`"""Logout user by revoking refresh token"""`
Fix shared issues 2025-07-18 12:34:28 +02:00			`metrics = get_metrics_collector(request)`

Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`try:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`success = await AuthService.logout(refresh_data.refresh_token, db)`

			`if metrics:`
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`status_label = "success" if success else "failed"`
			`metrics.increment_counter("logout_total", labels={"status": status_label})`
Improve auth process 2 2025-07-20 08:33:23 +02:00
Add new frontend - fix 8 2025-07-22 13:46:05 +02:00			`return {"message": "Logout successful" if success else "Logout failed"}`
Improve auth process 2 2025-07-20 08:33:23 +02:00
			`except Exception as e:`
			`if metrics:`
			`metrics.increment_counter("logout_total", labels={"status": "error"})`
			`logger.error(f"Logout error: {e}")`
			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
			`detail="Logout failed"`
			`)`

			`# ================================================================`
			`# PASSWORD MANAGEMENT ENDPOINTS`
			`# ================================================================`

			`@router.post("/change-password")`
			`async def change_password(`
			`password_data: PasswordChange,`
			`credentials: HTTPAuthorizationCredentials = Depends(security),`
			`request: Request = None,`
			`db: AsyncSession = Depends(get_db)`
			`):`
			`"""Change user password"""`
			`metrics = get_metrics_collector(request) if request else None`

			`try:`
			`if not credentials:`
Fix shared issues 2025-07-18 12:34:28 +02:00			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`detail="Authentication required"`
Fix shared issues 2025-07-18 12:34:28 +02:00			`)`

Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Verify current token`
			`payload = await AuthService.verify_user_token(credentials.credentials)`
			`user_id = payload.get("user_id")`
Fix shared issues 2025-07-18 12:34:28 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`if not user_id:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Invalid token"`
			`)`
Fix shared issues 2025-07-18 12:34:28 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Validate new password`
			`if not SecurityManager.validate_password(password_data.new_password):`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="New password does not meet security requirements"`
			`)`
Fix shared issues 2025-07-18 12:34:28 +02:00
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Change password logic would go here`
			`# This is a simplified version - you'd need to implement the actual password change in AuthService`

			`# Record password change`
Fix shared issues 2025-07-18 12:34:28 +02:00			`if metrics:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`metrics.increment_counter("password_change_total", labels={"status": "success"})`

			`logger.info(f"Password changed for user: {user_id}")`
			`return {"message": "Password changed successfully"}`

			`except HTTPException:`
Fix shared issues 2025-07-18 12:34:28 +02:00			`raise`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`except Exception as e:`
			`# Record password change error`
			`if metrics:`
			`metrics.increment_counter("password_change_total", labels={"status": "error"})`
			`logger.error(f"Password change error: {e}")`
			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
			`detail="Password change failed"`
			`)`

			`@router.post("/reset-password")`
			`async def reset_password(`
			`reset_data: PasswordReset,`
			`request: Request,`
			`db: AsyncSession = Depends(get_db)`
			`):`
			`"""Request password reset"""`
			`metrics = get_metrics_collector(request)`

			`try:`
			`# Password reset logic would go here`
			`# This is a simplified version - you'd need to implement email sending, etc.`

			`# Record password reset request`
			`if metrics:`
			`metrics.increment_counter("password_reset_total", labels={"status": "requested"})`

			`logger.info(f"Password reset requested for: {reset_data.email}")`
			`return {"message": "Password reset email sent if account exists"}`
Fix shared issues 2025-07-18 12:34:28 +02:00
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`except Exception as e:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`# Record password reset error`
Fix shared issues 2025-07-18 12:34:28 +02:00			`if metrics:`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`metrics.increment_counter("password_reset_total", labels={"status": "error"})`
			`logger.error(f"Password reset error: {e}")`
Initial microservices setup from artifacts 2025-07-17 13:09:24 +02:00			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
Improve auth process 2 2025-07-20 08:33:23 +02:00			`detail="Password reset failed"`
			`)`

			`# ================================================================`
			`# HEALTH AND STATUS ENDPOINTS`
			`# ================================================================`

			`@router.get("/health")`
			`async def health_check():`
			`"""Health check endpoint"""`
			`return {`
			`"status": "healthy",`
			`"service": "auth-service",`
			`"version": "1.0.0"`
			`}`