"""Auth endpoints — login / me."""
from fastapi import APIRouter, Depends, HTTPException

from app.auth import authenticate, create_access_token, CurrentUser, get_current_user
from app.contracts import LoginRequest, TokenResponse

router = APIRouter()


@router.post("/auth/login", response_model=TokenResponse)
async def login(body: LoginRequest):
    user = await authenticate(body.username, body.password)
    if not user:
        raise HTTPException(401, detail="Invalid credentials")
    token = create_access_token({"sub": user["username"], "roles": user.get("roles", [])})
    return TokenResponse(access_token=token)


@router.get("/auth/me")
def me(user: CurrentUser):
    return {"username": user["username"], "roles": user.get("roles", [])}