PROJECT-CONTORL/backend/app/schemas/auth.py

from pydantic import BaseModel, Field
from typing import Optional


class LoginRequest(BaseModel):
    email: str = Field(..., max_length=255)
    password: str = Field(..., min_length=1, max_length=128)


class LoginResponse(BaseModel):
    access_token: str
    refresh_token: str
    token_type: str = "bearer"
    expires_in: int = Field(default=3600, description="Access token expiry in seconds")
    user: "UserInfo"


class RefreshTokenRequest(BaseModel):
    """Request body for refresh token endpoint."""
    refresh_token: str = Field(..., description="The refresh token to use for obtaining a new access token")


class RefreshTokenResponse(BaseModel):
    """Response for refresh token endpoint."""
    access_token: str
    refresh_token: str  # New refresh token (rotation)
    token_type: str = "bearer"
    expires_in: int = Field(default=3600, description="Access token expiry in seconds")


class UserInfo(BaseModel):
    id: str
    email: str
    name: str
    role: Optional[str] = None
    department_id: Optional[str] = None
    is_system_admin: bool = False


class TokenPayload(BaseModel):
    sub: str
    email: str
    role: Optional[str] = None
    department_id: Optional[str] = None
    is_system_admin: bool = False
    exp: int
    iat: int


class CSRFTokenResponse(BaseModel):
    """Response containing a CSRF token for state-changing operations."""
    csrf_token: str = Field(..., description="CSRF token to include in X-CSRF-Token header")
    expires_in: int = Field(default=3600, description="Token expiry time in seconds")


# Update forward reference
LoginResponse.model_rebuild()