From 41287453090ed2ab184fe4eb066bb25a5c692e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=98=D0=B3=D0=BE=D1=80=D1=8C=20=D0=91=D0=B0=D0=BD=D0=B4?=
 =?UTF-8?q?=D1=83=D1=80=D0=B8=D1=81=D1=82?= <morpex1698@mail.ru>
Date: Sun, 31 May 2026 16:33:02 +1000
Subject: [PATCH] cookie

---
 main.py | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/main.py b/main.py
index e2d3533..78437d1 100644
--- a/main.py
+++ b/main.py
@@ -1,11 +1,14 @@
 
 from fastapi import FastAPI, HTTPException, Depends
-from fastapi.middleware.cors import CORSMiddleware  # <-- добавлено
+from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
 from pydantic import BaseModel
 import sqlite3
 from passlib.context import CryptContext
 import uvicorn
 from werkzeug.security import generate_password_hash, check_password_hash
+import jwt
+import datetime
 
 app = FastAPI(title="Work BD Auth API",
               description="API для авторизации и регистрации",
@@ -58,7 +61,6 @@ async def register(user: UserIn):
 
 @app.post('/login', tags=["User"])
 async def login(user: UserIn):
-    print(user)
     if not user.username or not user.password:
         raise HTTPException(status_code=400, detail="Username and password required")
 
@@ -69,10 +71,31 @@ async def login(user: UserIn):
     conn.close()
 
     if row and check_password_hash(row[0], user.password):
-        return {"message": "Login successful"}
+        # Генерация JWT токена
+        token = jwt.encode({
+            "username": user.username,
+            "exp": datetime.datetime.utcnow() + datetime.timedelta(days=30)
+        }, "95ad4fb1f2612c41ed299d5ca695945890c957fa", algorithm="HS256")
+        
+        response = JSONResponse(content={"message": "Login successful", "token": token})
+        response.set_cookie(
+            key="auth_token",
+            value=token,
+            max_age=30*24*60*60,  # 30 дней
+            httponly=True,  # Безопасность
+            samesite="lax",
+            path="/"
+        )
+        response.set_cookie(
+            key="username",
+            value=user.username,
+            max_age=30*24*60*60,
+            samesite="lax",
+            path="/"
+        )
+        return response
     else:
-        # raise HTTPException(status_code=401, detail="Invalid credentials")
-        return {"message": "successful"}
+        raise HTTPException(status_code=401, detail="Invalid credentials")
     
 @app.get('/users', tags=["User"])
 async def get_users():