service-finder/backend/app/api/v1/endpoints/auth.py

# backend/app/api/v1/endpoints/auth.py
from fastapi import APIRouter, Depends, HTTPException, status, Request
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from app.db.session import get_db
from app.services.auth_service import AuthService
from app.core.security import create_tokens, DEFAULT_RANK_MAP
from app.core.config import settings
from app.schemas.auth import UserLiteRegister, Token, UserKYCComplete
from app.api.deps import get_current_user
from app.models.identity import User # JAVÍTVA: Új központi modell

router = APIRouter()

@router.post("/login", response_model=Token)
async def login(db: AsyncSession = Depends(get_db), form_data: OAuth2PasswordRequestForm = Depends()):
    user = await AuthService.authenticate(db, form_data.username, form_data.password)
    if not user:
        raise HTTPException(status_code=401, detail="Hibás adatok.")
    
    ranks = await settings.get_db_setting(db, "rbac_rank_matrix", default=DEFAULT_RANK_MAP)
    role_name = user.role.value if hasattr(user.role, 'value') else str(user.role)

    token_data = {
        "sub": str(user.id),
        "role": role_name,
        "rank": ranks.get(role_name, 10),
        "scope_level": user.scope_level or "individual",
        "scope_id": str(user.scope_id) if user.scope_id else str(user.id)
    }
    
    access, refresh = create_tokens(data=token_data)
    return {"access_token": access, "refresh_token": refresh, "token_type": "bearer", "is_active": user.is_active}

@router.post("/complete-kyc")
async def complete_kyc(kyc_in: UserKYCComplete, db: AsyncSession = Depends(get_db), current_user: User = Depends(get_current_user)):
    user = await AuthService.complete_kyc(db, current_user.id, kyc_in)
    if not user:
        raise HTTPException(status_code=404, detail="User nem található.")
    return {"status": "success", "message": "Fiók aktiválva."}