app-service/backend/app/schemas/auth.py

"""Pydantic schemas for authentication requests/responses."""

from typing import Optional
from pydantic import BaseModel, Field, EmailStr


class Token(BaseModel):
    """JWT token response schema."""

    access_token: str
    token_type: str = "bearer"


class TokenWith2FA(BaseModel):
    """JWT token response with 2FA requirement indicator."""

    access_token: Optional[str] = None
    token_type: str = "bearer"
    requires_2fa: bool = False
    temp_token: Optional[str] = None  # Temporary token for 2FA verification


class TokenData(BaseModel):
    """Token payload data schema."""

    user_id: Optional[str] = None


class LoginRequest(BaseModel):
    """Login request schema."""

    username: str = Field(..., min_length=3, max_length=100)
    password: str = Field(..., min_length=1)
    totp_code: Optional[str] = Field(None, min_length=6, max_length=8)  # 6 digits or 8-char backup code


class Verify2FARequest(BaseModel):
    """2FA verification request schema."""

    temp_token: str
    code: str = Field(..., min_length=6, max_length=8)


class RegisterRequest(BaseModel):
    """Registration request schema."""

    username: str = Field(..., min_length=3, max_length=100)
    email: EmailStr = Field(..., description="Valid email address")
    password: str = Field(..., min_length=8, description="Password must be at least 8 characters")

    class Config:
        json_schema_extra = {
            "example": {
                "username": "johndoe",
                "email": "john@example.com",
                "password": "securepassword123"
            }
        }