src/routes/auth.py

# src/routes/auth.py

from flask import Blueprint, render_template, request, redirect, url_for, flash, session
from src.models.user import User
from src.extensions import db

auth_bp = Blueprint("auth", __name__, template_folder="../templates")

@auth_bp.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        username = request.form.get("username")
        password = request.form.get("password")
        
        if not username or not password:
            flash("Username and password are required.", "warning")
            return render_template("login.html")

        user = User.query.filter_by(username=username).first()

        if user and user.check_password(password):
            session.clear() # Clear previous session data
            session["user_id"] = user.id
            session["username"] = user.username
            session["user_role"] = user.role
            flash("Login successful!", "success")
            # Redirect to the main dashboard (which we will create later)
            # For now, redirect to a placeholder index
            return redirect(url_for("drafting.list_drafts")) 
        else:
            flash("Invalid username or password.", "danger")
            
    # If already logged in, redirect to dashboard
    if "user_id" in session:
        return redirect(url_for("index"))
        
    return render_template("login.html")

@auth_bp.route("/logout")
def logout():
    session.clear()
    flash("You have been logged out.", "info")
    return redirect(url_for("auth.login"))

# Optional: Add a registration route if needed
# @auth_bp.route("/register", methods=["GET", "POST"])
# def register():
#     # Implementation for user registration
#     pass