feat: guest user

backend/app/auth/router.py

@@ -58,6 +58,27 @@ async def login(response: Response, credentials: OAuth2PasswordRequestForm = Dep
     )
     return token
 
+@router.post("/guest")
+async def guest_login(response: Response) -> Token:
+    user = await UserService.create_guest_user()
+    token = await AuthService.create_token(user.id)
+
+    response.set_cookie(
+        'access_token',
+        token.access_token,
+        max_age=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60,
+        httponly=True,
+        samesite='lax'
+    )
+    response.set_cookie(
+        'refresh_token',
+        str(token.refresh_token),
+        max_age=settings.REFRESH_TOKEN_EXPIRE_DAYS * 30 * 24 * 60,
+        httponly=True,
+        samesite='lax'
+    )
+    return token
+
 @router.post("/refresh")
 async def refresh_token(request: Request, response: Response) -> Token:
     new_token = await AuthService.refresh_token(uuid.UUID(request.cookies.get("refresh_token")))

backend/app/core/config.py

@@ -19,6 +19,11 @@ class Settings(BaseSettings):
     FIRST_SUPER_USER_PASS: str
     FIRST_SUPER_USER_USERNAME: str
 
+    GUEST_USER_EMAIL: str = "guest@example.com"
+    GUEST_USER_USERNAME: str = "guest"
+    GUEST_USER_DISPLAY_NAME: str = "Гость"
+    GUEST_USER_PASSWORD: str = "guest"
+
     CORS_ORIGINS: List[str] = ["http://localhost:5500", "http://127.0.0.1:5500", "http://localhost:8080", "http://127.0.0.1:8080", "null"]
     CORS_HEADERS: List[str] = ["*"]
     CORS_METHODS: List[str] = ["*"]

backend/app/users/service.py

@@ -22,6 +22,31 @@ log = logging.getLogger(__name__)
 
 class UserService:
     @classmethod
+    async def create_guest_user(cls) -> UserModel:
+        async with async_session_maker() as session:
+            unique = uuid.uuid4().hex[:8]
+            username_prefix = settings.GUEST_USER_USERNAME or "guest"
+            email_base = settings.GUEST_USER_EMAIL or "guest@example.com"
+            if "@" in email_base:
+                _, domain = email_base.split("@", 1)
+            else:
+                domain = "example.com"
+
+            user_db = await UserDAO.add(
+                session,
+                UserCreateDB(
+                    display_name=f"{settings.GUEST_USER_DISPLAY_NAME} #{unique[:4]}",
+                    username=f"{username_prefix}_{unique}",
+                    email=f"{username_prefix}_{unique}@{domain}",
+                    hashed_password=hash_password(uuid.uuid4().hex),
+                    is_active=True,
+                    is_verified=True,
+                    is_superuser=False
+                )
+            )
+            await session.commit()
+            return user_db
+    @classmethod
     async def get_user(cls, user_id: int) -> User:
         async with async_session_maker() as session:
             user_exist = await UserDAO.find_one_or_none(session, id=user_id)