def auth_login():
if not request.is_json:
return error_bad_request()
username = request.json.get('username')
password = request.json.get('password')
if not username or not password:
return error_bad_login()
user = User().query.filter_by(username=username).first()
if not user or not user.checkpassword(password):
return error_bad_login()
access_token = create_access_token(username)
return jsonify(token=access_token), 200 # OK
