def login(): data = request.get_json() user = User.authenticate(**data) if not user: return jsonify({ 'message': 'Invalid credentials', 'authenticated': False }), 401 token = jwt.encode({ 'sub': user.email, 'iat':datetime.utcnow(), 'exp': datetime.utcnow() + timedelta(minutes=30)}, current_app.config['SECRET_KEY']) return jsonify({ 'token': token.decode('UTF-8') })