"""Auth request/response schemas. Tokens are returned in the body (the client
stores them); refresh is presented back in the body too (offline-first clients
manage their own token store, not cookies)."""

from pydantic import BaseModel, Field


class LoginRequest(BaseModel):
    username: str = Field(min_length=1, max_length=64)
    password: str = Field(min_length=1)


class RefreshRequest(BaseModel):
    refresh_token: str


class TokenResponse(BaseModel):
    access_token: str
    refresh_token: str
    token_type: str = "bearer"