Add user auth, personal cabinet, admin panel and first admin bootstrap

Co-authored-by: Cursor <cursoragent@cursor.com>

app/auth.py

@@ -0,0 +1,78 @@
+from flask import Blueprint, flash, redirect, render_template, request, url_for
+from flask_login import current_user, login_user, logout_user
+
+from app import db
+from app.models import User
+
+bp = Blueprint("auth", __name__, url_prefix="/auth")
+
+
+@bp.route("/register", methods=["GET", "POST"])
+def register():
+    if current_user.is_authenticated:
+        return redirect(url_for("cabinet.index"))
+
+    if request.method == "POST":
+        username = request.form.get("username", "").strip()
+        email = request.form.get("email", "").strip().lower()
+        password = request.form.get("password", "")
+        password2 = request.form.get("password2", "")
+
+        if len(username) < 3:
+            flash("Имя пользователя — минимум 3 символа", "error")
+        elif len(password) < 6:
+            flash("Пароль — минимум 6 символов", "error")
+        elif password != password2:
+            flash("Пароли не совпадают", "error")
+        elif User.query.filter_by(username=username).first():
+            flash("Это имя пользователя уже занято", "error")
+        elif User.query.filter_by(email=email).first():
+            flash("Этот email уже зарегистрирован", "error")
+        else:
+            user = User(username=username, email=email)
+            user.set_password(password)
+            db.session.add(user)
+            db.session.commit()
+            login_user(user)
+            flash("Регистрация успешна. Добро пожаловать!", "success")
+            return redirect(url_for("cabinet.index"))
+
+    return render_template("auth/register.html")
+
+
+@bp.route("/login", methods=["GET", "POST"])
+def login():
+    if current_user.is_authenticated:
+        return redirect(url_for("cabinet.index"))
+
+    if request.method == "POST":
+        login = request.form.get("login", "").strip()
+        password = request.form.get("password", "")
+        remember = request.form.get("remember") == "on"
+
+        user = User.query.filter(
+            (User.username == login) | (User.email == login.lower())
+        ).first()
+
+        if user is None or not user.check_password(password):
+            flash("Неверный логин или пароль", "error")
+        elif not user.is_active:
+            flash("Аккаунт заблокирован", "error")
+        else:
+            login_user(user, remember=remember)
+            flash(f"Добро пожаловать, {user.username}!", "success")
+            next_page = request.args.get("next")
+            if next_page:
+                return redirect(next_page)
+            if user.is_admin:
+                return redirect(url_for("admin.dashboard"))
+            return redirect(url_for("cabinet.index"))
+
+    return render_template("auth/login.html")
+
+
+@bp.route("/logout")
+def logout():
+    logout_user()
+    flash("Вы вышли из аккаунта", "success")
+    return redirect(url_for("main.index"))