fixes and refactor

app/api/auth.py

@@ -1,7 +1,7 @@
 """
 Authentication API endpoints
 """
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from typing import List
 from fastapi import APIRouter, Depends, HTTPException, status, Request
 from fastapi.security import OAuth2PasswordRequestForm
@@ -69,7 +69,7 @@ async def login(login_data: LoginRequest, request: Request, db: Session = Depend
         )
     
     # Update last login
-    user.last_login = datetime.utcnow()
+    user.last_login = datetime.now(timezone.utc)
     db.commit()
     
     access_token_expires = timedelta(minutes=settings.access_token_expire_minutes)
@@ -144,7 +144,7 @@ async def read_users_me(current_user: User = Depends(get_current_user)):
 async def refresh_token_endpoint(
     request: Request,
     db: Session = Depends(get_db),
-    body: RefreshRequest | None = None,
+    body: RefreshRequest = None,
 ):
     """Issue a new access token using a valid, non-revoked refresh token.
 
@@ -203,7 +203,7 @@ async def refresh_token_endpoint(
     if not user or not user.is_active:
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found or inactive")
 
-    user.last_login = datetime.utcnow()
+    user.last_login = datetime.now(timezone.utc)
     db.commit()
 
     access_token_expires = timedelta(minutes=settings.access_token_expire_minutes)
@@ -225,7 +225,7 @@ async def list_users(
 
 
 @router.post("/logout")
-async def logout(body: RefreshRequest | None = None, db: Session = Depends(get_db)):
+async def logout(body: RefreshRequest = None, db: Session = Depends(get_db)):
     """Revoke the provided refresh token. Idempotent and safe to call multiple times.
 
     The client should send a JSON body: { "refresh_token": "..." }.