255 lines
11 KiB
Python
255 lines
11 KiB
Python
from fastapi import APIRouter, Depends
|
|
from typing import Optional
|
|
from app.models.models import UserInfo, PasswordChangeRequest, UserListResponse, CreateUserRequest, UpdateUserRequest, RoleInfo
|
|
from app.core.database import get_db_connection
|
|
from app.core.auth import get_current_user
|
|
from app.core.response import create_api_response
|
|
import app.core.config as config_module
|
|
import hashlib
|
|
import datetime
|
|
import re
|
|
|
|
router = APIRouter()
|
|
|
|
def validate_email(email: str) -> bool:
|
|
"""Basic email validation"""
|
|
pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
|
|
return re.match(pattern, email) is not None
|
|
|
|
def hash_password(password: str) -> str:
|
|
return hashlib.sha256(password.encode()).hexdigest()
|
|
|
|
@router.get("/roles")
|
|
def get_all_roles(current_user: dict = Depends(get_current_user)):
|
|
"""获取所有角色列表"""
|
|
if current_user['role_id'] != 1: # 1 is admin
|
|
return create_api_response(code="403", message="仅管理员有权限查看角色列表")
|
|
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
cursor.execute("SELECT role_id, role_name FROM roles ORDER BY role_id")
|
|
roles = cursor.fetchall()
|
|
return create_api_response(code="200", message="获取角色列表成功", data=[RoleInfo(**role).dict() for role in roles])
|
|
|
|
@router.post("/users")
|
|
def create_user(request: CreateUserRequest, current_user: dict = Depends(get_current_user)):
|
|
if current_user['role_id'] != 1: # 1 is admin
|
|
return create_api_response(code="403", message="仅管理员有权限创建用户")
|
|
|
|
if not validate_email(request.email):
|
|
return create_api_response(code="400", message="邮箱格式不正确")
|
|
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
cursor.execute("SELECT user_id FROM users WHERE username = %s", (request.username,))
|
|
if cursor.fetchone():
|
|
return create_api_response(code="400", message="用户名已存在")
|
|
|
|
password = request.password if request.password else config_module.DEFAULT_RESET_PASSWORD
|
|
hashed_password = hash_password(password)
|
|
|
|
query = "INSERT INTO users (username, password_hash, caption, email, role_id, created_at) VALUES (%s, %s, %s, %s, %s, %s)"
|
|
created_at = datetime.datetime.utcnow()
|
|
cursor.execute(query, (request.username, hashed_password, request.caption, request.email, request.role_id, created_at))
|
|
connection.commit()
|
|
|
|
return create_api_response(code="200", message="用户创建成功")
|
|
|
|
@router.put("/users/{user_id}")
|
|
def update_user(user_id: int, request: UpdateUserRequest, current_user: dict = Depends(get_current_user)):
|
|
if current_user['role_id'] != 1: # 1 is admin
|
|
return create_api_response(code="403", message="仅管理员有权限修改用户信息")
|
|
|
|
if request.email and not validate_email(request.email):
|
|
return create_api_response(code="400", message="邮箱格式不正确")
|
|
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
cursor.execute("SELECT user_id, username, caption, email, role_id FROM users WHERE user_id = %s", (user_id,))
|
|
existing_user = cursor.fetchone()
|
|
if not existing_user:
|
|
return create_api_response(code="404", message="用户不存在")
|
|
|
|
if request.username and request.username != existing_user['username']:
|
|
cursor.execute("SELECT user_id FROM users WHERE username = %s AND user_id != %s", (request.username, user_id))
|
|
if cursor.fetchone():
|
|
return create_api_response(code="400", message="用户名已存在")
|
|
|
|
update_data = {
|
|
'username': request.username if request.username else existing_user['username'],
|
|
'caption': request.caption if request.caption else existing_user['caption'],
|
|
'email': request.email if request.email else existing_user['email'],
|
|
'role_id': request.role_id if request.role_id is not None else existing_user['role_id']
|
|
}
|
|
|
|
query = "UPDATE users SET username = %s, caption = %s, email = %s, role_id = %s WHERE user_id = %s"
|
|
cursor.execute(query, (update_data['username'], update_data['caption'], update_data['email'], update_data['role_id'], user_id))
|
|
connection.commit()
|
|
|
|
cursor.execute('''
|
|
SELECT u.user_id, u.username, u.caption, u.email, u.created_at, u.role_id, r.role_name
|
|
FROM users u
|
|
LEFT JOIN roles r ON u.role_id = r.role_id
|
|
WHERE u.user_id = %s
|
|
''', (user_id,))
|
|
updated_user = cursor.fetchone()
|
|
|
|
user_info = UserInfo(
|
|
user_id=updated_user['user_id'],
|
|
username=updated_user['username'],
|
|
caption=updated_user['caption'],
|
|
email=updated_user['email'],
|
|
created_at=updated_user['created_at'],
|
|
role_id=updated_user['role_id'],
|
|
role_name=updated_user['role_name'],
|
|
meetings_created=0,
|
|
meetings_attended=0
|
|
)
|
|
return create_api_response(code="200", message="用户信息更新成功", data=user_info.dict())
|
|
|
|
@router.delete("/users/{user_id}")
|
|
def delete_user(user_id: int, current_user: dict = Depends(get_current_user)):
|
|
if current_user['role_id'] != 1: # 1 is admin
|
|
return create_api_response(code="403", message="仅管理员有权限删除用户")
|
|
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
cursor.execute("SELECT user_id FROM users WHERE user_id = %s", (user_id,))
|
|
if not cursor.fetchone():
|
|
return create_api_response(code="404", message="用户不存在")
|
|
|
|
cursor.execute("DELETE FROM users WHERE user_id = %s", (user_id,))
|
|
connection.commit()
|
|
|
|
return create_api_response(code="200", message="用户删除成功")
|
|
|
|
@router.post("/users/{user_id}/reset-password")
|
|
def reset_password(user_id: int, current_user: dict = Depends(get_current_user)):
|
|
if current_user['role_id'] != 1: # 1 is admin
|
|
return create_api_response(code="403", message="仅管理员有权限重置密码")
|
|
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
cursor.execute("SELECT user_id FROM users WHERE user_id = %s", (user_id,))
|
|
if not cursor.fetchone():
|
|
return create_api_response(code="404", message="用户不存在")
|
|
|
|
hashed_password = hash_password(config_module.DEFAULT_RESET_PASSWORD)
|
|
|
|
query = "UPDATE users SET password_hash = %s WHERE user_id = %s"
|
|
cursor.execute(query, (hashed_password, user_id))
|
|
connection.commit()
|
|
|
|
return create_api_response(code="200", message=f"用户 {user_id} 的密码已重置")
|
|
|
|
@router.get("/users")
|
|
def get_all_users(page: int = 1, size: int = 10, role_id: Optional[int] = None, current_user: dict = Depends(get_current_user)):
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
count_query = "SELECT COUNT(*) as total FROM users"
|
|
params = []
|
|
if role_id is not None:
|
|
count_query += " WHERE role_id = %s"
|
|
params.append(role_id)
|
|
|
|
cursor.execute(count_query, tuple(params))
|
|
total = cursor.fetchone()['total']
|
|
|
|
offset = (page - 1) * size
|
|
|
|
query = '''
|
|
SELECT
|
|
u.user_id, u.username, u.caption, u.email, u.created_at, u.role_id,
|
|
r.role_name,
|
|
(SELECT COUNT(*) FROM meetings WHERE user_id = u.user_id) as meetings_created,
|
|
(SELECT COUNT(*) FROM attendees WHERE user_id = u.user_id) as meetings_attended
|
|
FROM users u
|
|
LEFT JOIN roles r ON u.role_id = r.role_id
|
|
'''
|
|
|
|
query_params = []
|
|
if role_id is not None:
|
|
query += " WHERE u.role_id = %s"
|
|
query_params.append(role_id)
|
|
|
|
query += '''
|
|
ORDER BY u.user_id ASC
|
|
LIMIT %s OFFSET %s
|
|
'''
|
|
|
|
query_params.extend([size, offset])
|
|
|
|
cursor.execute(query, tuple(query_params))
|
|
users = cursor.fetchall()
|
|
|
|
user_list = [UserInfo(**user) for user in users]
|
|
|
|
response_data = UserListResponse(users=user_list, total=total)
|
|
return create_api_response(code="200", message="获取用户列表成功", data=response_data.dict())
|
|
|
|
@router.get("/users/{user_id}")
|
|
def get_user_info(user_id: int, current_user: dict = Depends(get_current_user)):
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
user_query = '''
|
|
SELECT u.user_id, u.username, u.caption, u.email, u.created_at, u.role_id, r.role_name
|
|
FROM users u
|
|
LEFT JOIN roles r ON u.role_id = r.role_id
|
|
WHERE u.user_id = %s
|
|
'''
|
|
cursor.execute(user_query, (user_id,))
|
|
user = cursor.fetchone()
|
|
|
|
if not user:
|
|
return create_api_response(code="404", message="用户不存在")
|
|
|
|
created_query = "SELECT COUNT(*) as count FROM meetings WHERE user_id = %s"
|
|
cursor.execute(created_query, (user_id,))
|
|
meetings_created = cursor.fetchone()['count']
|
|
|
|
attended_query = "SELECT COUNT(*) as count FROM attendees WHERE user_id = %s"
|
|
cursor.execute(attended_query, (user_id,))
|
|
meetings_attended = cursor.fetchone()['count']
|
|
|
|
user_info = UserInfo(
|
|
user_id=user['user_id'],
|
|
username=user['username'],
|
|
caption=user['caption'],
|
|
email=user['email'],
|
|
created_at=user['created_at'],
|
|
role_id=user['role_id'],
|
|
role_name=user['role_name'],
|
|
meetings_created=meetings_created,
|
|
meetings_attended=meetings_attended
|
|
)
|
|
return create_api_response(code="200", message="获取用户信息成功", data=user_info.dict())
|
|
|
|
@router.put("/users/{user_id}/password")
|
|
def update_password(user_id: int, request: PasswordChangeRequest, current_user: dict = Depends(get_current_user)):
|
|
if user_id != current_user['user_id'] and current_user['role_id'] != 1:
|
|
return create_api_response(code="403", message="没有权限修改其他用户的密码")
|
|
|
|
with get_db_connection() as connection:
|
|
cursor = connection.cursor(dictionary=True)
|
|
|
|
cursor.execute("SELECT password_hash FROM users WHERE user_id = %s", (user_id,))
|
|
user = cursor.fetchone()
|
|
|
|
if not user:
|
|
return create_api_response(code="404", message="用户不存在")
|
|
|
|
if current_user['role_id'] != 1:
|
|
if user['password_hash'] != hash_password(request.old_password):
|
|
return create_api_response(code="400", message="旧密码错误")
|
|
|
|
new_password_hash = hash_password(request.new_password)
|
|
cursor.execute("UPDATE users SET password_hash = %s WHERE user_id = %s", (new_password_hash, user_id))
|
|
connection.commit()
|
|
|
|
return create_api_response(code="200", message="密码修改成功") |