166 lines
5.6 KiB
Python
166 lines
5.6 KiB
Python
"""
|
||
用户认证相关 API
|
||
"""
|
||
from fastapi import APIRouter, Depends, HTTPException, status, Request
|
||
from sqlalchemy.ext.asyncio import AsyncSession
|
||
from sqlalchemy import select
|
||
from datetime import datetime
|
||
import logging
|
||
|
||
from app.core.database import get_db
|
||
from app.core.security import verify_password, get_password_hash, create_access_token
|
||
from app.core.deps import get_current_user
|
||
from app.core.redis_client import TokenCache
|
||
from app.models.user import User
|
||
from app.models.role import Role, UserRole
|
||
from app.schemas.user import UserCreate, UserLogin, UserResponse, Token, ChangePassword, UserUpdate
|
||
from app.schemas.response import success_response, error_response
|
||
|
||
logger = logging.getLogger(__name__)
|
||
router = APIRouter()
|
||
|
||
|
||
@router.post("/register", response_model=dict)
|
||
async def register(user_in: UserCreate, db: AsyncSession = Depends(get_db)):
|
||
"""用户注册"""
|
||
# 检查用户名是否存在
|
||
result = await db.execute(select(User).where(User.username == user_in.username))
|
||
existing_user = result.scalar_one_or_none()
|
||
if existing_user:
|
||
raise HTTPException(status_code=400, detail="用户名已存在")
|
||
|
||
# 检查邮箱是否存在
|
||
if user_in.email:
|
||
result = await db.execute(select(User).where(User.email == user_in.email))
|
||
existing_email = result.scalar_one_or_none()
|
||
if existing_email:
|
||
raise HTTPException(status_code=400, detail="邮箱已被注册")
|
||
|
||
# 创建用户
|
||
db_user = User(
|
||
username=user_in.username,
|
||
password_hash=get_password_hash(user_in.password),
|
||
nickname=user_in.nickname or user_in.username,
|
||
email=user_in.email,
|
||
phone=user_in.phone,
|
||
status=1,
|
||
)
|
||
db.add(db_user)
|
||
await db.commit()
|
||
await db.refresh(db_user)
|
||
|
||
# 分配默认角色(普通用户)
|
||
result = await db.execute(select(Role).where(Role.role_code == "user"))
|
||
default_role = result.scalar_one_or_none()
|
||
if default_role:
|
||
user_role = UserRole(user_id=db_user.id, role_id=default_role.id)
|
||
db.add(user_role)
|
||
await db.commit()
|
||
|
||
return success_response(
|
||
data={"user_id": db_user.id, "username": db_user.username},
|
||
message="注册成功"
|
||
)
|
||
|
||
|
||
@router.post("/login", response_model=dict)
|
||
async def login(user_in: UserLogin, db: AsyncSession = Depends(get_db)):
|
||
"""用户登录"""
|
||
# 查询用户
|
||
result = await db.execute(select(User).where(User.username == user_in.username))
|
||
user = result.scalar_one_or_none()
|
||
|
||
if not user or not verify_password(user_in.password, user.password_hash):
|
||
raise HTTPException(status_code=401, detail="用户名或密码错误")
|
||
|
||
if user.status != 1:
|
||
raise HTTPException(status_code=403, detail="用户已被禁用")
|
||
|
||
# 更新最后登录时间
|
||
user.last_login_at = datetime.utcnow()
|
||
await db.commit()
|
||
|
||
# 生成 Token(sub 必须是字符串)
|
||
access_token = create_access_token(data={"sub": str(user.id)})
|
||
|
||
# 保存 token 到 Redis(24小时过期)
|
||
await TokenCache.save_token(user.id, access_token, expire_seconds=86400)
|
||
|
||
# 返回用户信息和 Token
|
||
user_data = UserResponse.from_orm(user)
|
||
token_data = Token(access_token=access_token, user=user_data)
|
||
|
||
return success_response(data=token_data.dict(), message="登录成功")
|
||
|
||
|
||
@router.get("/me", response_model=dict)
|
||
async def get_current_user_info(current_user: User = Depends(get_current_user)):
|
||
"""获取当前用户信息"""
|
||
user_data = UserResponse.from_orm(current_user)
|
||
return success_response(data=user_data.dict())
|
||
|
||
|
||
@router.put("/profile", response_model=dict)
|
||
async def update_profile(
|
||
profile_in: UserUpdate,
|
||
current_user: User = Depends(get_current_user),
|
||
db: AsyncSession = Depends(get_db)
|
||
):
|
||
"""更新用户资料"""
|
||
# 检查邮箱是否已被其他用户使用
|
||
if profile_in.email:
|
||
result = await db.execute(
|
||
select(User).where(User.email == profile_in.email, User.id != current_user.id)
|
||
)
|
||
existing_email = result.scalar_one_or_none()
|
||
if existing_email:
|
||
raise HTTPException(status_code=400, detail="邮箱已被其他用户使用")
|
||
|
||
# 更新字段
|
||
update_data = profile_in.dict(exclude_unset=True)
|
||
for field, value in update_data.items():
|
||
setattr(current_user, field, value)
|
||
|
||
await db.commit()
|
||
await db.refresh(current_user)
|
||
|
||
user_data = UserResponse.from_orm(current_user)
|
||
return success_response(data=user_data.dict(), message="资料更新成功")
|
||
|
||
|
||
@router.post("/change-password", response_model=dict)
|
||
async def change_password(
|
||
password_in: ChangePassword,
|
||
current_user: User = Depends(get_current_user),
|
||
db: AsyncSession = Depends(get_db)
|
||
):
|
||
"""修改密码"""
|
||
# 验证旧密码
|
||
if not verify_password(password_in.old_password, current_user.password_hash):
|
||
raise HTTPException(status_code=400, detail="旧密码错误")
|
||
|
||
# 更新密码
|
||
current_user.password_hash = get_password_hash(password_in.new_password)
|
||
await db.commit()
|
||
|
||
# 密码修改后,删除用户所有 token(强制重新登录)
|
||
await TokenCache.delete_user_all_tokens(current_user.id)
|
||
|
||
return success_response(message="密码修改成功,请重新登录")
|
||
|
||
|
||
@router.post("/logout", response_model=dict)
|
||
async def logout(
|
||
request: Request,
|
||
current_user: User = Depends(get_current_user)
|
||
):
|
||
"""退出登录"""
|
||
# 从请求状态中获取 token(已在 get_current_user 中保存)
|
||
token = getattr(request.state, 'token', None)
|
||
|
||
if token:
|
||
await TokenCache.delete_token(token)
|
||
logger.info(f"User {current_user.username} logged out")
|
||
|
||
return success_response(message="退出成功")
|