a9d1b0e416
上轮 3 次 commit 只入库了修补文件,主体目录漏入库。本次补入 backend/app/、backend/requirements.txt、backend/scripts/__init__.py。同步在 .gitignore 加 homePC/(制片人家用机带过来的参考文件,不进库)。
46 lines
1.5 KiB
Python
46 lines
1.5 KiB
Python
"""
|
|
认证路由 — 登录 / 登出 / 当前用户
|
|
"""
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Request, status
|
|
from sqlmodel import Session, select
|
|
|
|
from app.core.deps import get_current_user
|
|
from app.core.security import verify_password
|
|
from app.db.session import get_session
|
|
from app.models.user import User
|
|
from app.schemas.auth import LoginRequest, UserResponse
|
|
|
|
router = APIRouter(prefix="/api/auth", tags=["认证"])
|
|
|
|
|
|
@router.post("/login", response_model=UserResponse)
|
|
def login(body: LoginRequest, request: Request, session: Session = Depends(get_session)):
|
|
"""账号登录。验证成功后写入 session,返回用户信息。"""
|
|
statement = select(User).where(User.username == body.username)
|
|
user = session.exec(statement).first()
|
|
if user is None or not user.is_active:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="用户名或密码错误",
|
|
)
|
|
if not verify_password(body.password, user.password_hash):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="用户名或密码错误",
|
|
)
|
|
request.session["user_id"] = user.id
|
|
return user
|
|
|
|
|
|
@router.post("/logout")
|
|
def logout(request: Request):
|
|
"""退出登录,清空当前 session。"""
|
|
request.session.clear()
|
|
return {"message": "已退出登录"}
|
|
|
|
|
|
@router.get("/me", response_model=UserResponse)
|
|
def get_me(user: User = Depends(get_current_user)):
|
|
"""获取当前登录用户的信息。"""
|
|
return user |