a9d1b0e416
上轮 3 次 commit 只入库了修补文件,主体目录漏入库。本次补入 backend/app/、backend/requirements.txt、backend/scripts/__init__.py。同步在 .gitignore 加 homePC/(制片人家用机带过来的参考文件,不进库)。
56 lines
1.6 KiB
Python
56 lines
1.6 KiB
Python
"""
|
|
FastAPI 依赖注入工具 — 获取当前用户、角色鉴权
|
|
"""
|
|
|
|
from fastapi import Depends, HTTPException, Request, status
|
|
from sqlmodel import Session
|
|
|
|
from app.db.session import get_session
|
|
from app.models.user import User, UserRole
|
|
|
|
|
|
def get_current_user(
|
|
request: Request,
|
|
session: Session = Depends(get_session),
|
|
) -> User:
|
|
"""从 Session 中取 user_id,查库返回当前用户。
|
|
|
|
未登录或用户不存在 / 已停用时抛出 401。
|
|
"""
|
|
user_id = request.session.get("user_id")
|
|
if user_id is None:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="请先登录",
|
|
)
|
|
user = session.get(User, user_id)
|
|
if user is None or not user.is_active:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="用户不存在或已被停用",
|
|
)
|
|
return user
|
|
|
|
|
|
def require_role(*allowed_roles: UserRole):
|
|
"""返回一个 Depends 依赖,要求当前用户拥有指定的角色之一。
|
|
|
|
使用示例:
|
|
@router.get("/admin-only")
|
|
def admin_endpoint(user=Depends(require_role(UserRole.zhipianren))):
|
|
...
|
|
|
|
@router.get("/staff")
|
|
def staff_endpoint(user=Depends(require_role(UserRole.zhipianren, UserRole.zebian))):
|
|
...
|
|
"""
|
|
|
|
def check_role(user: User = Depends(get_current_user)) -> User:
|
|
if user.role not in allowed_roles:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="权限不足,无法执行此操作",
|
|
)
|
|
return user
|
|
|
|
return check_role |