import json """认证路由:登录 / 获取当前用户""" from datetime import datetime, timedelta from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy import select import jwt import bcrypt from app.api.deps import get_db, get_current_user from app.config import settings from app.core.models.user import User from app.schemas.auth import LoginRequest, TokenResponse, UserInfo router = APIRouter(prefix="/auth", tags=["认证"]) def _make_token(user_id: int) -> str: payload = { "sub": str(user_id), "exp": datetime.utcnow() + timedelta(days=7), } return jwt.encode(payload, settings.SECRET_KEY, algorithm="HS256") def _verify_password(plain: str, hashed: str) -> bool: try: return bcrypt.checkpw(plain.encode(), hashed.encode()) except Exception: return False @router.post("/login", response_model=TokenResponse, summary="管理员登录") async def login(body: LoginRequest, db: AsyncSession = Depends(get_db)): result = await db.execute( select(User).where(User.email == body.email, User.is_active == True) ) user: User | None = result.scalar_one_or_none() if not user or not _verify_password(body.password, user.password_hash): raise HTTPException(status_code=401, detail="邮箱或密码错误") token = _make_token(user.id) return TokenResponse( token=token, user=UserInfo( id=user.id, email=user.email, name=( (lambda p: p.get("Name") or p.get("name"))( json.loads(user.profile) if isinstance(user.profile, str) else (user.profile or {}) ) or user.email.split("@")[0] ), role=user.role, ), ) @router.get("/me", response_model=UserInfo, summary="获取当前登录用户") async def me(current_user: User = Depends(get_current_user)): return UserInfo( id=current_user.id, email=current_user.email, name=( (lambda p: p.get("Name") or p.get("name"))( json.loads(current_user.profile) if isinstance(current_user.profile, str) else (current_user.profile or {}) ) or current_user.email.split("@")[0] ), role=current_user.role, )