Files
beige/backend/app/api/v1/auth.py
yangqianqian 6a2632da70 baseline: Clover 独立仓库首次基线提交
将 Clover 从上层产品包旧仓库中独立出来,建立专属版本控制。
当前状态=纵切片端到端已打通(登录→选品→出文出图→审核→下载包),
M1文案质量去套路化已验收。此提交作为后续按核销清单逐条修复的基线。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-16 11:30:22 +08:00

70 lines
2.5 KiB
Python

"""
app/api/v1/auth.py — 认证路由
路由层只做:参数校验 → 调 service → 格式化响应(不含业务逻辑)
"""
import logging
from typing import Annotated
from fastapi import APIRouter, Depends
from pydantic import BaseModel, field_validator
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.response import ok, raise_unauthorized
from app.core.security import create_access_token, decode_access_token
from app.middleware.workspace_guard import CurrentUser, get_current_user
from app.models.user import User
from app.models.workspace import Workspace
logger = logging.getLogger(__name__)
router = APIRouter(prefix="/auth", tags=["auth"])
# ── DTO ────────────────────────────────────────────────────
class LoginRequest(BaseModel):
username: str
password: str
@field_validator("username", "password")
@classmethod
def not_empty(cls, v: str) -> str:
if not v or not v.strip():
raise ValueError("不能为空")
return v
# ── 路由 ───────────────────────────────────────────────────
@router.post("/login")
def login(body: LoginRequest, db: Session = Depends(get_db)):
"""登录,返回 JWT。密码校验在 service 层(此处调用)。"""
from app.services.auth_service import authenticate_user, build_user_response
user, workspace_id, role = authenticate_user(db, body.username, body.password)
token = create_access_token(user.id, workspace_id, role)
return ok({
"token": token,
"user": build_user_response(user, workspace_id, role),
})
@router.get("/me")
def get_me(
current_user: Annotated[CurrentUser, Depends(get_current_user)],
db: Session = Depends(get_db),
):
"""当前用户信息 + workspace + role。"""
user = db.query(User).filter(User.id == current_user.user_id).first()
if not user:
raise_unauthorized("用户不存在")
ws = db.query(Workspace).filter(Workspace.id == current_user.workspace_id).first()
return ok({
"id": user.id,
"username": user.username,
"email": user.email,
"current_workspace_id": current_user.workspace_id,
"role": current_user.role,
"workspace": {
"id": ws.id, "name": ws.name, "slug": ws.slug,
} if ws else None,
})