4f53889a8e
- 后端: FastAPI + SQLAlchemy + SQLite, JWT认证, 代理支持的AirwallexClient - 前端: React 18 + Vite + Ant Design 5, 中文界面 - 功能: 卡片管理, 持卡人管理, 交易记录, API令牌, 系统设置, 审计日志 - 第三方API: X-API-Key认证, 权限控制 - Docker部署: docker-compose编排前后端
38 lines
1.5 KiB
Python
38 lines
1.5 KiB
Python
"""Authentication router."""
|
|
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.auth import verify_password, create_access_token, get_current_user, AdminUser
|
|
from app.config import settings
|
|
from app.database import get_db
|
|
from app.models.db_models import SystemSetting
|
|
from app.models.schemas import LoginRequest, TokenResponse
|
|
from app.services.audit_log import create_audit_log
|
|
|
|
router = APIRouter(prefix="/api/auth", tags=["auth"])
|
|
|
|
|
|
@router.post("/login", response_model=TokenResponse)
|
|
def login(req: LoginRequest, db: Session = Depends(get_db)):
|
|
"""Admin login endpoint."""
|
|
if req.username != settings.ADMIN_USERNAME:
|
|
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
|
|
|
|
# Get password hash from database
|
|
setting = db.query(SystemSetting).filter(SystemSetting.key == "admin_password_hash").first()
|
|
if not setting:
|
|
raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Admin not initialized")
|
|
|
|
if not verify_password(req.password, setting.value):
|
|
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
|
|
|
|
token = create_access_token(data={"sub": req.username})
|
|
create_audit_log(db, action="login", resource_type="auth", operator=req.username)
|
|
return TokenResponse(access_token=token, token_type="bearer")
|
|
|
|
|
|
@router.get("/me")
|
|
def get_me(user: AdminUser = Depends(get_current_user)):
|
|
"""Get current authenticated user."""
|
|
return {"username": user.username}
|