meijiaka-zy/python-api/app/api/deps.py

"""
依赖注入工具
============
"""

from __future__ import annotations

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession

from app.config import get_settings
from app.core.security import verify_token
from app.db.session import get_db as db_session
from app.crud.user import user as user_crud
from app.models.user import User

settings = get_settings()
security = HTTPBearer(auto_error=False)


# 数据库依赖
async def get_db() -> AsyncSession:
    """获取数据库 Session"""
    async for session in db_session():
        yield session


async def get_current_user(
    credentials: HTTPAuthorizationCredentials | None = Depends(security),
    db: AsyncSession = Depends(get_db),
) -> User:
    """
    获取当前登录用户

    从 Authorization Header 中提取 JWT Token 并验证。

    【测试环境特殊处理】
    当 settings.DEBUG = True 时，直接短路返回测试用户，跳过一切 token 校验。
    原因：测试环境用户认证功能尚未实现，前端无需登录即可调用所有接口，
    避免阻塞视频生成、对口型等需要 current_user 的流程测试。
    生产环境 DEBUG=False 时不受影响，仍走正常 JWT 认证。
    """
    # ========== 测试环境：直接短路返回测试用户 ==========
    if settings.DEBUG:
        result = await db.execute(select(User).limit(1))
        user = result.scalar_one_or_none()

        # 数据库为空时自动创建测试用户，确保始终有用户可返回
        if user is None:
            user = await user_crud.get_or_create_by_mobile(
                db,
                mobile="13800138000",
                nickname="测试用户",
            )
        return user

    # ========== 生产环境：正常 JWT 认证 ==========
    if credentials is None:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="缺少认证信息",
            headers={"WWW-Authenticate": "Bearer"},
        )

    token = credentials.credentials
    payload = verify_token(token)
    if not payload or not payload.get("sub"):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Token 无效或已过期",
            headers={"WWW-Authenticate": "Bearer"},
        )

    user_id = payload.get("sub")
    result = await db.execute(select(User).where(User.id == user_id))
    user = result.scalar_one_or_none()

    if user is None:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="用户不存在",
            headers={"WWW-Authenticate": "Bearer"},
        )

    return user


async def get_current_user_optional(
    credentials: HTTPAuthorizationCredentials | None = Depends(security),
    db=Depends(get_db),
) -> User | None:
    """
    获取当前登录用户（可选，未登录返回 None）
    """
    if credentials is None:
        return None

    try:
        return await get_current_user(credentials, db)
    except HTTPException:
        return None