admin/meijiaka-zy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
caa0327d87ff9de83c1a37e9e51eb3a1c716f064
meijiaka-zy/python-api/app/api/v1/auth.py
T
小鱼开发 caa0327d87 fix(auth): 登录接口优先读取 X-Forwarded-For 头获取真实公网 IP 
- 原来 http_request.client.host 获取的是 Nginx 内网 IP
- 现在优先读 X-Forwarded-For → X-Real-IP → client.host 兜底
2026-05-08 16:47:19 +08:00

180 lines
4.9 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
"""
认证模块 API
============
采用"手机号 + JWT + 单设备登录"的认证方案。
核心接口:
- /login: 手机号验证码登录(签发双 Token + SSE 踢人)
- /refresh: Refresh Token 轮换(换取新 Token 对)
- /logout: 登出(删除设备记录)
- /send-code: 发送短信验证码
- /me: 获取当前用户信息
"""
from __future__ import annotations
from fastapi import APIRouter, Depends, HTTPException, Request, status
from app.api.deps import get_current_user
from app.db.session import AsyncSession, get_db
from app.models.user import User
from app.schemas.auth import (
MobileLoginRequest,
RefreshTokenRequest,
SendSmsCodeRequest,
TokenResponse,
)
from app.schemas.common import ApiResponse, success_response
from app.schemas.user import UserProfileResponse
from app.services.auth_service import (
login_with_sms,
logout,
refresh_access_token,
send_sms_code,
)
router = APIRouter()
@router.post("/send-code", response_model=ApiResponse[dict])
async def send_code(
request: SendSmsCodeRequest,
):
"""
发送短信验证码
开发阶段验证码直接打印到日志,生产环境接入短信服务商。
每个手机号每日最多发送 10 次。
"""
try:
await send_sms_code(request.mobile)
except ValueError as e:
raise HTTPException(
status_code=status.HTTP_429_TOO_MANY_REQUESTS,
detail=str(e),
)
return success_response(
data={"expire_minutes": 5},
message="验证码已发送",
)
@router.post("/login", response_model=ApiResponse[TokenResponse])
async def login(
request: MobileLoginRequest,
db: AsyncSession = Depends(get_db),
http_request: Request = None,
):
"""
手机号验证码登录
流程:
1. 校验验证码
2. 获取或创建用户
3. 踢掉旧设备(SSE 推送)
4. 创建/覆盖设备记录
5. 签发双 TokenAccess + Refresh
"""
# 获取客户端 IP(优先从 Nginx 转发头读取真实公网 IP)
client_ip = None
if http_request:
xff = http_request.headers.get("x-forwarded-for")
if xff:
client_ip = xff.split(",")[0].strip()
else:
xri = http_request.headers.get("x-real-ip")
client_ip = xri or (http_request.client.host if http_request.client else None)
try:
result = await login_with_sms(
db,
mobile=request.mobile,
code=request.code,
device_id=request.device_id,
device_name=request.device_name,
os_info=request.os_info,
app_version=request.app_version,
ip=client_ip,
)
except ValueError as e:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=str(e),
)
return success_response(
data=TokenResponse(
access_token=result["access_token"],
refresh_token=result["refresh_token"],
user=result["user"],
),
message="登录成功",
)
@router.post("/refresh", response_model=ApiResponse[dict])
async def refresh_token(
request: RefreshTokenRequest,
db: AsyncSession = Depends(get_db),
):
"""
用 Refresh Token 换取新的 Token 对(Token 轮换)
每次刷新都会生成全新的 Access Token 和 Refresh Token
同时更新设备记录中的 refresh_token_hash。
"""
try:
result = await refresh_access_token(db, refresh_token=request.refresh_token)
except ValueError as e:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=str(e),
headers={"WWW-Authenticate": "Bearer"},
)
return success_response(
data={
"access_token": result["access_token"],
"refresh_token": result["refresh_token"],
},
message="Token 刷新成功",
)
@router.post("/logout", response_model=ApiResponse[dict])
async def do_logout(
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
):
"""
用户登出
删除设备记录,注销 SSE 连接,使当前设备的 Token 失效。
"""
await logout(db, user_id=current_user.id)
return success_response(
data={},
message="登出成功",
)
@router.get("/me", response_model=ApiResponse[UserProfileResponse])
async def get_me(
current_user: User = Depends(get_current_user),
):
"""获取当前登录用户信息"""
return success_response(
data=UserProfileResponse(
id=current_user.id,
mobile=current_user.mobile,
nickname=current_user.nickname,
avatar=current_user.avatar_url or "",
status=current_user.status,
source=current_user.source,
last_login_at=current_user.last_login_at,
created_at=current_user.created_at,
)
)
Reference in New Issue View Git Blame Copy Permalink