carry/simple-rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

完了鉴权相关代码和鉴权依赖注入

Browse Source
This commit is contained in:
carry 2025-01-21 21:28:18 +08:00
parent 3b7ac1f682
commit f1cdbab0f4
4 changed files with 117 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
routes/depends.py Normal file
View File

@ -0,0 +1,18 @@
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from typing import Optional
from schemas.auth import TokenData
from services.auth_service import verify_token
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/login")
async def get_current_user(token: str = Depends(oauth2_scheme)) -> TokenData:
"""获取当前用户"""
token_data = verify_token(token)
if token_data is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials",
headers={"WWW-Authenticate": "Bearer"},
)
return token_data

36
routes/users.py
View File

@ -1,7 +1,9 @@
from fastapi import APIRouter, Depends, HTTPException, status
from typing import List, Optional
from schemas.auth import TokenData
from schemas.user import UserCreate, UserUpdate, UserResponse
from services.auth import get_current_user
from routes.depends import get_current_user
from services.user_services import get_user_by_id
router = APIRouter(tags=["users"])
@ -10,8 +12,14 @@ async def get_users(
page: int = 1,
limit: int = 10,
role: Optional[str] = None,
current_user: UserResponse = Depends(get_current_user)
current_user_token: TokenData = Depends(get_current_user)
):
current_user = await get_user_by_id(current_user_token.id)
if current_user is None:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
if current_user.role not in ["system_admin", "admin"]:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
@ -23,8 +31,14 @@ async def get_users(
@router.post("/", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
async def create_user(
user_data: UserCreate,
current_user: UserResponse = Depends(get_current_user)
current_user_token: TokenData = Depends(get_current_user)
):
current_user = await get_user_by_id(current_user_token.id)
if current_user is None:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
if current_user.role not in ["system_admin", "admin"]:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
@ -37,8 +51,14 @@ async def create_user(
async def update_user(
user_id: int,
user_data: UserUpdate,
current_user: UserResponse = Depends(get_current_user)
current_user_token: TokenData = Depends(get_current_user)
):
current_user = await get_user_by_id(current_user_token.id)
if current_user is None:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
if current_user.role not in ["system_admin", "admin"]:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
@ -50,8 +70,14 @@ async def update_user(
@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_user(
user_id: int,
current_user: UserResponse = Depends(get_current_user)
current_user_token: TokenData = Depends(get_current_user)
):
current_user = await get_user_by_id(current_user_token.id)
if current_user is None:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
if current_user.role not in ["system_admin", "admin"]:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,

67
services/auth_service.py Normal file
View File

@ -0,0 +1,67 @@
from datetime import datetime
from typing import Optional
import jwt
from config import JWT_CONFIG
from schemas.auth import Token, TokenData
SECRET_KEY = JWT_CONFIG['secret_key']
ALGORITHM = JWT_CONFIG['algorithm']
ACCESS_TOKEN_EXPIRE = JWT_CONFIG['access_token_expire']
REFRESH_TOKEN_EXPIRE = JWT_CONFIG['refresh_token_expire']
def create_access_token(user_id: int, username: str, role: str) -> str:
"""创建access token"""
expire = datetime.utcnow() + ACCESS_TOKEN_EXPIRE
to_encode = {
"id": user_id,
"username": username,
"role": role,
"exp": expire
}
return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
def create_refresh_token(user_id: int, username: str, role: str) -> str:
"""创建refresh token"""
expire = datetime.utcnow() + REFRESH_TOKEN_EXPIRE
to_encode = {
"id": user_id,
"username": username,
"role": role,
"exp": expire
}
return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
def create_tokens(user_id: int, username: str, role: str) -> Token:
"""创建access token和refresh token"""
access_token = create_access_token(user_id, username, role)
refresh_token = create_refresh_token(user_id, username, role)
return Token(
access_token=access_token,
refresh_token=refresh_token,
token_type="bearer",
expires_in=int(ACCESS_TOKEN_EXPIRE.total_seconds())
)
def verify_token(token: str) -> Optional[TokenData]:
"""验证token有效性并返回payload如果token无效则返回None"""
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
return TokenData(
id=payload.get("id"),
username=payload.get("username"),
role=payload.get("role"),
exp=payload.get("exp")
)
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
return None
def refresh_tokens(refresh_token: str) -> Optional[Token]:
"""使用refresh token刷新access token如果refresh token无效则返回None"""
token_data = verify_token(refresh_token)
if token_data is None:
return None
return create_tokens(
user_id=token_data.id,
username=token_data.username,
role=token_data.role
)

2
services/db.py
View File

@ -4,7 +4,7 @@ from ..models.user import Base, User, UserRole
from sqlalchemy import select
from contextlib import asynccontextmanager
from config import SYSTEM_ADMIN_CONFIG, DATABASE_CONFIG
from services.user_services import get_password_hash
from user_services import get_password_hash
from typing import AsyncGenerator
# 全局数据库引擎实例