| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- """
- 管理员认证API路由
- 提供管理员登录的API端点
- Requirements: 1.1, 1.2, 1.3
- """
- from fastapi import APIRouter, Depends, HTTPException, status, Request
- from sqlalchemy.orm import Session
- from app.database import get_db
- from app.schemas.admin_schema import AdminLoginRequest, AdminLoginResponse, AdminInfo
- from app.services.admin_auth_service import AdminAuthService
- from app.dependencies.admin_auth import get_current_admin
- from app.models.admin import AdminUser
- router = APIRouter(prefix="/api/admin/auth", tags=["管理员认证"])
- # 错误码映射
- ERROR_MESSAGES = {
- "AUTH_FAILED": "用户名或密码错误",
- "ACCOUNT_LOCKED": "账户已被锁定,请30分钟后重试",
- "ACCOUNT_DISABLED": "账户已被禁用"
- }
- @router.post("/login", response_model=AdminLoginResponse)
- def admin_login(
- data: AdminLoginRequest,
- request: Request,
- db: Session = Depends(get_db)
- ):
- """管理员登录"""
- auth_service = AdminAuthService(db)
-
- # 获取客户端 IP
- ip = request.client.host if request.client else "unknown"
-
- try:
- response = auth_service.login(data.username, data.password, ip)
- return response
- except ValueError as e:
- error_code = str(e)
- message = ERROR_MESSAGES.get(error_code, "认证失败")
-
- if error_code == "ACCOUNT_LOCKED":
- raise HTTPException(
- status_code=status.HTTP_403_FORBIDDEN,
- detail={"code": error_code, "message": message}
- )
- else:
- raise HTTPException(
- status_code=status.HTTP_401_UNAUTHORIZED,
- detail={"code": error_code, "message": message},
- headers={"WWW-Authenticate": "Bearer"}
- )
- @router.get("/me", response_model=AdminInfo)
- def get_current_admin_info(
- current_admin: AdminUser = Depends(get_current_admin)
- ):
- """获取当前管理员信息"""
- return AdminInfo.model_validate(current_admin)
|
