Home Explore Help
Register Sign In
XMD
/
Lightstar
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Lightstar
/
backend
/
core
/
auth.py

auth.py 2.4 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. """
    2. 

  2. 用户认证功能
    3. 

  3. """
    4. 

  4. from datetime import datetime, timedelta
    5. 

  5. from typing import Optional
    6. 

  6. from jose import JWTError, jwt
    7. 

  7. from passlib.context import CryptContext
    8. 

  8. from fastapi import Depends, HTTPException, status
    9. 

  9. from fastapi.security import OAuth2PasswordBearer
    10. 

  10. from sqlalchemy.orm import Session
    11. 

  11. 

  12. from backend.core.database import get_db
    13. 

  13. from backend.core.models import User
    14. 

  14. from backend.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
    15. 

  15. 

  16. # 密码上下文
    17. 

  17. pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
    18. 

  18. 

  19. # OAuth2 密码Bearer
    20. 

  20. oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/token")
    21. 

  21. 

  22. def verify_password(plain_password, hashed_password):
    23. 

  23.     """验证密码"""
    24. 

  24.     return pwd_context.verify(plain_password, hashed_password)
    25. 

  25. 

  26. def get_password_hash(password):
    27. 

  27.     """获取密码哈希"""
    28. 

  28.     return pwd_context.hash(password)
    29. 

  29. 

  30. def get_user(db: Session, username: str):
    31. 

  31.     """通过用户名获取用户"""
    32. 

  32.     return db.query(User).filter(User.username == username).first()
    33. 

  33. 

  34. def authenticate_user(db: Session, username: str, password: str):
    35. 

  35.     """认证用户"""
    36. 

  36.     user = get_user(db, username)
    37. 

  37.     if not user or not verify_password(password, user.hashed_password):
    38. 

  38.         return False
    39. 

  39.     return user
    40. 

  40. 

  41. def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    42. 

  42.     """创建访问令牌"""
    43. 

  43.     to_encode = data.copy()
    44. 

  44.     
    45. 

  45.     if expires_delta:
    46. 

  46.         expire = datetime.utcnow() + expires_delta
    47. 

  47.     else:
    48. 

  48.         expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    49. 

  49.         
    50. 

  50.     to_encode.update({"exp": expire})
    51. 

  51.     encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    52. 

  52.     return encoded_jwt
    53. 

  53. 

  54. def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
    55. 

  55.     """获取当前用户并处理异常情况"""
    56. 

  56.     credentials_exception = HTTPException(
    57. 

  57.         status_code=status.HTTP_401_UNAUTHORIZED,
    58. 

  58.         detail="无效的认证凭据",
    59. 

  59.         headers={"WWW-Authenticate": "Bearer"},
    60. 

  60.     )
    61. 

  61.     
    62. 

  62.     try:
    63. 

  63.         # 解析token
    64. 

  64.         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
    65. 

  65.         username: str = payload.get("sub")
    66. 

  66.         if username is None:
    67. 

  67.             raise credentials_exception
    68. 

  68.     except JWTError:
    69. 

  69.         raise credentials_exception
    70. 

  70.         
    71. 

  71.     # 查找用户
    72. 

  72.     user = db.query(User).filter(User.username == username).first()
    73. 

  73.     if user is None:
    74. 

  74.         raise credentials_exception
    75. 

  75.         
    76. 

  76.     return user 
    77.