perf: login module

fit2cloud-chenyw · fit2cloud-chenyw · commit dc934e713387 · 2025-04-25T14:52:46.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -181,3 +181,5 @@ cython_debug/
 
 # PyPI configuration file
 .pypirc
+
+.DS_Store
diff --git a/backend/apps/system/api/login.py b/backend/apps/system/api/login.py
@@ -1,22 +1,24 @@
-from fastapi import APIRouter, HTTPException
-from apps.system.schemas.auth import LocalLoginSchema
+from typing import Annotated
+from fastapi import APIRouter, Depends, HTTPException
+from fastapi.security import OAuth2PasswordRequestForm
 from common.core.deps import SessionDep
 from ..crud.user import authenticate
 from common.core.security import create_access_token
 from datetime import timedelta
 from common.core.config import settings
+from common.core.schemas import Token
+router = APIRouter(tags=["login"], prefix="/login")
 
-router = APIRouter(tags=["login"])
-
-@router.post("/localLogin")
+@router.post("/access-token")
 def local_login(
     session: SessionDep,
-    schema: LocalLoginSchema,
-) -> str:
-    user = authenticate(session=session, account=schema.account, password=schema.password)
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
+) -> Token:
+    user = authenticate(session=session, account=form_data.username, password=form_data.password)
     if not user:
         raise HTTPException(status_code=400, detail="Incorrect account or password")
     access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
-    return create_access_token(
-        user.id, expires_delta=access_token_expires
-    )
+    user_dict = user.to_dict()
+    return Token(access_token=create_access_token(
+        user_dict, expires_delta=access_token_expires
+    ))
diff --git a/backend/apps/system/api/user.py b/backend/apps/system/api/user.py
@@ -5,7 +5,5 @@
 
 
 @router.get("/info")
-async def user_info():
-    return {
-        "name": "admin"
-    }
+async def user_info(current_user: CurrentUser):
+    return current_user.to_dict()
diff --git a/backend/apps/system/middleware/__init__.py b/backend/apps/system/middleware/__init__.py
diff --git a/backend/apps/system/middleware/token.py b/backend/apps/system/middleware/token.py
diff --git a/backend/apps/system/models/user.py b/backend/apps/system/models/user.py
@@ -6,3 +6,10 @@ class sys_user(SQLModel, table=True):
     account: str = Field(max_length=255, unique=True)
     password: str = Field(max_length=255)
     oid: int = Field(default=1)
+
+    def to_dict(self):
+        return {
+            "id": self.id,
+            "account": self.account,
+            "oid": self.oid
+        }
diff --git a/backend/common/core/deps.py b/backend/common/core/deps.py
@@ -2,72 +2,43 @@
 
 import jwt
 from fastapi import Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordBearer
+# from fastapi.security import OAuth2PasswordBearer
 from jwt.exceptions import InvalidTokenError
-from pydantic import ValidationError
+from pydantic import BaseModel, ValidationError
 from sqlmodel import Session
-
+from common.core.schemas import TokenPayload, XOAuth2PasswordBearer
 from common.core import security
 from common.core.config import settings
 from common.core.db import get_session
 from apps.system.models.user import sys_user
-import threading
-""" reusable_oauth2 = OAuth2PasswordBearer(
+reusable_oauth2 = XOAuth2PasswordBearer(
     tokenUrl=f"{settings.API_V1_STR}/login/access-token"
 )
- """
 
-thread_local = threading.local()
+
+    
 
 SessionDep = Annotated[Session, Depends(get_session)]
-# TokenDep = Annotated[str, Depends(reusable_oauth2)]
+TokenDep = Annotated[str, Depends(reusable_oauth2)]
 
-def get_current_user(session: SessionDep, token: str) -> sys_user:
+def get_current_user(session: SessionDep, token: TokenDep) -> sys_user:
     try:
         payload = jwt.decode(
             token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
         )
-        # token_data = TokenPayload(**payload)
+        token_data = TokenPayload(**payload)
     except (InvalidTokenError, ValidationError):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
             detail="Could not validate credentials",
         )
-    user = session.get(sys_user, payload.sub)
+    user = session.get(sys_user, token_data.id)
     if not user:
         raise HTTPException(status_code=404, detail="User not found")
     """ if not user.is_active:
         raise HTTPException(status_code=400, detail="Inactive user") """
-    thread_local.current_user = user
     return user
-def get_current_user_from_thread():
-    return getattr(thread_local, "current_user", None)
-CurrentUser = Annotated[sys_user, Depends(get_current_user_from_thread)]
-""" def get_current_user(session: SessionDep, token: TokenDep) -> User:
-    try:
-        payload = jwt.decode(
-            token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
-        )
-        token_data = TokenPayload(**payload)
-    except (InvalidTokenError, ValidationError):
-        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Could not validate credentials",
-        )
-    user = session.get(User, token_data.sub)
-    if not user:
-        raise HTTPException(status_code=404, detail="User not found")
-    if not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
-    return user
-
+CurrentUser = Annotated[sys_user, Depends(get_current_user)]
 
-CurrentUser = Annotated[User, Depends(get_current_user)]
 
 
-def get_current_active_superuser(current_user: CurrentUser) -> User:
-    if not current_user.is_superuser:
-        raise HTTPException(
-            status_code=403, detail="The user doesn't have enough privileges"
-        )
-    return current_user """
diff --git a/backend/common/core/schemas.py b/backend/common/core/schemas.py
@@ -0,0 +1,31 @@
+from typing import Optional
+from fastapi import HTTPException, Request
+from fastapi.security import OAuth2PasswordBearer
+from pydantic import BaseModel
+from sqlmodel import SQLModel
+from starlette.status import HTTP_403_FORBIDDEN, HTTP_401_UNAUTHORIZED
+from common.core.config import settings
+from fastapi.security.utils import get_authorization_scheme_param
+class TokenPayload(BaseModel):
+    account: str | None = None
+    id: int | None = None
+    oid: int | None = None
+    
+class Token(SQLModel):
+    access_token: str
+    token_type: str = "bearer"
+    
+class XOAuth2PasswordBearer(OAuth2PasswordBearer):
+    async def __call__(self, request: Request) -> Optional[str]:
+        authorization = request.headers.get(settings.TOKEN_KEY)
+        scheme, param = get_authorization_scheme_param(authorization)
+        if not authorization or scheme.lower() != "bearer":
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_401_UNAUTHORIZED,
+                    detail="Not authenticated",
+                    headers={"WWW-Authenticate": "Bearer"},
+                )
+            else:
+                return None
+        return param
diff --git a/backend/common/core/security.py b/backend/common/core/security.py
@@ -12,9 +12,11 @@
 ALGORITHM = "HS256"
 
 
-def create_access_token(subject: str | Any, expires_delta: timedelta) -> str:
+def create_access_token(data: dict | Any, expires_delta: timedelta) -> str:
+    to_encode = data.copy()
     expire = datetime.now(timezone.utc) + expires_delta
-    to_encode = {"exp": expire, "account": str(subject)}
+    to_encode.update({"exp": expire})
+    # to_encode = {"exp": expire, "account": str(subject)}
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM)
     return encoded_jwt
 
diff --git a/backend/main.py b/backend/main.py
@@ -2,11 +2,9 @@
 from fastapi import FastAPI
 from fastapi.routing import APIRoute
 from starlette.middleware.cors import CORSMiddleware
-from starlette.middleware.base import BaseHTTPMiddleware
 from apps.api import api_router
 from common.core.config import settings
 
-from apps.system.middleware.token import verify_token
 
 def custom_generate_unique_id(route: APIRoute) -> str:
     return f"{route.tags[0]}-{route.name}"
@@ -32,7 +30,6 @@ def custom_generate_unique_id(route: APIRoute) -> str:
     )
 
 app.include_router(api_router, prefix=settings.API_V1_STR)
-# app.add_middleware(BaseHTTPMiddleware, dispatch=verify_token)
     
 if __name__ == "__main__":
     import uvicorn
diff --git a/frontend/.env.development b/frontend/.env.development
@@ -1,2 +1,2 @@
-VITE_API_BASE_URL=http://localhost:3000
+VITE_API_BASE_URL=http://localhost:8000/api/v1
 VITE_APP_TITLE=SQLBot (Development)
diff --git a/frontend/.env.production b/frontend/.env.production
@@ -1,2 +1,2 @@
-VITE_API_BASE_URL=https://api.SQLBot.com
+VITE_API_BASE_URL=./
 VITE_APP_TITLE=SQLBot
diff --git a/frontend/auto-imports.d.ts b/frontend/auto-imports.d.ts
@@ -6,5 +6,5 @@
 // biome-ignore lint: disable
 export {}
 declare global {
-
+  const ElMessage: typeof import('element-plus/es')['ElMessage']
 }
diff --git a/frontend/components.d.ts b/frontend/components.d.ts
@@ -11,6 +11,7 @@ declare module 'vue' {
     ElAvatar: typeof import('element-plus/es')['ElAvatar']
     ElButton: typeof import('element-plus/es')['ElButton']
     ElCard: typeof import('element-plus/es')['ElCard']
+    ElDialog: typeof import('element-plus/es')['ElDialog']
     ElDropdown: typeof import('element-plus/es')['ElDropdown']
     ElDropdownItem: typeof import('element-plus/es')['ElDropdownItem']
     ElDropdownMenu: typeof import('element-plus/es')['ElDropdownMenu']
diff --git a/frontend/package.json b/frontend/package.json
@@ -10,7 +10,8 @@
   },
   "dependencies": {
     "vue": "^3.5.13",
-    "vue-router": "^4.5.0"
+    "vue-router": "^4.5.0",
+    "web-storage-cache": "^1.1.1"
   },
   "devDependencies": {
     "@element-plus/icons-vue": "^2.3.1",
diff --git a/frontend/src/api/login.ts b/frontend/src/api/login.ts
@@ -0,0 +1,15 @@
+import { request } from '@/utils/request'
+
+export const AuthApi = {
+  login: (credentials: { username: string; password: string }) => request.post<{
+    data: any; token: string 
+}>('/login/access-token', credentials, {
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded'
+    },
+    requestOptions: {
+      rawResponse: true,
+    }
+  }),
+  logout: () => request.post('/auth/logout')
+}
diff --git a/frontend/src/router/index.ts b/frontend/src/router/index.ts
@@ -6,6 +6,7 @@ import chat from '@/views/chat/index.vue'
 import ds from '@/views/ds/index.vue'
 import dashboard from '@/views/dashboard/index.vue'
 import setting from '@/views/setting/index.vue'
+import { watchRouter } from './watch'
 const router = createRouter({
   history: createWebHistory(),
   routes: [
@@ -68,5 +69,5 @@ const router = createRouter({
     }
   ]
 })
-
+watchRouter(router)
 export default router
diff --git a/frontend/src/router/watch.ts b/frontend/src/router/watch.ts
@@ -0,0 +1,32 @@
+import { ElMessage } from 'element-plus'
+import { useCache } from '@/utils/useCache'
+const { wsCache } = useCache()
+// 不需要验证token的白名单路由
+const whiteList = ['/login']
+export const watchRouter = (router: any) => {
+  router.beforeEach(async (to: any, from: any, next: any) => {
+    // 获取token
+    const token = wsCache.get('user.token')
+    // 如果没有token
+    if (!token) {
+      if (whiteList.includes(to.path)) {
+        next()
+      } else {
+        ElMessage.error('请先登录')
+        next('/login')
+      }
+      return
+    }
+    // 处理根路径重定向
+    if (to.path === '/') {
+      next('/chat')
+      return
+    }
+    // 已有token和用户信息，允许访问
+    if (to.path === '/login') {
+      next('/chat')
+    } else {
+      next()
+    }
+  })
+}
diff --git a/frontend/src/stores/user.ts b/frontend/src/stores/user.ts
@@ -1,19 +1,24 @@
 import { defineStore } from 'pinia'
 import { ref } from 'vue'
-
+import { AuthApi } from '@/api/login'
+import { useCache } from '@/utils/useCache'
+const { wsCache } = useCache()
 export const useUserStore = defineStore('user', () => {
   const token = ref('')
   const username = ref('')
 
   const login = async (formData: { username: string; password: string }) => {
-    token.value = 'mock-token'
     username.value = formData.username
-    return Promise.resolve()
+    const res = await AuthApi.login(formData)
+    token.value = res.data.access_token
+    wsCache.set('user.token', token.value)
+    username.value = formData.username
   }
 
   const logout = () => {
     token.value = ''
     username.value = ''
+    wsCache.delete('user.token')
   }
 
   return {
diff --git a/frontend/src/utils/request.ts b/frontend/src/utils/request.ts
diff --git a/frontend/src/utils/useCache.ts b/frontend/src/utils/useCache.ts
diff --git a/frontend/tsconfig.app.json b/frontend/tsconfig.app.json
