This commit is contained in:
dekun
2026-05-30 15:55:37 +08:00
parent b154f1230c
commit 979054546c
6 changed files with 92 additions and 10 deletions
+23 -4
View File
@@ -186,18 +186,19 @@ def create_app(settings: Settings) -> FastAPI:
_root = _Path(__file__).resolve().parent.parent.parent
if str(_root) not in sys.path:
sys.path.insert(0, str(_root))
from nav_embed import install_nav_embed
from nav_embed import install_nav_embed, nav_session_middleware_kwargs
install_nav_embed(app)
_sess_kw = nav_session_middleware_kwargs()
except Exception:
pass
_sess_kw = {"same_site": "lax", "https_only": False}
app.add_middleware(GZipMiddleware, minimum_size=800)
app.add_middleware(
SessionMiddleware,
secret_key=settings.app.session_secret,
max_age=60 * 60 * 24 * 7,
same_site="lax",
https_only=False,
same_site=_sess_kw.get("same_site", "lax"),
https_only=bool(_sess_kw.get("https_only", False)),
)
root_dir = Path(__file__).resolve().parent.parent
templates = Jinja2Templates(directory=str(root_dir / "templates"))
@@ -318,6 +319,24 @@ def create_app(settings: Settings) -> FastAPI:
return RedirectResponse("/dashboard", status_code=302)
return templates.TemplateResponse("login.html", {"request": request, "error": "用户名或密码错误"})
@app.post("/api/auth/login")
async def api_auth_login(request: Request) -> JSONResponse:
if not settings.auth.enabled:
return JSONResponse({"ok": True, "redirect": "/dashboard"})
try:
body = await request.json()
except Exception:
return JSONResponse({"ok": False, "detail": "请求格式错误"}, status_code=400)
username = str(body.get("username") or "").strip()
password = str(body.get("password") or "")
ok_user = username == app.state.auth_user
ok_pass = _hash_password(password) == app.state.auth_password_hash
if ok_user and ok_pass:
request.session["logged_in"] = True
request.session["username"] = username
return JSONResponse({"ok": True, "redirect": "/dashboard"})
return JSONResponse({"ok": False, "detail": "用户名或密码错误"}, status_code=401)
@app.get("/logout")
async def logout(request: Request) -> RedirectResponse:
request.session.clear()