Files
secondary-school-grade-archive/backend/app/routers/admin.py
T
dekun f1ad4273f4 零 Node 部署、超级管理员,并完善本地构建发布文档。
- FastAPI 单进程托管 frontend/dist,systemd 替代 PM2

- 超级管理员 admin、注册开关与用户管理

- README/DEPLOY/USAGE 说明:改代码须本地构建 dist 后 push,服务器 update.sh

- 提交 frontend/dist 与 build-frontend 脚本
2026-06-28 13:19:41 +08:00

141 lines
4.6 KiB
Python

import uuid
from datetime import datetime, timezone
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.deps import get_superuser
from app.core.security import get_password_hash, verify_password
from app.models.user import SystemSettings, User
from app.schemas import (
AdminProfileUpdate,
AdminUserCreate,
AdminUserOut,
AdminUserPasswordUpdate,
PublicSettingsOut,
SystemSettingsOut,
SystemSettingsUpdate,
)
router = APIRouter(prefix="/admin", tags=["admin"])
def get_or_create_settings(db: Session) -> SystemSettings:
row = db.get(SystemSettings, 1)
if row is None:
row = SystemSettings(id=1, registration_enabled=True)
db.add(row)
db.commit()
db.refresh(row)
return row
@router.get("/settings", response_model=SystemSettingsOut)
def get_settings(
db: Session = Depends(get_db),
_: User = Depends(get_superuser),
):
return get_or_create_settings(db)
@router.patch("/settings", response_model=SystemSettingsOut)
def update_settings(
data: SystemSettingsUpdate,
db: Session = Depends(get_db),
_: User = Depends(get_superuser),
):
row = get_or_create_settings(db)
if data.registration_enabled is not None:
row.registration_enabled = data.registration_enabled
row.updated_at = datetime.now(timezone.utc)
db.commit()
db.refresh(row)
return row
@router.patch("/profile", response_model=AdminUserOut)
def update_profile(
data: AdminProfileUpdate,
db: Session = Depends(get_db),
current_user: User = Depends(get_superuser),
):
if not data.username and not data.password:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="请填写要修改的内容")
if data.password:
if not data.current_password:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="修改密码需提供当前密码")
if not verify_password(data.current_password, current_user.password_hash):
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="当前密码错误")
if data.username and data.username != current_user.username:
if db.query(User).filter(User.username == data.username).first():
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="用户名已存在")
current_user.username = data.username
if data.password:
current_user.password_hash = get_password_hash(data.password)
db.commit()
db.refresh(current_user)
return current_user
@router.get("/users", response_model=list[AdminUserOut])
def list_users(
db: Session = Depends(get_db),
_: User = Depends(get_superuser),
):
return db.query(User).order_by(User.created_at).all()
@router.post("/users", response_model=AdminUserOut, status_code=status.HTTP_201_CREATED)
def create_user(
data: AdminUserCreate,
db: Session = Depends(get_db),
_: User = Depends(get_superuser),
):
if db.query(User).filter(User.username == data.username).first():
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="用户名已存在")
user = User(username=data.username, password_hash=get_password_hash(data.password))
db.add(user)
db.commit()
db.refresh(user)
return user
@router.patch("/users/{user_id}", response_model=AdminUserOut)
def reset_user_password(
user_id: uuid.UUID,
data: AdminUserPasswordUpdate,
db: Session = Depends(get_db),
current_user: User = Depends(get_superuser),
):
user = db.get(User, user_id)
if user is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="用户不存在")
if user.is_superuser and user.id != current_user.id:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="不能修改其他超级管理员")
user.password_hash = get_password_hash(data.password)
db.commit()
db.refresh(user)
return user
@router.delete("/users/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
def delete_user(
user_id: uuid.UUID,
db: Session = Depends(get_db),
current_user: User = Depends(get_superuser),
):
if user_id == current_user.id:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="不能删除当前登录账号")
user = db.get(User, user_id)
if user is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="用户不存在")
if user.is_superuser:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="不能删除超级管理员")
db.delete(user)
db.commit()