85 lines
2.6 KiB
Python
85 lines
2.6 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from fastapi.security import OAuth2PasswordRequestForm
|
|
from sqlalchemy.orm import Session
|
|
from pydantic import BaseModel, EmailStr
|
|
from app.models import get_db
|
|
from app.models.user import User, UserRole
|
|
from app.utils.security import (
|
|
get_password_hash, verify_password,
|
|
create_access_token, get_current_user
|
|
)
|
|
|
|
router = APIRouter(prefix="/auth", tags=["Authentication"])
|
|
|
|
class UserCreate(BaseModel):
|
|
email: EmailStr
|
|
password: str
|
|
|
|
class UserResponse(BaseModel):
|
|
id: int
|
|
email: str
|
|
role: str
|
|
|
|
class Config:
|
|
from_attributes = True
|
|
|
|
class TokenResponse(BaseModel):
|
|
access_token: str
|
|
token_type: str
|
|
user: UserResponse
|
|
|
|
def get_role_value(role) -> str:
|
|
"""取得 role 的字串值,相容 Enum 和字串"""
|
|
if hasattr(role, 'value'):
|
|
return role.value
|
|
return str(role) if role else 'user'
|
|
|
|
@router.post("/register", response_model=UserResponse)
|
|
def register(user_data: UserCreate, db: Session = Depends(get_db)):
|
|
"""註冊新使用者"""
|
|
existing_user = db.query(User).filter(User.email == user_data.email).first()
|
|
if existing_user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Email already registered"
|
|
)
|
|
|
|
user = User(
|
|
email=user_data.email,
|
|
password_hash=get_password_hash(user_data.password),
|
|
role=UserRole.user
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
db.refresh(user)
|
|
|
|
return UserResponse(id=user.id, email=user.email, role=get_role_value(user.role))
|
|
|
|
@router.post("/login", response_model=TokenResponse)
|
|
def login(form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)):
|
|
"""登入取得 JWT Token"""
|
|
user = db.query(User).filter(User.email == form_data.username).first()
|
|
if not user or not verify_password(form_data.password, user.password_hash):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect email or password",
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
)
|
|
|
|
access_token = create_access_token(data={"sub": str(user.id)})
|
|
|
|
return TokenResponse(
|
|
access_token=access_token,
|
|
token_type="bearer",
|
|
user=UserResponse(id=user.id, email=user.email, role=get_role_value(user.role))
|
|
)
|
|
|
|
@router.get("/me", response_model=UserResponse)
|
|
def get_me(current_user: User = Depends(get_current_user)):
|
|
"""取得當前使用者資訊"""
|
|
return UserResponse(
|
|
id=current_user.id,
|
|
email=current_user.email,
|
|
role=get_role_value(current_user.role)
|
|
)
|