kali/TS-ResHub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

完善权限体系

Browse Source
This commit is contained in:
晓丰 2025-04-15 15:16:58 +08:00
parent 7efa258a28
commit b6a0abd9ee
7 changed files with 82 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
accounts/api/__init__.py Normal file
View File

22
accounts/api.py → accounts/api/auth.py
View File

@ -1,36 +1,31 @@
from ninja import Router, Form from ninja import Router, Form
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from rest_framework_simplejwt.tokens import RefreshToken from rest_framework_simplejwt.tokens import RefreshToken
from django.contrib.auth import authenticate
from django.http import HttpRequest
from django.db.models import Q from django.db.models import Q
from django.contrib.auth.hashers import check_password
auth_router = Router(tags=["认证"])
User = get_user_model() User = get_user_model()
router = Router(tags=["用户注册 + JWT"])
@router.post("/register") @auth_router.post("/register")
def register( def register(
request, request,
username: str = Form(...), username: str = Form(...),
password: str = Form(...), password: str = Form(...),
email: str = Form(...), email: str = Form(...),
role: str = Form("user") # 也可写死 "user" role: str = Form("user") # 可选:默认 user
): ):
if User.objects.filter(username=username).exists(): if User.objects.filter(username=username).exists():
return {"success": False, "message": "用户名已存在"} return {"success": False, "message": "用户名已存在"}
if role != "user": if role != "user":
return {"success": False, "message": "不能注册管理员或分管理账号"} return {"success": False, "message": "不能注册管理员或分管理账号"}
user = User(username=username, email=email, role=role) user = User(username=username, email=email, role=role)
user.set_password(password) user.set_password(password)
user.save() user.save()
# 生成 JWT token
refresh = RefreshToken.for_user(user) refresh = RefreshToken.for_user(user)
return { return {
"success": True, "success": True,
"message": "注册成功", "message": "注册成功",
@ -46,10 +41,10 @@ def register(
} }
@router.post("/login") @auth_router.post("/login")
def login( def login(
request: HttpRequest, request,
username: str = Form(...), # 可以是用户名或邮箱 username: str = Form(...),
password: str = Form(...), password: str = Form(...),
): ):
user = User.objects.filter(Q(username=username) | Q(email=username)).first() user = User.objects.filter(Q(username=username) | Q(email=username)).first()
@ -61,7 +56,6 @@ def login(
return {"success": False, "message": "账号未激活"} return {"success": False, "message": "账号未激活"}
refresh = RefreshToken.for_user(user) refresh = RefreshToken.for_user(user)
return { return {
"success": True, "success": True,
"message": "登录成功", "message": "登录成功",

18
accounts/api/user.py Normal file
View File

@ -0,0 +1,18 @@
from ninja import Router
from utils.permissions import login_required
from utils.auth import jwt_auth
user_router = Router(tags=["用户信息"])
@user_router.get("/me", auth=jwt_auth)
@login_required
def get_user_info(request):
user = request.user
return {
"id": user.id,
"username": user.username,
"email": user.email,
"role": user.role,
"is_active": user.is_active,
"is_staff": user.is_staff,
}

4
api.py
View File

@ -1,5 +1,9 @@
from ninja import NinjaAPI from ninja import NinjaAPI
from resumes.api.views import router as resume_router from resumes.api.views import router as resume_router
from accounts.api.auth import auth_router
from accounts.api.user import user_router
api = NinjaAPI(title="简历管理 API") api = NinjaAPI(title="简历管理 API")
api.add_router("/resumes/", resume_router) api.add_router("/resumes/", resume_router)
api.add_router("/auth", auth_router)
api.add_router("/users", user_router)

0
utils/__init__.py Normal file
View File

16
utils/auth.py Normal file
View File

@ -0,0 +1,16 @@
from ninja.security import HttpBearer
from rest_framework_simplejwt.authentication import JWTAuthentication
class JWTAuth(HttpBearer):
def authenticate(self, request, token):
jwt_auth = JWTAuthentication()
try:
validated_token = jwt_auth.get_validated_token(token)
user = jwt_auth.get_user(validated_token)
return user
except Exception:
return None
jwt_auth = JWTAuth()

36
utils/permissions.py Normal file
View File

@ -0,0 +1,36 @@
from functools import wraps
from ninja.errors import HttpError
from functools import wraps
from ninja.errors import HttpError
def login_required(func):
@wraps(func)
def wrapper(request, *args, **kwargs):
user = getattr(request, 'user', None)
if not user or not user.is_authenticated:
raise HttpError(401, "请先登录")
return func(request, *args, **kwargs)
return wrapper
def manager_required(func):
@wraps(func)
def wrapper(request, *args, **kwargs):
user = getattr(request, 'user', None)
if not user or not user.is_authenticated or user.role not in ['admin', 'manager']:
raise HttpError(403, "仅分管理或管理员可访问")
return func(request, *args, **kwargs)
return wrapper
def admin_required(func):
@wraps(func)
def wrapper(request, *args, **kwargs):
user = getattr(request, 'user', None)
if not user or not user.is_authenticated or user.role != 'admin':
raise HttpError(403, "仅管理员可访问")
return func(request, *args, **kwargs)
return wrapper