kevin/life-echo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8b4a05864020abcf830c80d8a1957a9e89603fea
life-echo/api/routers/auth.py
penghanyuan dbabce77bf feat: 添加更新昵称功能 backend
2026-01-29 18:40:16 +01:00

978 lines
30 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
"""
认证相关 API 路由:注册、登录、刷新令牌、登出
"""
import uuid
import io
import os
import logging
import traceback
import secrets
from datetime import datetime, timezone
from pathlib import Path
from typing import Optional
from fastapi import APIRouter, Body, Depends, File, HTTPException, UploadFile, status
from fastapi.security import OAuth2PasswordRequestForm
from fastapi.responses import FileResponse
from pydantic import BaseModel, Field
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from PIL import Image
logger = logging.getLogger(__name__)
from database import get_async_db
from database.models import User, RefreshToken
from services.auth_service import (
hash_password,
verify_password,
create_access_token,
create_refresh_token,
get_token_expires_at
)
from services.sms_service import send_verification_code, verify_code
from middleware.auth import get_current_user
router = APIRouter(prefix="/api/auth", tags=["auth"])
# 请求模型
class RegisterRequest(BaseModel):
"""用户注册请求"""
phone: str = Field(..., min_length=11, max_length=11, description="手机号11位")
password: str = Field(..., min_length=6, description="密码至少6位")
nickname: str = Field(..., min_length=1, max_length=50, description="昵称")
email: Optional[str] = Field(None, description="邮箱(可选)")
agreed_to_terms: bool = Field(..., description="是否同意用户协议和隐私政策")
class LoginRequest(BaseModel):
"""用户登录请求"""
phone: str = Field(..., min_length=11, max_length=11, description="手机号11位")
password: str = Field(..., min_length=1, description="密码")
agreed_to_terms: bool = Field(..., description="是否同意用户协议和隐私政策")
class RefreshTokenRequest(BaseModel):
"""刷新令牌请求"""
refresh_token: str = Field(..., description="刷新令牌")
class SmsRequest(BaseModel):
"""发送短信验证码请求"""
phone: str = Field(..., min_length=11, max_length=11, description="手机号11位")
purpose: str = Field(..., description="用途register/login/reset_password/change_phone")
class SmsLoginRequest(BaseModel):
"""验证码登录/注册请求(统一接口)"""
phone: str = Field(..., min_length=11, max_length=11, description="手机号11位")
code: str = Field(..., min_length=6, max_length=6, description="验证码6位")
agreed_to_terms: bool = Field(..., description="是否同意用户协议和隐私政策")
nickname: Optional[str] = Field(None, max_length=50, description="昵称(注册时必填,登录时可选)")
class SmsRegisterRequest(BaseModel):
"""验证码注册请求"""
phone: str = Field(..., min_length=11, max_length=11, description="手机号11位")
code: str = Field(..., min_length=6, max_length=6, description="验证码6位")
password: str = Field(..., min_length=6, description="密码至少6位")
nickname: str = Field(..., min_length=1, max_length=50, description="昵称")
email: Optional[str] = Field(None, description="邮箱(可选)")
agreed_to_terms: bool = Field(..., description="是否同意用户协议和隐私政策")
class ResetPasswordRequest(BaseModel):
"""重置密码请求"""
phone: str = Field(..., min_length=11, max_length=11, description="手机号11位")
code: str = Field(..., min_length=6, max_length=6, description="验证码6位")
new_password: str = Field(..., min_length=6, description="新密码至少6位")
class ChangePasswordRequest(BaseModel):
"""修改密码请求"""
old_password: str = Field(..., min_length=1, description="旧密码")
new_password: str = Field(..., min_length=6, description="新密码至少6位")
class ChangePhoneRequest(BaseModel):
"""修改手机号请求"""
new_phone: str = Field(..., min_length=11, max_length=11, description="新手机号11位")
code: str = Field(..., min_length=6, max_length=6, description="验证码6位")
class UpdateNicknameRequest(BaseModel):
"""更新昵称请求"""
nickname: str = Field(..., min_length=1, max_length=50, description="昵称1-50个字符")
# 响应模型
class TokenResponse(BaseModel):
"""令牌响应"""
access_token: str
refresh_token: str
token_type: str = "bearer"
class UserResponse(BaseModel):
"""用户信息响应"""
id: str
phone: str
email: Optional[str]
nickname: str
avatar_url: Optional[str]
subscription_type: str
created_at: str
@router.post("/register", response_model=TokenResponse, status_code=status.HTTP_201_CREATED)
async def register(
request: RegisterRequest,
db: AsyncSession = Depends(get_async_db)
):
"""
用户注册
注册成功后返回访问令牌和刷新令牌
"""
# 验证是否同意用户协议和隐私政策
if not request.agreed_to_terms:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="请先阅读并同意用户协议和隐私政策"
)
# 检查手机号是否已存在
stmt = select(User).where(User.phone == request.phone)
result = await db.execute(stmt)
existing_user = result.scalar_one_or_none()
if existing_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="该手机号已被注册"
)
# 检查邮箱是否已存在(如果提供了邮箱)
if request.email:
stmt = select(User).where(User.email == request.email)
result = await db.execute(stmt)
existing_email = result.scalar_one_or_none()
if existing_email:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="该邮箱已被注册"
)
# 创建新用户
user_id = str(uuid.uuid4())
password_hash = hash_password(request.password)
user = User(
id=user_id,
phone=request.phone,
password_hash=password_hash,
email=request.email,
nickname=request.nickname,
subscription_type="free",
created_at=datetime.now(timezone.utc)
)
db.add(user)
# 创建刷新令牌
refresh_token_str = create_refresh_token()
refresh_token = RefreshToken(
id=str(uuid.uuid4()),
user_id=user_id,
token=refresh_token_str,
expires_at=get_token_expires_at(),
created_at=datetime.now(timezone.utc)
)
db.add(refresh_token)
await db.commit()
await db.refresh(user)
# 生成访问令牌
access_token = create_access_token(data={"sub": user_id})
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token_str,
token_type="bearer"
)
@router.post("/login", response_model=TokenResponse)
async def login(
request: LoginRequest = Body(...),
db: AsyncSession = Depends(get_async_db)
):
"""
用户登录
验证手机号和密码,返回访问令牌和刷新令牌。
请求格式:
- JSON: {"phone": "13800138000", "password": "xxx", "agreed_to_terms": true}
"""
# 验证是否同意用户协议和隐私政策
if not request.agreed_to_terms:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="请先阅读并同意用户协议和隐私政策"
)
phone = request.phone
password = request.password
# 验证手机号格式(简单验证)
if not phone or len(phone) != 11 or not phone.isdigit():
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="手机号格式不正确应为11位数字"
)
# 验证密码不为空
if not password:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="密码不能为空"
)
# 查找用户
stmt = select(User).where(User.phone == phone)
result = await db.execute(stmt)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="手机号或密码错误"
)
# 验证密码
if not verify_password(password, user.password_hash):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="手机号或密码错误"
)
# 创建新的刷新令牌
refresh_token_str = create_refresh_token()
refresh_token = RefreshToken(
id=str(uuid.uuid4()),
user_id=user.id,
token=refresh_token_str,
expires_at=get_token_expires_at(),
created_at=datetime.now(timezone.utc)
)
db.add(refresh_token)
await db.commit()
# 生成访问令牌
access_token = create_access_token(data={"sub": user.id})
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token_str,
token_type="bearer"
)
@router.post("/refresh", response_model=TokenResponse)
async def refresh_token(
request: RefreshTokenRequest,
db: AsyncSession = Depends(get_async_db)
):
"""
刷新访问令牌
使用刷新令牌获取新的访问令牌
"""
# 查找刷新令牌
stmt = select(RefreshToken).where(RefreshToken.token == request.refresh_token)
result = await db.execute(stmt)
refresh_token = result.scalar_one_or_none()
if not refresh_token:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="无效的刷新令牌"
)
# 检查是否已撤销
if refresh_token.is_revoked:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="刷新令牌已撤销"
)
# 检查是否过期
if refresh_token.expires_at < datetime.now(timezone.utc):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="刷新令牌已过期"
)
# 验证用户是否存在
user = await db.get(User, refresh_token.user_id)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="用户不存在"
)
# 生成新的访问令牌
access_token = create_access_token(data={"sub": user.id})
return TokenResponse(
access_token=access_token,
refresh_token=request.refresh_token, # 返回相同的刷新令牌
token_type="bearer"
)
@router.post("/logout", status_code=status.HTTP_200_OK)
async def logout(
request: RefreshTokenRequest,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_async_db)
):
"""
用户登出
撤销刷新令牌
"""
# 查找刷新令牌
stmt = select(RefreshToken).where(
RefreshToken.token == request.refresh_token,
RefreshToken.user_id == current_user.id
)
result = await db.execute(stmt)
refresh_token = result.scalar_one_or_none()
if refresh_token:
refresh_token.is_revoked = True
await db.commit()
return {"message": "登出成功"}
@router.get("/me", response_model=UserResponse)
async def get_me(
current_user: User = Depends(get_current_user)
):
"""
获取当前用户信息
"""
return UserResponse(
id=current_user.id,
phone=current_user.phone,
email=current_user.email,
nickname=current_user.nickname,
avatar_url=current_user.avatar_url,
subscription_type=current_user.subscription_type,
created_at=current_user.created_at.isoformat()
)
# 头像存储目录
AVATAR_DIR = Path("uploads/avatars")
AVATAR_DIR.mkdir(parents=True, exist_ok=True)
@router.post("/me/avatar", response_model=UserResponse)
async def upload_avatar(
file: UploadFile = File(...),
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_async_db)
):
"""
上传用户头像
支持格式JPEG, PNG, WebP
最大大小5MB
自动裁剪为正方形并压缩
"""
# 验证文件类型
allowed_types = ["image/jpeg", "image/png", "image/webp"]
logger.info(f"上传头像 - 文件名: {file.filename}, Content-Type: {file.content_type}, Size: {file.size if hasattr(file, 'size') else 'unknown'}")
if file.content_type not in allowed_types:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"不支持的文件类型。仅支持: {', '.join(allowed_types)}"
)
# 验证文件大小5MB
file_content = await file.read()
logger.info(f"读取文件内容 - 大小: {len(file_content)} bytes")
# 验证文件内容不为空
if not file_content or len(file_content) == 0:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="文件内容为空"
)
if len(file_content) > 5 * 1024 * 1024:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="文件大小超过5MB限制"
)
try:
# 确保目录存在
AVATAR_DIR.mkdir(parents=True, exist_ok=True)
# 创建BytesIO对象并确保位置在开头
image_bytes = io.BytesIO(file_content)
image_bytes.seek(0)
# 验证文件是否为有效的图片格式(通过检查文件头)
image_bytes.seek(0)
header = image_bytes.read(16) # 读取更多字节以确保能检测WebP
image_bytes.seek(0)
# 检查常见图片格式的文件头
is_valid_image = False
if header.startswith(b'\xff\xd8\xff'): # JPEG
is_valid_image = True
logger.info("检测到JPEG格式")
elif header.startswith(b'\x89PNG\r\n\x1a\n'): # PNG
is_valid_image = True
logger.info("检测到PNG格式")
elif header.startswith(b'RIFF') and b'WEBP' in header[:12]: # WebP (RIFF...WEBP)
is_valid_image = True
logger.info("检测到WebP格式")
else:
logger.warning(f"无法识别的文件头: {header[:12].hex()}")
if not is_valid_image:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"无效的图片文件格式。文件头: {header[:12].hex()}"
)
# 打开并处理图片
image = Image.open(image_bytes)
logger.info(f"成功打开图片 - 格式: {image.format}, 模式: {image.mode}, 尺寸: {image.size}")
# 转换为RGB模式处理RGBA等格式
if image.mode != "RGB":
image = image.convert("RGB")
# 裁剪为正方形(取中心部分)
width, height = image.size
size = min(width, height)
left = (width - size) // 2
top = (height - size) // 2
right = left + size
bottom = top + size
image = image.crop((left, top, right, bottom))
# 调整大小最大512x512
if size > 512:
image = image.resize((512, 512), Image.Resampling.LANCZOS)
# 生成文件名使用用户ID
file_extension = "jpg"
filename = f"{current_user.id}.{file_extension}"
file_path = AVATAR_DIR / filename
# 保存图片JPEG格式质量85%
image.save(file_path, "JPEG", quality=85, optimize=True)
# 生成URL相对路径前端需要拼接BASE_URL
avatar_url = f"/api/auth/avatars/{filename}"
# 更新数据库
current_user.avatar_url = avatar_url
await db.commit()
await db.refresh(current_user)
return UserResponse(
id=current_user.id,
phone=current_user.phone,
email=current_user.email,
nickname=current_user.nickname,
avatar_url=current_user.avatar_url,
subscription_type=current_user.subscription_type,
created_at=current_user.created_at.isoformat()
)
except Exception as e:
error_msg = f"处理图片失败: {str(e)}"
logger.error(f"头像上传失败: {error_msg}\n{traceback.format_exc()}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=error_msg
)
@router.get("/avatars/{filename}")
async def get_avatar(filename: str):
"""
获取用户头像
返回头像文件如果不存在则返回404
"""
file_path = AVATAR_DIR / filename
if not file_path.exists():
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="头像不存在"
)
return FileResponse(
file_path,
media_type="image/jpeg"
)
# ============================================================================
# 短信验证码相关路由
# ============================================================================
@router.post("/sms/send")
async def send_sms_code(
request: SmsRequest,
db: AsyncSession = Depends(get_async_db)
):
"""
发送短信验证码
用途:
- login: 登录/注册(统一接口,用户不存在时自动注册)
- register: 注册保留兼容建议使用login
- reset_password: 重置密码
- change_phone: 修改手机号
"""
# 验证手机号格式
if not request.phone.isdigit():
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="手机号格式不正确"
)
# 验证用途
valid_purposes = ["register", "login", "reset_password", "change_phone"]
if request.purpose not in valid_purposes:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"无效的用途,必须是: {', '.join(valid_purposes)}"
)
# 对于注册,检查手机号是否已存在
if request.purpose == "register":
stmt = select(User).where(User.phone == request.phone)
result = await db.execute(stmt)
existing_user = result.scalar_one_or_none()
if existing_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="该手机号已被注册"
)
# 对于重置密码,检查手机号是否存在
if request.purpose == "reset_password":
stmt = select(User).where(User.phone == request.phone)
result = await db.execute(stmt)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="该手机号未注册"
)
# 对于登录,不再检查用户是否存在,允许自动注册
# 发送验证码时统一使用login目的登录接口会自动处理注册逻辑
# 发送验证码
success, message, expires_in = await send_verification_code(
db=db,
phone=request.phone,
purpose=request.purpose,
ip_address=None # TODO: 从request中获取IP地址
)
if not success:
# 根据错误类型返回适当的HTTP状态码
if "频繁" in message:
status_code = status.HTTP_429_TOO_MANY_REQUESTS
elif "配置" in message or "配置错误" in message or "授权失败" in message:
# 配置错误或授权失败返回503服务不可用
status_code = status.HTTP_503_SERVICE_UNAVAILABLE
else:
# 其他错误返回500内部服务器错误
status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
raise HTTPException(
status_code=status_code,
detail=message
)
return {"message": message, "expires_in": expires_in}
@router.post("/login/sms", response_model=TokenResponse)
async def login_with_sms(
request: SmsLoginRequest,
db: AsyncSession = Depends(get_async_db)
):
"""
验证码登录/注册(统一接口)
使用手机号和验证码登录,如果用户不存在则自动注册。
注册时需要提供昵称。
"""
# 验证是否同意用户协议和隐私政策
if not request.agreed_to_terms:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="请先阅读并同意用户协议和隐私政策"
)
# 验证验证码支持login和register两种目的兼容旧流程
# 先尝试用login验证如果失败再尝试register验证
success = False
message = ""
for purpose in ["login", "register"]:
success, message = await verify_code(
db=db,
phone=request.phone,
code=request.code,
purpose=purpose
)
if success:
break
if not success:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=message
)
# 查找用户
stmt = select(User).where(User.phone == request.phone)
result = await db.execute(stmt)
user = result.scalar_one_or_none()
# 如果用户不存在,自动注册
if not user:
# 创建新用户
user_id = str(uuid.uuid4())
# 生成一个随机密码(用户不会用到,但数据库要求必填)
random_password = secrets.token_urlsafe(32)
password_hash = hash_password(random_password)
# 如果提供了昵称就使用,否则使用空字符串(表示需要后续设置)
nickname = request.nickname.strip() if request.nickname else ""
user = User(
id=user_id,
phone=request.phone,
password_hash=password_hash,
email=None,
nickname=nickname,
subscription_type="free",
created_at=datetime.now(timezone.utc)
)
db.add(user)
await db.commit()
await db.refresh(user)
# 创建刷新令牌
refresh_token_str = create_refresh_token()
refresh_token = RefreshToken(
id=str(uuid.uuid4()),
user_id=user.id,
token=refresh_token_str,
expires_at=get_token_expires_at(),
created_at=datetime.now(timezone.utc)
)
db.add(refresh_token)
await db.commit()
# 生成访问令牌
access_token = create_access_token(data={"sub": user.id})
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token_str,
token_type="bearer"
)
@router.post("/register/sms", response_model=TokenResponse, status_code=status.HTTP_201_CREATED)
async def register_with_sms(
request: SmsRegisterRequest,
db: AsyncSession = Depends(get_async_db)
):
"""
验证码注册
使用验证码验证后完成注册
"""
# 验证是否同意用户协议和隐私政策
if not request.agreed_to_terms:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="请先阅读并同意用户协议和隐私政策"
)
# 验证验证码
success, message = await verify_code(
db=db,
phone=request.phone,
code=request.code,
purpose="register"
)
if not success:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=message
)
# 检查手机号是否已存在(双重验证)
stmt = select(User).where(User.phone == request.phone)
result = await db.execute(stmt)
existing_user = result.scalar_one_or_none()
if existing_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="该手机号已被注册"
)
# 检查邮箱是否已存在(如果提供了邮箱)
if request.email:
stmt = select(User).where(User.email == request.email)
result = await db.execute(stmt)
existing_email = result.scalar_one_or_none()
if existing_email:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="该邮箱已被注册"
)
# 创建新用户
user_id = str(uuid.uuid4())
password_hash = hash_password(request.password)
user = User(
id=user_id,
phone=request.phone,
password_hash=password_hash,
email=request.email,
nickname=request.nickname,
subscription_type="free",
created_at=datetime.now(timezone.utc)
)
db.add(user)
# 创建刷新令牌
refresh_token_str = create_refresh_token()
refresh_token = RefreshToken(
id=str(uuid.uuid4()),
user_id=user_id,
token=refresh_token_str,
expires_at=get_token_expires_at(),
created_at=datetime.now(timezone.utc)
)
db.add(refresh_token)
await db.commit()
await db.refresh(user)
# 生成访问令牌
access_token = create_access_token(data={"sub": user_id})
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token_str,
token_type="bearer"
)
@router.post("/password/reset")
async def reset_password(
request: ResetPasswordRequest,
db: AsyncSession = Depends(get_async_db)
):
"""
重置密码(忘记密码)
使用验证码重置密码
"""
# 验证验证码
success, message = await verify_code(
db=db,
phone=request.phone,
code=request.code,
purpose="reset_password"
)
if not success:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=message
)
# 查找用户
stmt = select(User).where(User.phone == request.phone)
result = await db.execute(stmt)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="用户不存在"
)
# 更新密码
user.password_hash = hash_password(request.new_password)
await db.commit()
return {"message": "密码重置成功"}
@router.post("/password/change")
async def change_password(
request: ChangePasswordRequest,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_async_db)
):
"""
修改密码(已登录)
需要验证旧密码
"""
# 验证旧密码
if not verify_password(request.old_password, current_user.password_hash):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="旧密码错误"
)
# 更新密码
current_user.password_hash = hash_password(request.new_password)
await db.commit()
return {"message": "密码修改成功"}
@router.post("/phone/change", response_model=UserResponse)
async def change_phone(
request: ChangePhoneRequest,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_async_db)
):
"""
修改手机号
需要验证新手机号的验证码
"""
# 验证验证码
success, message = await verify_code(
db=db,
phone=request.new_phone,
code=request.code,
purpose="change_phone"
)
if not success:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=message
)
# 检查新手机号是否已被使用
stmt = select(User).where(User.phone == request.new_phone)
result = await db.execute(stmt)
existing_user = result.scalar_one_or_none()
if existing_user and existing_user.id != current_user.id:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="该手机号已被其他用户使用"
)
# 更新手机号
current_user.phone = request.new_phone
await db.commit()
await db.refresh(current_user)
return UserResponse(
id=current_user.id,
phone=current_user.phone,
email=current_user.email,
nickname=current_user.nickname,
avatar_url=current_user.avatar_url,
subscription_type=current_user.subscription_type,
created_at=current_user.created_at.isoformat()
)
@router.put("/me/nickname", response_model=UserResponse)
async def update_nickname(
request: UpdateNicknameRequest,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_async_db)
):
"""
更新用户昵称
用于首次登录后设置昵称,或修改现有昵称
"""
# 更新昵称
current_user.nickname = request.nickname.strip()
await db.commit()
await db.refresh(current_user)
return UserResponse(
id=current_user.id,
phone=current_user.phone,
email=current_user.email,
nickname=current_user.nickname,
avatar_url=current_user.avatar_url,
subscription_type=current_user.subscription_type,
created_at=current_user.created_at.isoformat()
)
@router.post("/logout/all")
async def logout_all_devices(
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_async_db)
):
"""
登出所有设备
撤销当前用户的所有刷新令牌
"""
# 查找用户的所有刷新令牌
stmt = select(RefreshToken).where(
RefreshToken.user_id == current_user.id,
RefreshToken.is_revoked == False
)
result = await db.execute(stmt)
tokens = result.scalars().all()
# 撤销所有令牌
for token in tokens:
token.is_revoked = True
await db.commit()
return {"message": f"已登出所有设备,共撤销 {len(tokens)} 个令牌"}
Reference in New Issue View Git Blame Copy Permalink