"""认证控制器。 路由路径与旧项目完全一致: POST /auth/login — 统一登录(OAuth + 密码自动检测) POST /auth/password_login — 账密登录 前端当前统一按 ``success + message + data`` 解析登录结果, 这里显式对齐该契约,避免登录成功却被前端误判为失败。 """ from typing import Any from fastapi import Depends, Request from fastapi.responses import JSONResponse from fastapi_common.fastapi_common_web.controller import BaseController from fastapi_common.fastapi_common_web.domain.responses import Result from fastapi_common.fastapi_common_web.exception.LeauditException import LeauditException from fastapi_common.fastapi_common_logger import logger from fastapi_common.fastapi_common_security.security import verify_access_token from fastapi_modules.fastapi_leaudit.domian.Dto.auth.loginDto import PasswordLoginDTO from fastapi_modules.fastapi_leaudit.services import IAuthService from fastapi_modules.fastapi_leaudit.services.impl.authServiceImpl import AuthServiceImpl class AuthController(BaseController): """认证控制器。""" def __init__(self): super().__init__(prefix="/auth", tags=["认证"]) self.AuthService: IAuthService = AuthServiceImpl() @self.router.post("/login") async def Login(RequestObj: Request): """统一登录接口。 自动检测登录方式: - 含 userInfo.sub → OAuth 登录 - 含 username + password → 密码登录 """ try: requestData = await RequestObj.json() if "userInfo" in requestData and isinstance(requestData["userInfo"], dict) and "sub" in requestData["userInfo"]: logger.info("检测到 OAuth 登录请求") ui = requestData["userInfo"] vo = await self.AuthService.OAuthLogin( Sub=ui["sub"], Username=ui.get("username"), Nickname=ui.get("nickname"), Email=ui.get("email"), PhoneNumber=ui.get("phone_number"), OuId=ui.get("ou_id"), OuName=ui.get("ou_name"), IsLeader=ui.get("is_leader"), Area=requestData.get("area"), ExpiresIn=requestData.get("expiresIn", 3600), ) elif "username" in requestData and "password" in requestData: logger.info(f"检测到密码登录请求 - username={requestData['username']}") vo = await self.AuthService.PasswordLogin( Sub=requestData["username"], Password=requestData["password"], ) else: return JSONResponse( status_code=400, content={"success": False, "message": "无效的登录请求格式", "data": None}, ) return JSONResponse(status_code=200, content={ "success": True, "message": "ok", "data": { "access_token": vo.access_token, "token_type": vo.token_type, "expires_in": vo.expires_in, "issued_time": vo.issued_time, "user_info": vo.user_info, }, }) except LeauditException as e: logger.error(f"登录失败: {e.message}") return JSONResponse( status_code=e.statusCode, content={"success": False, "message": e.message, "data": None}, ) except Exception as e: logger.error(f"登录失败: {e}") return JSONResponse(status_code=401, content={ "success": False, "message": "登录失败,请稍后重试", "data": None, }) @self.router.post("/password_login") async def PasswordLogin(RequestObj: Request): """账密登录。校验 sso_users 表 sub + password。""" try: requestData = await RequestObj.json() dto = PasswordLoginDTO(**requestData) vo = await self.AuthService.PasswordLogin(Sub=dto.sub, Password=dto.password) return JSONResponse(status_code=200, content={ "success": True, "message": "ok", "data": vo.model_dump(), }) except LeauditException as e: logger.error(f"密码登录失败: {e.message}") return JSONResponse( status_code=e.statusCode, content={"success": False, "message": e.message, "data": None}, ) except Exception as e: logger.error(f"密码登录失败: {e}") return JSONResponse(status_code=401, content={ "success": False, "message": "登录失败,请稍后重试", "data": None, }) @self.router.get("/me", response_model=Result[dict[str, Any]]) async def GetCurrentUser(payload: dict[str, Any] = Depends(verify_access_token)): """获取当前登录用户信息。""" Data = await self.AuthService.GetCurrentUser(UserId=int(payload["user_id"])) return Result.success(data=Data)