leaudit-platform-backend/fastapi_modules/fastapi_leaudit/controllers/auth/authController.py

"""认证控制器。

路由路径与旧项目完全一致：
  POST /auth/login          — 统一登录（OAuth + 密码自动检测）
  POST /auth/password_login — 账密登录

前端当前统一按 ``success + message + data`` 解析登录结果，
这里显式对齐该契约，避免登录成功却被前端误判为失败。
"""

from typing import Any

from fastapi import Depends, Request
from fastapi.responses import JSONResponse

from fastapi_common.fastapi_common_web.controller import BaseController
from fastapi_common.fastapi_common_web.domain.responses import Result
from fastapi_common.fastapi_common_web.exception.LeauditException import LeauditException
from fastapi_common.fastapi_common_logger import logger
from fastapi_common.fastapi_common_security.security import verify_access_token

from fastapi_modules.fastapi_leaudit.domian.Dto.auth.loginDto import PasswordLoginDTO
from fastapi_modules.fastapi_leaudit.services import IAuthService
from fastapi_modules.fastapi_leaudit.services.impl.authServiceImpl import AuthServiceImpl


class AuthController(BaseController):
    """认证控制器。"""

    def __init__(self):
        super().__init__(prefix="/auth", tags=["认证"])
        self.AuthService: IAuthService = AuthServiceImpl()

        @self.router.post("/login")
        async def Login(RequestObj: Request):
            """统一登录接口。

            自动检测登录方式：
            - 含 userInfo.sub → OAuth 登录
            - 含 username + password → 密码登录
            """
            try:
                requestData = await RequestObj.json()

                if "userInfo" in requestData and isinstance(requestData["userInfo"], dict) and "sub" in requestData["userInfo"]:
                    logger.info("检测到 OAuth 登录请求")
                    ui = requestData["userInfo"]
                    vo = await self.AuthService.OAuthLogin(
                        Sub=ui["sub"],
                        Username=ui.get("username"),
                        Nickname=ui.get("nickname"),
                        Email=ui.get("email"),
                        PhoneNumber=ui.get("phone_number"),
                        OuId=ui.get("ou_id"),
                        OuName=ui.get("ou_name"),
                        IsLeader=ui.get("is_leader"),
                        Area=requestData.get("area"),
                        ExpiresIn=requestData.get("expiresIn", 3600),
                    )
                elif "username" in requestData and "password" in requestData:
                    logger.info(f"检测到密码登录请求 - username={requestData['username']}")
                    vo = await self.AuthService.PasswordLogin(
                        Sub=requestData["username"],
                        Password=requestData["password"],
                    )
                else:
                    return JSONResponse(
                        status_code=400,
                        content={"success": False, "message": "无效的登录请求格式", "data": None},
                    )

                return JSONResponse(status_code=200, content={
                    "success": True,
                    "message": "ok",
                    "data": {
                        "access_token": vo.access_token,
                        "token_type": vo.token_type,
                        "expires_in": vo.expires_in,
                        "issued_time": vo.issued_time,
                        "user_info": vo.user_info,
                    },
                })

            except LeauditException as e:
                logger.error(f"登录失败: {e.message}")
                return JSONResponse(
                    status_code=e.statusCode,
                    content={"success": False, "message": e.message, "data": None},
                )
            except Exception as e:
                logger.error(f"登录失败: {e}")
                return JSONResponse(status_code=401, content={
                    "success": False, "message": "登录失败，请稍后重试", "data": None,
                })

        @self.router.post("/password_login")
        async def PasswordLogin(RequestObj: Request):
            """账密登录。校验 sso_users 表 sub + password。"""
            try:
                requestData = await RequestObj.json()
                dto = PasswordLoginDTO(**requestData)
                vo = await self.AuthService.PasswordLogin(Sub=dto.sub, Password=dto.password)
                return JSONResponse(status_code=200, content={
                    "success": True, "message": "ok", "data": vo.model_dump(),
                })
            except LeauditException as e:
                logger.error(f"密码登录失败: {e.message}")
                return JSONResponse(
                    status_code=e.statusCode,
                    content={"success": False, "message": e.message, "data": None},
                )
            except Exception as e:
                logger.error(f"密码登录失败: {e}")
                return JSONResponse(status_code=401, content={
                    "success": False, "message": "登录失败，请稍后重试", "data": None,
                })

        @self.router.get("/me", response_model=Result[dict[str, Any]])
        async def GetCurrentUser(payload: dict[str, Any] = Depends(verify_access_token)):
            """获取当前登录用户信息。"""
            Data = await self.AuthService.GetCurrentUser(UserId=int(payload["user_id"]))
            return Result.success(data=Data)