2026-02-12 18:22:02 +08:00
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
"""
|
2026-02-25 19:10:13 +08:00
|
|
|
|
认证 API:登录(无需 Authorization)。
|
2026-02-12 18:22:02 +08:00
|
|
|
|
"""
|
2026-02-12 18:17:15 +08:00
|
|
|
|
import uuid
|
|
|
|
|
|
|
2026-02-14 16:49:44 +08:00
|
|
|
|
from rest_framework import status
|
2026-02-25 00:20:16 +08:00
|
|
|
|
from rest_framework.decorators import api_view, authentication_classes, permission_classes
|
2026-02-14 16:49:44 +08:00
|
|
|
|
from rest_framework.permissions import AllowAny
|
2026-02-12 18:17:15 +08:00
|
|
|
|
|
2026-02-14 16:49:44 +08:00
|
|
|
|
from server import config
|
2026-02-26 01:27:35 +08:00
|
|
|
|
from server.core.response import api_success, api_error
|
2026-02-14 16:49:44 +08:00
|
|
|
|
from server.models import AuthToken
|
|
|
|
|
|
from server.serializers import LoginSerializer
|
2026-02-12 18:17:15 +08:00
|
|
|
|
|
|
|
|
|
|
|
2026-02-14 16:49:44 +08:00
|
|
|
|
@api_view(["POST"])
|
2026-02-25 19:10:13 +08:00
|
|
|
|
@authentication_classes([]) # 登录接口不校验 Authorization
|
2026-02-14 16:49:44 +08:00
|
|
|
|
@permission_classes([AllowAny])
|
|
|
|
|
|
def login(request):
|
2026-02-12 18:17:15 +08:00
|
|
|
|
"""
|
2026-02-12 18:18:58 +08:00
|
|
|
|
登录接口(支持 JSON 和 form-data):
|
|
|
|
|
|
- 校验用户名/密码
|
|
|
|
|
|
- 生成 token,写入数据库
|
2026-02-25 19:10:13 +08:00
|
|
|
|
- 返回 token(前端可放到 Authorization 请求头)
|
2026-02-12 18:18:58 +08:00
|
|
|
|
- 下一次登录会生成新 token,旧 token 自动失效
|
2026-02-12 18:17:15 +08:00
|
|
|
|
"""
|
2026-02-14 16:49:44 +08:00
|
|
|
|
ser = LoginSerializer(data=request.data)
|
|
|
|
|
|
ser.is_valid(raise_exception=True)
|
|
|
|
|
|
|
|
|
|
|
|
username = ser.validated_data["username"]
|
|
|
|
|
|
password = ser.validated_data["password"]
|
2026-02-12 18:18:58 +08:00
|
|
|
|
|
2026-02-14 16:49:44 +08:00
|
|
|
|
if username != config.ADMIN_USERNAME or password != config.ADMIN_PASSWORD:
|
2026-02-26 01:27:35 +08:00
|
|
|
|
return api_error(status.HTTP_401_UNAUTHORIZED, "用户名或密码错误")
|
2026-02-12 18:17:15 +08:00
|
|
|
|
|
|
|
|
|
|
token = uuid.uuid4().hex
|
2026-02-14 16:49:44 +08:00
|
|
|
|
AuthToken.objects.update_or_create(
|
|
|
|
|
|
username=username,
|
|
|
|
|
|
defaults={"token": token},
|
|
|
|
|
|
)
|
2026-02-12 18:17:15 +08:00
|
|
|
|
|
2026-02-26 01:27:35 +08:00
|
|
|
|
return api_success({"token": token})
|
2026-02-25 20:12:26 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_view(["GET"])
|
|
|
|
|
|
def get_info(request):
|
|
|
|
|
|
"""
|
|
|
|
|
|
获取当前登录账号的详细信息:
|
|
|
|
|
|
- 从 Authorization 头解析 token
|
|
|
|
|
|
- 查 AuthToken 表反查用户名
|
|
|
|
|
|
- 返回用户名、登录时间等
|
|
|
|
|
|
"""
|
|
|
|
|
|
auth_header = request.headers.get("Authorization", "")
|
|
|
|
|
|
token = auth_header.replace("Bearer ", "").strip() if auth_header else ""
|
|
|
|
|
|
|
|
|
|
|
|
if not token:
|
2026-02-26 01:27:35 +08:00
|
|
|
|
return api_error(status.HTTP_401_UNAUTHORIZED, "未提供认证令牌")
|
2026-02-25 20:12:26 +08:00
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
|
record = AuthToken.objects.get(token=token)
|
|
|
|
|
|
except AuthToken.DoesNotExist:
|
2026-02-26 01:27:35 +08:00
|
|
|
|
return api_error(status.HTTP_401_UNAUTHORIZED, "令牌无效或已过期")
|
2026-02-25 20:12:26 +08:00
|
|
|
|
|
2026-02-26 01:27:35 +08:00
|
|
|
|
return api_success({
|
|
|
|
|
|
"account_id": record.id,
|
|
|
|
|
|
"username": record.username,
|
|
|
|
|
|
"token": record.token,
|
|
|
|
|
|
"created_at": record.created_at,
|
2026-02-25 20:12:26 +08:00
|
|
|
|
})
|
