hankin
423baff73b
- Docker bridge 网络隔离(8000 端口封死) - Gunicorn 4 Worker 多进程 - Alembic 数据库迁移基线 - 日志轮转 20m×3 - JWT 密钥 + DB 密码 + CORS 收紧 - 3-2-1 备份链路(NAS + R740-B 冷备) - 连接池 pool_pre_ping + pool_recycle=3600
41 lines
1.3 KiB
Python
41 lines
1.3 KiB
Python
# -*- coding: utf-8 -*-
|
|
"""
|
|
API 公共依赖
|
|
提供 JWT 令牌验证依赖,用于需要认证的路由。
|
|
"""
|
|
|
|
from fastapi import Depends, HTTPException, status
|
|
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
|
|
|
|
from app.core.security import decode_access_token
|
|
|
|
# Bearer Token 提取器
|
|
bearer_scheme = HTTPBearer(auto_error=True)
|
|
|
|
|
|
async def get_current_user(
|
|
credentials: HTTPAuthorizationCredentials = Depends(bearer_scheme),
|
|
) -> dict:
|
|
"""
|
|
从 Authorization: Bearer <token> 中解码 JWT,返回 payload。
|
|
用法: current_user: dict = Depends(get_current_user)
|
|
"""
|
|
payload = decode_access_token(credentials.credentials)
|
|
if payload is None:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="令牌无效或已过期",
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
)
|
|
return payload
|
|
|
|
|
|
async def require_admin(current_user: dict = Depends(get_current_user)) -> dict:
|
|
"""仅允许 admin 角色访问,否则 403"""
|
|
if current_user.get("role") != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="权限不足,需要管理员角色",
|
|
)
|
|
return current_user
|