from fastapi import APIRouter, Depends, HTTPException from sqlalchemy import select from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.orm import selectinload from app.core.auth import hash_password, verify_password, create_access_token from app.core.deps import get_current_user from app.db.database import get_db from app.db.models import ClassMembership, User from app.schemas.auth import LoginRequest, RegisterRequest, ChangePasswordRequest from app.schemas.user import TokenResponse, UserOut, build_user_out from app.services.member_activation_service import validate_registration router = APIRouter(prefix="/api/auth", tags=["auth"]) @router.post("/activate") async def activate_account(req: RegisterRequest, db: AsyncSession = Depends(get_db)): # 1. Check if email is already in use existing = await db.execute(select(User).where(User.email == req.email)) if existing.scalar_one_or_none(): raise HTTPException(status_code=400, detail="该邮箱已注册") # 2. Validate invite_code + student_id against inactive class member activation_target = await validate_registration(db, req.invite_code, req.student_id) if activation_target is None: raise HTTPException(status_code=400, detail="邀请码或学号无效,或账号已激活") user, class_id = activation_target user.email = req.email user.password_hash = hash_password(req.password) user.status = "approved" await db.commit() result = await db.execute( select(User) .options( selectinload(User.memberships), selectinload(User.memberships).selectinload(ClassMembership.class_), ) .where(User.id == user.id) ) user = result.scalar_one() user.set_active_membership(class_id) # 3. Issue token — activation and login in one step token = create_access_token({"sub": str(user.id), "role": user.role}) return { "message": "账号激活成功", "token": token, "user": build_user_out(user, class_id), } @router.post("/login", response_model=TokenResponse) async def login(req: LoginRequest, db: AsyncSession = Depends(get_db)): result = await db.execute( select(User) .options( selectinload(User.memberships), selectinload(User.memberships).selectinload(ClassMembership.class_), ) .where(User.email == req.email) ) user = result.scalar_one_or_none() if user is None: raise HTTPException(status_code=401, detail="邮箱或密码错误") if user.status == "inactive": raise HTTPException(status_code=401, detail="账号尚未激活") if user.status == "disabled": raise HTTPException(status_code=401, detail="账号已被禁用") if not user.password_hash or not verify_password(req.password, user.password_hash): raise HTTPException(status_code=401, detail="邮箱或密码错误") token = create_access_token({"sub": str(user.id), "role": user.role}) return TokenResponse( token=token, user=build_user_out(user), ) @router.get("/me", response_model=UserOut) async def get_me(user: User = Depends(get_current_user), db: AsyncSession = Depends(get_db)): default_membership = user.get_default_membership() user_out = build_user_out(user, default_membership.class_id if default_membership else None) # Attach enabled_modules from active class if default_membership: from app.db.models import Class_ from sqlalchemy import select result = await db.execute(select(Class_).where(Class_.id == default_membership.class_id)) class_ = result.scalar_one_or_none() if class_: user_out.enabled_modules = class_.get_enabled_modules() return user_out @router.put("/change-password") async def change_password( req: ChangePasswordRequest, user: User = Depends(get_current_user), db: AsyncSession = Depends(get_db), ): if not user.password_hash or not verify_password(req.old_password, user.password_hash): raise HTTPException(status_code=400, detail="Old password is incorrect") user.password_hash = hash_password(req.new_password) await db.commit() return {"message": "Password changed successfully"}