30 lines
1.1 KiB
Python
30 lines
1.1 KiB
Python
from fastapi import Depends, HTTPException, Header
|
|
from typing import Optional
|
|
from sqlalchemy.orm import Session
|
|
from app.models.database import get_db
|
|
from app.models.user import UserDB
|
|
from app.core.security import verify_token
|
|
|
|
async def get_current_user(
|
|
authorization: Optional[str] = Header(None),
|
|
db: Session = Depends(get_db)
|
|
) -> UserDB:
|
|
if not authorization or not authorization.startswith("Bearer "):
|
|
raise HTTPException(status_code=401, detail="未提供有效的认证信息")
|
|
|
|
token = authorization.split(" ")[1]
|
|
phone = verify_token(token)
|
|
if not phone:
|
|
raise HTTPException(status_code=401, detail="Token已过期或无效")
|
|
|
|
user = db.query(UserDB).filter(UserDB.phone == phone).first()
|
|
if not user:
|
|
raise HTTPException(status_code=401, detail="用户未登录")
|
|
return user
|
|
|
|
async def get_admin_user(
|
|
current_user: UserDB = Depends(get_current_user)
|
|
) -> UserDB:
|
|
if not current_user.is_admin:
|
|
raise HTTPException(status_code=403, detail="需要管理员权限")
|
|
return current_user |