init

2025-12-09 13:08:38 +08:00
commit 02ecea06f8
36 changed files with 5876 additions and 0 deletions
--- a/api/users.py
+++ b/api/users.py
@@ -0,0 +1,81 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity
+from models import User, db
+from datetime import timedelta
+
+users_bp = Blueprint('users', __name__)
+
+@users_bp.route('/login', methods=['POST'])
+def login():
+    data = request.json
+    user = User.query.filter_by(username=data['username']).first()
+    
+    if not user or not user.check_password(data['password']):
+        return jsonify({'error': '用户名或密码错误'}), 401
+    
+    if user.status != 'active':
+        return jsonify({'error': '账号未激活或已被禁用'}), 403
+    
+    access_token = create_access_token(
+        identity=str(user.id),
+        expires_delta=timedelta(hours=24)
+    )
+    
+    return jsonify({
+        'access_token': access_token,
+        'user': {
+            'id': user.id,
+            'username': user.username,
+            'role': user.role
+        }
+    })
+
+@users_bp.route('/me', methods=['GET'])
+@jwt_required()
+def get_current_user():
+    user_id = get_jwt_identity()
+    user = db.session.get(User, user_id)
+    
+    if not user:
+        return jsonify({'error': '用户不存在'}), 404
+    
+    return jsonify({
+        'id': user.id,
+        'username': user.username,
+        'email': user.email,
+        'role': user.role,
+        'status': user.status
+    })
+
+@users_bp.route('/users', methods=['POST'])
+@jwt_required()
+def create_user():
+    current_user_id = get_jwt_identity()
+    current_user = db.session.get(User, current_user_id)
+    
+    if current_user.role != 'admin':
+        return jsonify({'error': '权限不足'}), 403
+    
+    data = request.json
+    
+    if not data.get('username') or not data.get('password'):
+        return jsonify({'error': '用户名和密码不能为空'}), 400
+    
+    if User.query.filter_by(username=data['username']).first():
+        return jsonify({'error': '用户名已存在'}), 400
+    
+    user = User(
+        username=data['username'],
+        email=data.get('email'),
+        role=data.get('role', 'user')
+    )
+    user.set_password(data['password'])
+    db.session.add(user)
+    db.session.commit()
+    
+    return jsonify({
+        'id': user.id,
+        'username': user.username,
+        'email': user.email,
+        'role': user.role
+    }), 201