from flask import Blueprint, request, jsonify from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity from models import User, db from datetime import timedelta users_bp = Blueprint('users', __name__) @users_bp.route('/login', methods=['POST']) def login(): data = request.json user = User.query.filter_by(username=data['username']).first() if not user or not user.check_password(data['password']): return jsonify({'error': '用户名或密码错误'}), 401 if user.status != 'active': return jsonify({'error': '账号未激活或已被禁用'}), 403 access_token = create_access_token( identity=str(user.id), expires_delta=timedelta(hours=24) ) return jsonify({ 'access_token': access_token, 'user': { 'id': user.id, 'username': user.username, 'role': user.role } }) @users_bp.route('/me', methods=['GET']) @jwt_required() def get_current_user(): user_id = get_jwt_identity() user = db.session.get(User, user_id) if not user: return jsonify({'error': '用户不存在'}), 404 return jsonify({ 'id': user.id, 'username': user.username, 'email': user.email, 'role': user.role, 'status': user.status }) @users_bp.route('/users', methods=['POST']) @jwt_required() def create_user(): current_user_id = get_jwt_identity() current_user = db.session.get(User, current_user_id) if current_user.role != 'admin': return jsonify({'error': '权限不足'}), 403 data = request.json if not data.get('username') or not data.get('password'): return jsonify({'error': '用户名和密码不能为空'}), 400 if User.query.filter_by(username=data['username']).first(): return jsonify({'error': '用户名已存在'}), 400 user = User( username=data['username'], email=data.get('email'), role=data.get('role', 'user') ) user.set_password(data['password']) db.session.add(user) db.session.commit() return jsonify({ 'id': user.id, 'username': user.username, 'email': user.email, 'role': user.role }), 201