v0.1测试

backend/middleware/auth_middleware.py

@@ -0,0 +1,111 @@
+# ===========================================
+# 班级操行分管理系统 - 后端服务
+# 
+# 开发者: Canglan
+# 联系方式: admin@sea-studio.top
+# 版权归属: Sea Network Technology Studio
+# 许可证: MIT License
+# 
+# 版权所有 © Sea Network Technology Studio
+# ===========================================
+ 
+from fastapi import Request, HTTPException
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from starlette.middleware.base import BaseHTTPMiddleware
+from typing import Optional, Dict, Any, Tuple
+import re
+
+from utils.jwt_handler import jwt_handler
+from utils.redis_client import RedisClient
+from utils.response import unauthorized_response
+from utils.logger import get_logger
+
+logger = get_logger(__name__)
+
+# 不需要认证的路由
+PUBLIC_PATHS = [
+    r'^/$',
+    r'^/health$',
+    r'^/api/auth/login$',
+    r'^/api/auth/logout$',
+    r'^/debug/.*$',  # 调试入口
+]
+
+# 不需要Token验证但需要记录访问的路由
+OPEN_PATHS = [
+    r'^/api/auth/change-password$',
+]
+
+
+def is_public_path(path: str) -> bool:
+    """检查是否为公开路径"""
+    for pattern in PUBLIC_PATHS:
+        if re.match(pattern, path):
+            return True
+    return False
+
+
+class AuthMiddleware(BaseHTTPMiddleware):
+    """JWT认证中间件"""
+    
+    async def dispatch(self, request: Request, call_next):
+        path = request.url.path
+        
+        # 公开路径跳过认证
+        if is_public_path(path):
+            return await call_next(request)
+        
+        # 获取Authorization头
+        auth_header = request.headers.get("Authorization")
+        
+        if not auth_header:
+            return unauthorized_response("缺少认证令牌")
+        
+        # 解析Bearer Token
+        try:
+            scheme, token = auth_header.split()
+            if scheme.lower() != "bearer":
+                return unauthorized_response("认证格式错误")
+        except ValueError:
+            return unauthorized_response("认证格式错误")
+        
+        # 验证Token
+        payload = jwt_handler.verify_token(token)
+        if not payload:
+            return unauthorized_response("令牌无效或已过期")
+        
+        # 验证Redis中的Token
+        user_id = payload.get("user_id")
+        stored_token = await RedisClient.get_user_token(user_id)
+        
+        if not stored_token or stored_token != token:
+            return unauthorized_response("令牌已失效，请重新登录")
+        
+        # 将用户信息存储到request.state
+        request.state.user_id = payload.get("user_id")
+        request.state.username = payload.get("username")
+        request.state.user_type = payload.get("user_type")
+        request.state.student_id = payload.get("student_id")
+        request.state.role = payload.get("role")
+        
+        # 刷新Token过期时间
+        from config import settings
+        await RedisClient.expire(f"user_token:{user_id}", settings.JWT_EXPIRE_MINUTES * 60)
+        
+        return await call_next(request)
+
+
+async def get_current_user(request: Request) -> Dict[str, Any]:
+    """获取当前登录用户信息"""
+    return {
+        "user_id": request.state.user_id,
+        "username": request.state.username,
+        "user_type": request.state.user_type,
+        "student_id": request.state.student_id,
+        "role": request.state.role
+    }
+
+
+async def get_current_user_id(request: Request) -> int:
+    """获取当前用户ID"""
+    return request.state.user_id