from fastapi import APIRouter, Depends from sqlalchemy.orm import Session import uuid from app.core.error_codes import BizCode from app.core.exceptions import BusinessException from app.db import get_db from app.dependencies import get_current_user, get_current_superuser from app.models.user_model import User from app.schemas import user_schema from app.schemas.user_schema import ( ChangePasswordRequest, AdminChangePasswordRequest, SendEmailCodeRequest, VerifyEmailCodeRequest, VerifyPasswordRequest) from app.schemas.response_schema import ApiResponse from app.services import user_service from app.core.logging_config import get_api_logger from app.core.response_utils import success from app.core.security import verify_password # 获取API专用日志器 api_logger = get_api_logger() router = APIRouter( prefix="/users", tags=["Users"], ) @router.post("/superuser", response_model=ApiResponse) def create_superuser( user: user_schema.UserCreate, db: Session = Depends(get_db), current_superuser: User = Depends(get_current_superuser) ): """创建超级管理员(仅超级管理员可访问)""" api_logger.info(f"超级管理员创建请求: {user.username}, email: {user.email}") result = user_service.create_superuser(db=db, user=user, current_user=current_superuser) api_logger.info(f"超级管理员创建成功: {result.username} (ID: {result.id})") result_schema = user_schema.User.model_validate(result) return success(data=result_schema, msg="超级管理员创建成功") @router.delete("/{user_id}", response_model=ApiResponse) def delete_user( user_id: uuid.UUID, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """停用用户(软删除)""" api_logger.info(f"用户停用请求: user_id={user_id}, 操作者: {current_user.username}") result = user_service.deactivate_user( db=db, user_id_to_deactivate=user_id, current_user=current_user ) api_logger.info(f"用户停用成功: {result.username} (ID: {result.id})") return success(msg="用户停用成功") @router.post("/{user_id}/activate", response_model=ApiResponse) def activate_user( user_id: uuid.UUID, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """激活用户""" api_logger.info(f"用户激活请求: user_id={user_id}, 操作者: {current_user.username}") result = user_service.activate_user( db=db, user_id_to_activate=user_id, current_user=current_user ) api_logger.info(f"用户激活成功: {result.username} (ID: {result.id})") result_schema = user_schema.User.model_validate(result) return success(data=result_schema, msg="用户激活成功") @router.get("", response_model=ApiResponse) def get_current_user_info( db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """获取当前用户信息""" api_logger.info(f"当前用户信息请求: {current_user.username}") result = user_service.get_user( db=db, user_id=current_user.id, current_user=current_user ) result_schema = user_schema.User.model_validate(result) # 设置当前工作空间的角色和名称 if current_user.current_workspace_id: from app.repositories.workspace_repository import WorkspaceRepository workspace_repo = WorkspaceRepository(db) current_workspace = workspace_repo.get_workspace_by_id(current_user.current_workspace_id) if current_workspace: result_schema.current_workspace_name = current_workspace.name for ws in result.workspaces: if ws.workspace_id == current_user.current_workspace_id and ws.is_active: result_schema.role = ws.role break api_logger.info(f"当前用户信息获取成功: {result.username}, 角色: {result_schema.role}, 工作空间: {result_schema.current_workspace_name}") return success(data=result_schema, msg="用户信息获取成功") @router.get("/superusers", response_model=ApiResponse) def get_tenant_superusers( include_inactive: bool = False, db: Session = Depends(get_db), current_user: User = Depends(get_current_superuser), ): """获取当前租户下的超管账号列表(仅超级管理员可访问)""" api_logger.info(f"获取租户超管列表请求: {current_user.username}") superusers = user_service.get_tenant_superusers( db=db, current_user=current_user, include_inactive=include_inactive ) api_logger.info(f"租户超管列表获取成功: count={len(superusers)}") superusers_schema = [user_schema.User.model_validate(u) for u in superusers] return success(data=superusers_schema, msg="租户超管列表获取成功") @router.get("/{user_id}", response_model=ApiResponse) def get_user_info_by_id( user_id: uuid.UUID, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """根据用户ID获取用户信息""" api_logger.info(f"获取用户信息请求: user_id={user_id}, 操作者: {current_user.username}") result = user_service.get_user( db=db, user_id=user_id, current_user=current_user ) api_logger.info(f"用户信息获取成功: {result.username}") result_schema = user_schema.User.model_validate(result) return success(data=result_schema, msg="用户信息获取成功") @router.put("/change-password", response_model=ApiResponse) async def change_password( request: ChangePasswordRequest, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """修改当前用户密码""" api_logger.info(f"用户密码修改请求: {current_user.username}") await user_service.change_password( db=db, user_id=current_user.id, old_password=request.old_password, new_password=request.new_password, current_user=current_user ) api_logger.info(f"用户密码修改成功: {current_user.username}") return success(msg="密码修改成功") @router.put("/admin/change-password", response_model=ApiResponse) async def admin_change_password( request: AdminChangePasswordRequest, db: Session = Depends(get_db), current_user: User = Depends(get_current_superuser), ): """超级管理员修改指定用户的密码""" api_logger.info(f"管理员密码修改请求: 管理员 {current_user.username} 修改用户 {request.user_id}") user, generated_password = await user_service.admin_change_password( db=db, target_user_id=request.user_id, new_password=request.new_password, current_user=current_user ) # 根据是否生成了随机密码来构造响应 if request.new_password: api_logger.info(f"管理员密码修改成功: 用户 {request.user_id}") return success(msg="密码修改成功") else: api_logger.info(f"管理员密码重置成功: 用户 {request.user_id}, 随机密码已生成") return success(data=generated_password, msg="密码重置成功") @router.post("/verify_pwd", response_model=ApiResponse) def verify_pwd( request: VerifyPasswordRequest, current_user: User = Depends(get_current_user), ): """验证当前用户密码""" api_logger.info(f"用户验证密码请求: {current_user.username}") is_valid = verify_password(request.password, current_user.hashed_password) api_logger.info(f"用户密码验证结果: {current_user.username}, valid={is_valid}") if not is_valid: raise BusinessException("密码验证失败", code=BizCode.VALIDATION_FAILED) return success(data={"valid": is_valid}, msg="验证完成") @router.post("/send-email-code", response_model=ApiResponse) async def send_email_code( request: SendEmailCodeRequest, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """发送邮箱验证码""" api_logger.info(f"用户请求发送邮箱验证码: {current_user.username}, email={request.email}") await user_service.send_email_code_method(db=db, email=request.email, user_id=current_user.id) api_logger.info(f"邮箱验证码已发送: {current_user.username}") return success(msg="验证码已发送到您的邮箱,请查收") @router.put("/change-email", response_model=ApiResponse) async def change_email( request: VerifyEmailCodeRequest, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): """验证验证码并修改邮箱""" api_logger.info(f"用户修改邮箱: {current_user.username}, new_email={request.new_email}") await user_service.verify_and_change_email( db=db, user_id=current_user.id, new_email=request.new_email, code=request.code ) api_logger.info(f"用户邮箱修改成功: {current_user.username}") return success(msg="邮箱修改成功")