init medical training project
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
from rest_framework_simplejwt.tokens import RefreshToken
|
||||
|
||||
ALLOWED_ROLE_TYPES = ('student', 'doctor', 'teacher')
|
||||
|
||||
|
||||
def get_tokens_for_user(user):
|
||||
refresh = RefreshToken.for_user(user)
|
||||
return {'access': str(refresh.access_token), 'refresh': str(refresh)}
|
||||
|
||||
|
||||
def build_user_response(user):
|
||||
return {
|
||||
'id': user.id,
|
||||
'username': user.username,
|
||||
'phone': user.phone,
|
||||
'real_name': user.real_name,
|
||||
'role_type': user.role_type,
|
||||
'institution': user.institution.name if user.institution_id else None,
|
||||
'department': user.department.name if user.department_id else None,
|
||||
}
|
||||
|
||||
|
||||
def get_client_ip(request):
|
||||
xff = request.META.get('HTTP_X_FORWARDED_FOR')
|
||||
if xff:
|
||||
return xff.split(',')[0].strip()
|
||||
return request.META.get('REMOTE_ADDR')
|
||||
|
||||
|
||||
def get_user_agent(request):
|
||||
return request.META.get('HTTP_USER_AGENT', '')
|
||||
@@ -0,0 +1,150 @@
|
||||
import re
|
||||
|
||||
from django.core.cache import cache
|
||||
from django.utils import timezone
|
||||
from rest_framework.decorators import api_view, permission_classes
|
||||
from rest_framework.permissions import AllowAny
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import serializers as drf_serializers
|
||||
from drf_spectacular.utils import extend_schema, inline_serializer
|
||||
|
||||
from config.exceptions import AppError
|
||||
from apps.user.models import User
|
||||
from apps.user.audit import log_login_success, log_login_fail
|
||||
from apps.user.auth import get_tokens_for_user, build_user_response, get_client_ip, get_user_agent
|
||||
|
||||
LOGIN_FAIL_MAX = 5
|
||||
LOGIN_FAIL_LOCK_SECONDS = 15 * 60 # 15 分钟
|
||||
|
||||
_LOGIN_RESPONSE = inline_serializer('LoginResponse', fields={
|
||||
'message': drf_serializers.CharField(),
|
||||
'user': drf_serializers.DictField(help_text='用户基本信息'),
|
||||
'tokens': drf_serializers.DictField(help_text='access + refresh'),
|
||||
})
|
||||
|
||||
|
||||
# ── U3 密码登录 ──────────────────────────────────────────────────────────────
|
||||
|
||||
@extend_schema(
|
||||
summary='U3 密码登录',
|
||||
request=inline_serializer('LoginPasswordRequest', fields={
|
||||
'phone': drf_serializers.CharField(help_text='手机号'),
|
||||
'password': drf_serializers.CharField(help_text='密码'),
|
||||
}),
|
||||
responses={200: _LOGIN_RESPONSE},
|
||||
tags=['认证'],
|
||||
)
|
||||
@api_view(['POST'])
|
||||
@permission_classes([AllowAny])
|
||||
def login_password(request):
|
||||
"""U3 密码登录"""
|
||||
data = request.data
|
||||
phone = str(data.get('phone', ''))
|
||||
password = str(data.get('password', ''))
|
||||
|
||||
if not phone or not password:
|
||||
raise AppError('AUTH_BAD_CREDENTIALS', '手机号和密码不能为空')
|
||||
|
||||
ip = get_client_ip(request)
|
||||
ua = get_user_agent(request)
|
||||
|
||||
# 检查账号锁定
|
||||
fail_key = f'login_fail:{phone}'
|
||||
fail_count = cache.get(fail_key)
|
||||
if fail_count is not None and int(fail_count) >= LOGIN_FAIL_MAX:
|
||||
raise AppError('AUTH_ACCOUNT_LOCKED', '登录失败次数过多,请 15 分钟后再试', status_code=423)
|
||||
|
||||
# 查找用户(不区分"未注册"和"密码错",防用户名枚举)
|
||||
try:
|
||||
user = User.objects.select_related('institution', 'department').get(phone=phone)
|
||||
except User.DoesNotExist:
|
||||
log_login_fail(phone, ip=ip, reason='phone_not_found')
|
||||
raise AppError('AUTH_BAD_CREDENTIALS', '手机号或密码错误')
|
||||
|
||||
# 账号禁用检查
|
||||
if user.status == 0:
|
||||
log_login_fail(phone, ip=ip, reason='account_disabled')
|
||||
raise AppError('AUTH_ACCOUNT_DISABLED', '账号已被禁用,请联系管理员', status_code=403)
|
||||
|
||||
# 校验密码
|
||||
if not user.check_password(password):
|
||||
current = cache.get(fail_key)
|
||||
new_count = (int(current) + 1) if current is not None else 1
|
||||
cache.set(fail_key, new_count, timeout=LOGIN_FAIL_LOCK_SECONDS)
|
||||
log_login_fail(phone, ip=ip, reason='wrong_password')
|
||||
raise AppError('AUTH_BAD_CREDENTIALS', '手机号或密码错误')
|
||||
|
||||
# 登录成功
|
||||
cache.delete(fail_key)
|
||||
user.last_login_time = timezone.now()
|
||||
user.save(update_fields=['last_login_time'])
|
||||
|
||||
tokens = get_tokens_for_user(user)
|
||||
log_login_success(user.id, phone, ip=ip, ua=ua)
|
||||
|
||||
return Response({
|
||||
'message': '登录成功',
|
||||
'user': build_user_response(user),
|
||||
'tokens': tokens,
|
||||
})
|
||||
|
||||
|
||||
# ── U4 验证码登录 ────────────────────────────────────────────────────────────
|
||||
|
||||
@extend_schema(
|
||||
summary='U4 验证码登录',
|
||||
request=inline_serializer('LoginCodeRequest', fields={
|
||||
'phone': drf_serializers.CharField(help_text='手机号'),
|
||||
'code': drf_serializers.CharField(help_text='6 位短信验证码'),
|
||||
}),
|
||||
responses={200: _LOGIN_RESPONSE},
|
||||
tags=['认证'],
|
||||
)
|
||||
@api_view(['POST'])
|
||||
@permission_classes([AllowAny])
|
||||
def login_code(request):
|
||||
"""U4 验证码登录"""
|
||||
data = request.data
|
||||
phone = str(data.get('phone', ''))
|
||||
code = str(data.get('code', ''))
|
||||
|
||||
if not re.match(r'^1[3-9]\d{9}$', phone):
|
||||
raise AppError('SMS_INVALID_PHONE', '手机号格式不合法')
|
||||
|
||||
if not code:
|
||||
raise AppError('AUTH_CODE_INVALID', '请输入验证码')
|
||||
|
||||
# 查找用户
|
||||
try:
|
||||
user = User.objects.select_related('institution', 'department').get(phone=phone)
|
||||
except User.DoesNotExist:
|
||||
raise AppError('AUTH_PHONE_NOT_FOUND', '手机号未注册')
|
||||
|
||||
if user.status == 0:
|
||||
raise AppError('AUTH_ACCOUNT_DISABLED', '账号已被禁用,请联系管理员', status_code=403)
|
||||
|
||||
# 校验验证码
|
||||
cache_key = f'sms:login:{phone}'
|
||||
cached_code = cache.get(cache_key)
|
||||
if not cached_code:
|
||||
raise AppError('AUTH_CODE_EXPIRED', '验证码已过期或未发送')
|
||||
if str(cached_code) != code:
|
||||
raise AppError('AUTH_CODE_MISMATCH', '验证码错误')
|
||||
|
||||
# 成功:清理验证码 + 清理密码失败计数
|
||||
cache.delete(cache_key)
|
||||
cache.delete(f'login_fail:{phone}')
|
||||
|
||||
user.last_login_time = timezone.now()
|
||||
user.save(update_fields=['last_login_time'])
|
||||
|
||||
tokens = get_tokens_for_user(user)
|
||||
ip = get_client_ip(request)
|
||||
ua = get_user_agent(request)
|
||||
log_login_success(user.id, phone, ip=ip, ua=ua)
|
||||
|
||||
return Response({
|
||||
'message': '登录成功',
|
||||
'user': build_user_response(user),
|
||||
'tokens': tokens,
|
||||
})
|
||||
@@ -0,0 +1,51 @@
|
||||
from rest_framework.decorators import api_view, permission_classes
|
||||
from rest_framework.permissions import AllowAny
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import serializers as drf_serializers
|
||||
from rest_framework_simplejwt.tokens import RefreshToken
|
||||
from drf_spectacular.utils import extend_schema, inline_serializer
|
||||
|
||||
from apps.user.utils.jwt_redis import revoke_token
|
||||
from apps.user.audit import log_logout
|
||||
|
||||
|
||||
@extend_schema(
|
||||
summary='U7 退出登录',
|
||||
request=inline_serializer('LogoutRequest', fields={
|
||||
'refresh': drf_serializers.CharField(help_text='refresh token'),
|
||||
}),
|
||||
responses={200: inline_serializer('LogoutResponse', fields={
|
||||
'message': drf_serializers.CharField(),
|
||||
})},
|
||||
tags=['认证'],
|
||||
)
|
||||
@api_view(['POST'])
|
||||
@permission_classes([AllowAny])
|
||||
def logout(request):
|
||||
"""U7 退出登录 — 无论 token 是否合法均返回 200(防探测)"""
|
||||
refresh_raw = request.data.get('refresh', '')
|
||||
jti = None
|
||||
user_id = None
|
||||
|
||||
if refresh_raw:
|
||||
try:
|
||||
token = RefreshToken(refresh_raw)
|
||||
jti = token.payload.get('jti')
|
||||
exp = token.payload.get('exp')
|
||||
user_id = token.payload.get('user_id')
|
||||
if jti and exp:
|
||||
revoke_token(jti, exp)
|
||||
except Exception:
|
||||
pass # 静默处理无效 token
|
||||
|
||||
# 审计:优先取已认证用户,兜底取 token payload
|
||||
audit_uid = None
|
||||
if hasattr(request, 'user') and request.user and request.user.is_authenticated:
|
||||
audit_uid = request.user.id
|
||||
elif user_id:
|
||||
audit_uid = user_id
|
||||
|
||||
if audit_uid:
|
||||
log_logout(audit_uid, jti=jti)
|
||||
|
||||
return Response({'message': '已退出登录'})
|
||||
@@ -0,0 +1,54 @@
|
||||
from rest_framework.permissions import AllowAny
|
||||
from rest_framework_simplejwt.views import TokenRefreshView
|
||||
from rest_framework_simplejwt.tokens import RefreshToken
|
||||
from rest_framework_simplejwt.exceptions import TokenError
|
||||
from drf_spectacular.utils import extend_schema
|
||||
|
||||
from config.exceptions import AppError
|
||||
from apps.user.utils.jwt_redis import revoke_token, is_token_revoked, get_user_invalid_before
|
||||
|
||||
|
||||
@extend_schema(tags=['认证'])
|
||||
class CustomTokenRefreshView(TokenRefreshView):
|
||||
"""U8 刷新 Token — 在 simplejwt 旋转前后加入 Redis 黑名单检查 + 旧 token 吊销"""
|
||||
permission_classes = [AllowAny]
|
||||
authentication_classes = ()
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
refresh_raw = request.data.get('refresh', '')
|
||||
if not refresh_raw:
|
||||
raise AppError('AUTH_TOKEN_INVALID', '请提供 refresh token', status_code=401)
|
||||
|
||||
# ── 解析旧 token(必须在 super().post() 之前,因为 simplejwt 会 mutate) ──
|
||||
try:
|
||||
old_token = RefreshToken(refresh_raw)
|
||||
except TokenError:
|
||||
raise AppError('AUTH_TOKEN_INVALID', 'refresh token 无效或已过期', status_code=401)
|
||||
|
||||
old_jti = old_token.payload.get('jti')
|
||||
old_exp = old_token.payload.get('exp')
|
||||
uid = old_token.payload.get('user_id')
|
||||
iat = old_token.payload.get('iat')
|
||||
|
||||
# ── Redis 黑名单检查 ──
|
||||
if old_jti and is_token_revoked(old_jti):
|
||||
raise AppError('AUTH_TOKEN_INVALID', 'refresh token 已被吊销', status_code=401)
|
||||
|
||||
# ── 用户级失效截止检查 ──
|
||||
if uid and iat is not None:
|
||||
invalid_before = get_user_invalid_before(uid)
|
||||
if invalid_before is not None and iat < invalid_before:
|
||||
raise AppError('AUTH_TOKEN_INVALID', 'token 已失效,请重新登录', status_code=401)
|
||||
|
||||
# ── 交给 simplejwt 处理旋转 ──
|
||||
response = super().post(request, *args, **kwargs)
|
||||
|
||||
# ── 吊销旧 refresh token ──
|
||||
if old_jti and old_exp:
|
||||
revoke_token(old_jti, old_exp)
|
||||
|
||||
return response
|
||||
|
||||
|
||||
# 函数式引用,供 urls.py 保持一致风格
|
||||
refresh_token = CustomTokenRefreshView.as_view()
|
||||
@@ -0,0 +1,141 @@
|
||||
import re
|
||||
|
||||
from django.core.cache import cache
|
||||
from django.conf import settings
|
||||
from django.db import transaction, IntegrityError
|
||||
from rest_framework import status
|
||||
from rest_framework.decorators import api_view, permission_classes, throttle_classes
|
||||
from rest_framework.permissions import AllowAny
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import serializers as drf_serializers
|
||||
from drf_spectacular.utils import extend_schema, inline_serializer
|
||||
|
||||
from config.exceptions import AppError
|
||||
from apps.user.models import User, Institution, Department
|
||||
from apps.user.throttling import RegisterIpThrottle
|
||||
from apps.user.utils.password import validate_password_strength
|
||||
from apps.user.audit import log_register
|
||||
from apps.user.auth import get_tokens_for_user, build_user_response, ALLOWED_ROLE_TYPES
|
||||
|
||||
|
||||
@extend_schema(
|
||||
summary='U2 用户注册',
|
||||
request=inline_serializer('RegisterRequest', fields={
|
||||
'phone': drf_serializers.CharField(help_text='手机号'),
|
||||
'code': drf_serializers.CharField(help_text='6 位短信验证码'),
|
||||
'password': drf_serializers.CharField(help_text='密码(>=6 位,含字母+数字)'),
|
||||
'real_name': drf_serializers.CharField(help_text='真实姓名'),
|
||||
'role_type': drf_serializers.ChoiceField(
|
||||
choices=['student', 'doctor', 'teacher'],
|
||||
required=False, default='student', help_text='角色类型'),
|
||||
'institution_name': drf_serializers.CharField(required=False, help_text='机构名称'),
|
||||
'department_name': drf_serializers.CharField(required=False, help_text='科室名称'),
|
||||
}),
|
||||
responses={201: inline_serializer('RegisterResponse', fields={
|
||||
'message': drf_serializers.CharField(),
|
||||
'user': drf_serializers.DictField(help_text='用户基本信息'),
|
||||
'tokens': drf_serializers.DictField(help_text='access + refresh'),
|
||||
})},
|
||||
tags=['认证'],
|
||||
)
|
||||
@api_view(['POST'])
|
||||
@permission_classes([AllowAny])
|
||||
@throttle_classes([RegisterIpThrottle])
|
||||
def register(request):
|
||||
"""U2 用户注册(手机号 + 验证码 + 密码)"""
|
||||
data = request.data
|
||||
|
||||
phone = str(data.get('phone', ''))
|
||||
code = str(data.get('code', ''))
|
||||
password = str(data.get('password', ''))
|
||||
real_name = str(data.get('real_name', ''))
|
||||
role_type = str(data.get('role_type', 'student'))
|
||||
institution_name = data.get('institution_name') or ''
|
||||
department_name = data.get('department_name') or ''
|
||||
|
||||
# ── 入参校验 ──────────────────────────────────────────────────────────────
|
||||
|
||||
if not re.match(r'^1[3-9]\d{9}$', phone):
|
||||
raise AppError('SMS_INVALID_PHONE', '手机号格式不合法')
|
||||
|
||||
if not code or len(code) != 6 or not code.isdigit():
|
||||
raise AppError('AUTH_CODE_INVALID', '验证码必须为 6 位数字')
|
||||
|
||||
if not real_name or len(real_name) < 2 or len(real_name) > 20:
|
||||
raise AppError('USER_INVALID_NAME', '姓名长度应在 2-20 字符之间')
|
||||
|
||||
if role_type not in ALLOWED_ROLE_TYPES:
|
||||
raise AppError('AUTH_INVALID_ROLE', '角色类型无效,仅允许 student / doctor / teacher')
|
||||
|
||||
# ── 密码强度 ──────────────────────────────────────────────────────────────
|
||||
|
||||
pwd_errors = validate_password_strength(password, phone=phone, real_name=real_name)
|
||||
if pwd_errors:
|
||||
raise AppError('AUTH_PASSWORD_WEAK', pwd_errors[0], details=pwd_errors)
|
||||
|
||||
# ── 验证码校验 ────────────────────────────────────────────────────────────
|
||||
|
||||
cache_key = f'sms:register:{phone}'
|
||||
cached_code = cache.get(cache_key)
|
||||
if not cached_code:
|
||||
raise AppError('AUTH_CODE_EXPIRED', '验证码已过期或未发送')
|
||||
if str(cached_code) != code:
|
||||
raise AppError('AUTH_CODE_MISMATCH', '验证码错误')
|
||||
|
||||
# ── 机构 / 科室解析 ──────────────────────────────────────────────────────
|
||||
|
||||
institution = None
|
||||
if institution_name:
|
||||
try:
|
||||
institution = Institution.objects.get(name=institution_name)
|
||||
except Institution.DoesNotExist:
|
||||
raise AppError('USER_INSTITUTION_NOT_FOUND', f'机构"{institution_name}"不存在')
|
||||
except Institution.MultipleObjectsReturned:
|
||||
raise AppError('USER_INSTITUTION_AMBIGUOUS', f'存在多个同名机构"{institution_name}"')
|
||||
|
||||
department = None
|
||||
if department_name:
|
||||
qs = Department.objects.filter(name=department_name)
|
||||
if institution:
|
||||
qs = qs.filter(institution=institution)
|
||||
cnt = qs.count()
|
||||
if cnt == 0:
|
||||
raise AppError('USER_DEPARTMENT_NOT_FOUND', f'科室"{department_name}"不存在')
|
||||
if cnt > 1:
|
||||
raise AppError('USER_DEPARTMENT_AMBIGUOUS',
|
||||
f'科室"{department_name}"不唯一,请同时指定 institution_name')
|
||||
department = qs.first()
|
||||
|
||||
# ── 事务内创建用户 ────────────────────────────────────────────────────────
|
||||
|
||||
try:
|
||||
with transaction.atomic():
|
||||
if User.objects.filter(phone=phone).exists():
|
||||
raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')
|
||||
|
||||
user = User.objects.create_user(
|
||||
username=phone,
|
||||
password=password,
|
||||
phone=phone,
|
||||
real_name=real_name,
|
||||
role_type=role_type,
|
||||
institution=institution,
|
||||
department=department,
|
||||
status=1,
|
||||
)
|
||||
except AppError:
|
||||
raise
|
||||
except IntegrityError:
|
||||
raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')
|
||||
|
||||
# ── 善后 ──────────────────────────────────────────────────────────────────
|
||||
|
||||
cache.delete(cache_key)
|
||||
tokens = get_tokens_for_user(user)
|
||||
log_register(user.id, phone)
|
||||
|
||||
return Response({
|
||||
'message': '注册成功',
|
||||
'user': build_user_response(user),
|
||||
'tokens': tokens,
|
||||
}, status=status.HTTP_201_CREATED)
|
||||
@@ -0,0 +1,92 @@
|
||||
import re
|
||||
|
||||
from django.core.cache import cache
|
||||
from django.db import transaction
|
||||
from rest_framework.decorators import api_view, permission_classes, throttle_classes
|
||||
from rest_framework.permissions import AllowAny
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import serializers as drf_serializers
|
||||
from drf_spectacular.utils import extend_schema, inline_serializer
|
||||
|
||||
from config.exceptions import AppError
|
||||
from apps.user.models import User
|
||||
from apps.user.throttling import ResetPhoneThrottle
|
||||
from apps.user.utils.password import validate_password_strength
|
||||
from apps.user.utils.jwt_redis import invalidate_user_tokens
|
||||
from apps.user.audit import log_password_reset
|
||||
|
||||
|
||||
@extend_schema(
|
||||
summary='U5 找回密码',
|
||||
request=inline_serializer('ResetPasswordRequest', fields={
|
||||
'phone': drf_serializers.CharField(help_text='手机号'),
|
||||
'code': drf_serializers.CharField(help_text='6 位短信验证码'),
|
||||
'new_password': drf_serializers.CharField(help_text='新密码'),
|
||||
}),
|
||||
responses={200: inline_serializer('ResetPasswordResponse', fields={
|
||||
'message': drf_serializers.CharField(),
|
||||
})},
|
||||
tags=['认证'],
|
||||
)
|
||||
@api_view(['POST'])
|
||||
@permission_classes([AllowAny])
|
||||
@throttle_classes([ResetPhoneThrottle])
|
||||
def reset_password(request):
|
||||
"""U5 找回密码(手机号 + 验证码 + 新密码)"""
|
||||
data = request.data
|
||||
phone = str(data.get('phone', ''))
|
||||
code = str(data.get('code', ''))
|
||||
new_password = str(data.get('new_password', ''))
|
||||
|
||||
# ── 入参校验 ──────────────────────────────────────────────────────────────
|
||||
|
||||
if not re.match(r'^1[3-9]\d{9}$', phone):
|
||||
raise AppError('SMS_INVALID_PHONE', '手机号格式不合法')
|
||||
|
||||
if not code or len(code) != 6 or not code.isdigit():
|
||||
raise AppError('AUTH_CODE_INVALID', '验证码必须为 6 位数字')
|
||||
|
||||
if not new_password:
|
||||
raise AppError('AUTH_PASSWORD_WEAK', '请输入新密码')
|
||||
|
||||
# ── 查找用户 ──────────────────────────────────────────────────────────────
|
||||
|
||||
try:
|
||||
user = User.objects.get(phone=phone)
|
||||
except User.DoesNotExist:
|
||||
raise AppError('AUTH_PHONE_NOT_FOUND', '手机号未注册')
|
||||
|
||||
# ── 验证码校验 ────────────────────────────────────────────────────────────
|
||||
|
||||
cache_key = f'sms:reset:{phone}'
|
||||
cached_code = cache.get(cache_key)
|
||||
if not cached_code:
|
||||
raise AppError('AUTH_CODE_EXPIRED', '验证码已过期或未发送')
|
||||
if str(cached_code) != code:
|
||||
raise AppError('AUTH_CODE_MISMATCH', '验证码错误')
|
||||
|
||||
# ── 新密码校验 ────────────────────────────────────────────────────────────
|
||||
|
||||
# 新密码不得与旧密码相同(独立错误码)
|
||||
if user.check_password(new_password):
|
||||
raise AppError('AUTH_PASSWORD_SAME_AS_OLD', '新密码不能与旧密码相同')
|
||||
|
||||
# 密码强度校验
|
||||
pwd_errors = validate_password_strength(new_password, phone=user.phone, real_name=user.real_name)
|
||||
if pwd_errors:
|
||||
raise AppError('AUTH_PASSWORD_WEAK', pwd_errors[0], details=pwd_errors)
|
||||
|
||||
# ── 事务内:重置密码 + 失效旧 token ──────────────────────────────────────
|
||||
|
||||
with transaction.atomic():
|
||||
user.set_password(new_password)
|
||||
user.save(update_fields=['password'])
|
||||
invalidate_user_tokens(user.id)
|
||||
|
||||
# ── 善后 ──────────────────────────────────────────────────────────────────
|
||||
|
||||
cache.delete(cache_key)
|
||||
cache.delete(f'login_fail:{phone}')
|
||||
log_password_reset(user.id)
|
||||
|
||||
return Response({'message': '密码已重置,请重新登录'})
|
||||
@@ -0,0 +1,61 @@
|
||||
import re
|
||||
|
||||
from django.core.cache import cache
|
||||
from django.conf import settings
|
||||
from rest_framework.decorators import api_view, permission_classes, throttle_classes
|
||||
from rest_framework.permissions import AllowAny
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import serializers as drf_serializers
|
||||
from drf_spectacular.utils import extend_schema, inline_serializer
|
||||
|
||||
from config.exceptions import AppError
|
||||
from apps.user.models import User
|
||||
from apps.user.throttling import SmsPhoneMinuteThrottle, SmsPhoneDayThrottle, SmsIpThrottle
|
||||
from apps.user.utils.sms import generate_sms_code, get_sms_service, SmsError
|
||||
|
||||
|
||||
@extend_schema(
|
||||
summary='U1 发送短信验证码',
|
||||
request=inline_serializer('SendCodeRequest', fields={
|
||||
'phone': drf_serializers.CharField(help_text='手机号'),
|
||||
'scene': drf_serializers.ChoiceField(choices=['register', 'login', 'reset'],
|
||||
help_text='场景:register/login/reset'),
|
||||
}),
|
||||
responses={200: inline_serializer('SendCodeResponse', fields={
|
||||
'message': drf_serializers.CharField(),
|
||||
})},
|
||||
tags=['认证'],
|
||||
)
|
||||
@api_view(['POST'])
|
||||
@permission_classes([AllowAny])
|
||||
@throttle_classes([SmsPhoneMinuteThrottle, SmsPhoneDayThrottle, SmsIpThrottle])
|
||||
def send_code(request):
|
||||
"""U1 发送短信验证码"""
|
||||
data = request.data
|
||||
phone = data.get('phone', '')
|
||||
scene = data.get('scene', '')
|
||||
|
||||
if not re.match(r'^1[3-9]\d{9}$', str(phone)):
|
||||
raise AppError('SMS_INVALID_PHONE', '手机号格式不合法')
|
||||
|
||||
if scene not in ('register', 'login', 'reset'):
|
||||
raise AppError('SMS_INVALID_SCENE', 'scene 参数无效,仅允许 register / login / reset')
|
||||
|
||||
user_exists = User.objects.filter(phone=phone).exists()
|
||||
if scene == 'register' and user_exists:
|
||||
raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')
|
||||
if scene in ('login', 'reset') and not user_exists:
|
||||
raise AppError('AUTH_PHONE_NOT_FOUND', '手机号未注册')
|
||||
|
||||
code = generate_sms_code()
|
||||
cache_key = f'sms:{scene}:{phone}'
|
||||
cache.set(cache_key, code, timeout=settings.SMS_CODE_EXPIRE)
|
||||
|
||||
try:
|
||||
get_sms_service().send_code(phone, scene, code)
|
||||
except SmsError as e:
|
||||
cache.delete(cache_key)
|
||||
err_code = str(e) if str(e) in ('SMS_BIZ_ERROR',) else 'SMS_PROVIDER_ERROR'
|
||||
raise AppError(err_code, '短信发送失败,请稍后重试', status_code=500)
|
||||
|
||||
return Response({'message': '验证码已发送'})
|
||||
Reference in New Issue
Block a user