Initial FastAPI admin auth scaffold

2026-06-05 17:10:30 +08:00
commit 5635da9ea5
65 changed files with 1407 additions and 0 deletions
--- a/app/middleware/admin/init.py
+++ b/app/middleware/admin/init.py
@@ -0,0 +1 @@
+"""Admin middleware."""
--- a/app/middleware/admin/admin_token_middleware.py
+++ b/app/middleware/admin/admin_token_middleware.py
@@ -0,0 +1,16 @@
+from fastapi import Request
+
+from app.common.context import current_admin_id
+from app.lib.jwt.jwt import Jwt
+from app.lib.jwt.token import JwtToken
+from app.middleware.token.abstract_token_middleware import AbstractTokenMiddleware
+
+
+class AdminTokenMiddleware(AbstractTokenMiddleware):
+    async def parser_token(self, jwt: Jwt, raw_token: str) -> JwtToken:
+        return await jwt.parser_access_token(raw_token)
+
+    def set_context(self, request: Request, token: JwtToken) -> None:
+        admin_id = token.admin_id
+        current_admin_id.set(admin_id)
+        request.state.current_admin_id = admin_id
--- a/app/middleware/admin/permission_middleware.py
+++ b/app/middleware/admin/permission_middleware.py
@@ -0,0 +1,34 @@
+from collections.abc import Iterable
+
+from fastapi import Depends, Request
+
+from app.common.context import current_admin_id
+from app.common.repository.admin_user_repository import AdminUserRepository
+from app.constants.admin_code import AdminCode
+from app.constants.model.admin_user.admin_user_status_code import AdminUserStatusCode
+from app.core.dependencies import get_admin_user_repository
+from app.exception.err_exception import ErrException
+
+
+class PermissionMiddleware:
+    def __init__(self, permissions: Iterable[str] | None = None) -> None:
+        self.permissions = tuple(permissions or ())
+
+    async def __call__(
+        self,
+        request: Request,
+        user_repository: AdminUserRepository = Depends(get_admin_user_repository),
+    ) -> None:
+        admin_id = getattr(request.state, "current_admin_id", current_admin_id.get())
+        if admin_id <= 0:
+            raise ErrException("账户不存在")
+
+        admin_user = await user_repository.find_by_id(admin_id)
+        if admin_user is None:
+            raise ErrException("账户不存在")
+        if admin_user.status == AdminUserStatusCode.DISABLE:
+            raise ErrException("账号已禁用", AdminCode.DISABLED)
+
+        request.state.current_admin_user = admin_user
+        if self.permissions and admin_user.user_type != "SuperAdmin":
+            raise ErrException("暂无权限", AdminCode.FORBIDDEN)
--- a/app/middleware/admin/refresh_admin_token_middleware.py
+++ b/app/middleware/admin/refresh_admin_token_middleware.py
@@ -0,0 +1,13 @@
+from fastapi import Request
+
+from app.lib.jwt.jwt import Jwt
+from app.lib.jwt.token import JwtToken
+from app.middleware.token.abstract_token_middleware import AbstractTokenMiddleware
+
+
+class RefreshAdminTokenMiddleware(AbstractTokenMiddleware):
+    async def parser_token(self, jwt: Jwt, raw_token: str) -> JwtToken:
+        return await jwt.parser_refresh_token(raw_token)
+
+    def set_context(self, request: Request, token: JwtToken) -> None:
+        return None