Implement student roster login gating

This commit is contained in:
2026-07-07 18:45:07 +08:00
parent 4f11d8632c
commit 29f25dd767
8 changed files with 318 additions and 21 deletions

View File

@@ -6,7 +6,6 @@ from fastapi import HTTPException, status
from sqlalchemy import select
from sqlalchemy.orm import Session
from app.core.config import get_settings
from app.core.security import create_access_token
from app.models.user import User
from app.services.sms_code_service import SmsCodeService
@@ -16,13 +15,15 @@ class AuthService:
_revoked_token_jti: set[str] = set()
@classmethod
def send_sms_code(cls, phone: str) -> None:
def send_sms_code(cls, db: Session, phone: str) -> None:
user = cls._get_existing_user(db, phone)
cls._ensure_user_can_login(user)
SmsCodeService.send_code(phone)
@classmethod
def login_with_sms(cls, db: Session, phone: str, code: str) -> dict:
SmsCodeService.verify_code(phone, code)
user = cls._get_or_create_user(db, phone)
user = cls._get_existing_user(db, phone)
cls._ensure_user_can_login(user)
now = datetime.now(UTC).replace(tzinfo=None)
@@ -46,24 +47,12 @@ class AuthService:
return bool(jti and str(jti) in cls._revoked_token_jti)
@classmethod
def _get_or_create_user(cls, db: Session, phone: str) -> User:
def _get_existing_user(cls, db: Session, phone: str) -> User:
user = db.scalar(select(User).where(User.phone == phone, User.is_deleted == 0))
if user is not None:
return user
settings = get_settings()
user = User(
phone=phone,
name=f"{settings.default_user_name_prefix}{phone[-4:]}",
daily_chat_limit=settings.default_daily_chat_limit,
daily_chat_used=0,
status=1,
is_deleted=0,
)
db.add(user)
db.commit()
db.refresh(user)
return user
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="手机号不在学员名单中,请联系管理员")
@staticmethod
def _ensure_user_can_login(user: User) -> None: