优化证书生成与正式部署配置

This commit is contained in:
2026-06-15 18:23:46 +08:00
parent f1d7491288
commit 668e0403af
31 changed files with 1603 additions and 145 deletions

View File

@@ -8,6 +8,10 @@ from app.models import AdminUser
bearer_scheme = HTTPBearer(auto_error=False)
ROLE_ALIASES = {
"admin": "system_admin",
}
def get_current_admin(
credentials: HTTPAuthorizationCredentials | None = Depends(bearer_scheme),
@@ -26,7 +30,8 @@ def get_current_admin(
def require_roles(*role_codes: str):
def checker(admin: AdminUser = Depends(get_current_admin)) -> AdminUser:
if admin.role_code not in role_codes:
role_code = ROLE_ALIASES.get(admin.role_code, admin.role_code)
if role_code not in role_codes:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Permission denied")
return admin

View File

@@ -7,6 +7,7 @@ from app.api.routes import (
admin_imports,
admin_learners,
admin_logs,
admin_pdf_cleanup,
admin_projects,
auth,
health,
@@ -23,4 +24,5 @@ api_router.include_router(admin_certificates.router, prefix="/admin/certificates
api_router.include_router(admin_imports.router, prefix="/admin/import-batches", tags=["admin-imports"])
api_router.include_router(admin_exports.router, prefix="/admin/exports", tags=["admin-exports"])
api_router.include_router(admin_logs.router, prefix="/admin/logs", tags=["admin-logs"])
api_router.include_router(admin_pdf_cleanup.router, prefix="/admin/pdf-cleanup", tags=["admin-pdf-cleanup"])
api_router.include_router(public.router, prefix="/public", tags=["public"])

View File

@@ -0,0 +1,56 @@
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from app.api.deps import get_current_admin
from app.db.session import get_db
from app.models import AdminUser
from app.services.pdf_cleanup import (
cleanup_expired_pdfs,
get_pdf_cleanup_stats,
manual_cleanup_certificate,
)
router = APIRouter()
@router.get("/stats")
def get_pdf_stats(
current_admin: AdminUser = Depends(get_current_admin),
) -> dict:
"""获取PDF清理统计信息"""
return get_pdf_cleanup_stats()
@router.post("/cleanup")
def trigger_cleanup(
current_admin: AdminUser = Depends(get_current_admin),
) -> dict:
"""手动触发PDF清理"""
if current_admin.role_code != "admin":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="只有管理员可以执行此操作",
)
return cleanup_expired_pdfs()
@router.post("/cleanup/{certificate_no}")
def cleanup_single_certificate(
certificate_no: str,
current_admin: AdminUser = Depends(get_current_admin),
) -> dict:
"""手动清理指定证书的PDF"""
if current_admin.role_code != "admin":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="只有管理员可以执行此操作",
)
success = manual_cleanup_certificate(certificate_no)
if success:
return {"message": f"证书 {certificate_no} 的PDF已清理"}
else:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail=f"证书 {certificate_no} 不存在或清理失败",
)