增加API鉴权
This commit is contained in:
jeremygan2021
@@ -7,6 +7,7 @@ import json
|
||||
import os
|
||||
import secrets
|
||||
from datetime import datetime
|
||||
from config import settings
|
||||
|
||||
from database import get_db
|
||||
from models import Device as DeviceModel, Content as ContentModel, Todo as TodoModel
|
||||
@@ -20,6 +21,68 @@ templates = Jinja2Templates(directory="templates")
|
||||
# 创建管理后台路由
|
||||
admin_router = APIRouter()
|
||||
|
||||
# 登录页面
|
||||
@admin_router.get("/login", response_class=HTMLResponse)
|
||||
async def login_page(request: Request, next: Optional[str] = None):
|
||||
"""
|
||||
管理员登录页面
|
||||
"""
|
||||
# 如果已经登录,重定向到首页
|
||||
if request.session.get("authenticated"):
|
||||
return RedirectResponse(url=next or "/admin/", status_code=303)
|
||||
|
||||
return templates.TemplateResponse("admin/login.html", {
|
||||
"request": request,
|
||||
"next": next
|
||||
})
|
||||
|
||||
# 登录处理
|
||||
@admin_router.post("/login", response_class=HTMLResponse)
|
||||
async def login_submit(
|
||||
request: Request,
|
||||
username: str = Form(...),
|
||||
password: str = Form(...),
|
||||
remember: Optional[bool] = Form(False),
|
||||
next: Optional[str] = None
|
||||
):
|
||||
"""
|
||||
处理管理员登录
|
||||
"""
|
||||
# 验证用户名和密码
|
||||
# 这里使用配置文件中的设置,实际项目中应该使用数据库存储用户信息
|
||||
if username == settings.admin_username and password == settings.admin_password:
|
||||
# 设置会话
|
||||
request.session["authenticated"] = True
|
||||
request.session["username"] = username
|
||||
|
||||
# 设置会话过期时间
|
||||
if remember:
|
||||
request.session["expire_at_browser_close"] = False
|
||||
else:
|
||||
request.session["expire_at_browser_close"] = True
|
||||
|
||||
# 重定向到原始请求的页面或首页
|
||||
return RedirectResponse(url=next or "/admin/", status_code=303)
|
||||
else:
|
||||
# 登录失败,返回错误信息
|
||||
return templates.TemplateResponse("admin/login.html", {
|
||||
"request": request,
|
||||
"next": next,
|
||||
"error": "用户名或密码错误"
|
||||
})
|
||||
|
||||
# 登出
|
||||
@admin_router.get("/logout", response_class=HTMLResponse)
|
||||
async def logout(request: Request):
|
||||
"""
|
||||
管理员登出
|
||||
"""
|
||||
# 清除会话
|
||||
request.session.clear()
|
||||
|
||||
# 重定向到登录页面
|
||||
return RedirectResponse(url="/admin/login", status_code=303)
|
||||
|
||||
# 管理后台路由
|
||||
@admin_router.get("/", response_class=HTMLResponse)
|
||||
async def admin_dashboard(request: Request, db: Session = Depends(get_db)):
|
||||
|
||||
Reference in New Issue
Block a user