forum

backend/community/utils.py

@@ -1,5 +1,8 @@
 from django.core.signing import TimestampSigner, BadSignature, SignatureExpired
 from shop.models import WeChatUser
+import logging
+
+logger = logging.getLogger(__name__)
 
 def get_current_wechat_user(request):
     """
@@ -9,6 +12,7 @@ def get_current_wechat_user(request):
     """
     auth_header = request.headers.get('Authorization')
     if not auth_header or not auth_header.startswith('Bearer '):
+        logger.warning(f"Authentication failed: Missing or invalid Authorization header. Header: {auth_header}")
         return None
     token = auth_header.split(' ')[1]
     signer = TimestampSigner()
@@ -22,6 +26,7 @@ def get_current_wechat_user(request):
             
         # 如果没找到用户，检查是否是 Web 虚拟 OpenID
         # 场景：Web 用户已被合并到小程序账号，旧 Web Token 依然有效，指向合并后的账号
+        logger.info(f"User not found for openid: {openid}, checking for merged account...")
         if openid.startswith('web_'):
             try:
                 # 格式: web_13800138000
@@ -31,10 +36,20 @@ def get_current_wechat_user(request):
                     # 尝试通过手机号查找（查找合并后的主账号）
                     user = WeChatUser.objects.filter(phone_number=phone).first()
                     if user:
+                        logger.info(f"Found merged user {user.id} for phone {phone}")
                         return user
-            except Exception:
+            except Exception as e:
+                logger.error(f"Error checking merged account: {e}")
                 pass
         
+        logger.warning(f"Authentication failed: User not found for openid {openid}")
         return None
-    except (BadSignature, SignatureExpired):
+    except SignatureExpired:
+        logger.warning("Authentication failed: Signature expired")
+        return None
+    except BadSignature:
+        logger.warning("Authentication failed: Bad signature")
+        return None
+    except Exception as e:
+        logger.error(f"Authentication unexpected error: {e}")
         return None