tuhui/backend/app/api/auth.py

from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.security import get_password_hash, verify_password, create_access_token
from app.models.user import User
from app.schemas.user import UserRegister, UserLogin, Token, UserResponse

router = APIRouter(prefix="/auth", tags=["认证"])

@router.post("/register", response_model=Token, summary="用户注册")
def register(user_data: UserRegister, db: Session = Depends(get_db)):
    """用户注册（使用手机号，无需验证码）"""
    try:
        # 检查手机号是否已存在
        existing_user = db.query(User).filter(User.phone == user_data.phone).first()
        if existing_user:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="该手机号已被注册"
            )
        
        # 创建新用户
        hashed_password = get_password_hash(user_data.password)
        new_user = User(
            phone=user_data.phone,
            password_hash=hashed_password,
            nickname=user_data.nickname or f"用户{user_data.phone[-4:]}",
            balance=0.0
        )
        
        db.add(new_user)
        db.commit()
        db.refresh(new_user)
        
        # 生成 Token
        access_token = create_access_token(data={"sub": str(new_user.id)})
        
        return Token(
            access_token=access_token,
            user=UserResponse.from_orm(new_user)
        )
    except HTTPException:
        raise
    except Exception as e:
        print(f"[ERROR] 注册失败: {e}")
        print(f"[ERROR] 错误类型: {type(e).__name__}")
        import traceback
        traceback.print_exc()
        db.rollback()
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=f"注册失败: {str(e)}"
        )

@router.post("/login", response_model=Token, summary="用户登录")
def login(credentials: UserLogin, db: Session = Depends(get_db)):
    """用户登录（使用手机号）"""
    # 查找用户
    user = db.query(User).filter(User.phone == credentials.phone).first()
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="手机号或密码错误"
        )
    
    # 验证密码
    if not verify_password(credentials.password, user.password_hash):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="手机号或密码错误"
        )
    
    # 生成 Token
    access_token = create_access_token(data={"sub": str(user.id)})
    
    return Token(
        access_token=access_token,
        user=UserResponse.from_orm(user)
    )