27f76918b2
本 PR 汇合三块运营后台改动(原 #50 仅含其中「加固」一块,已并入本 PR 并关闭)。 ## 1. review 加固 (436b2a3) - 超管防自锁:降级/禁用最后一个 active super_admin 前校验,杜绝零超管死局 - 时间筛选统一 tz-aware(列为 timestamptz),比较绝对时刻、不依赖 DB 会话时区 - 上报审核 / 调余额(set·扣减)加行锁,防并发/连点重复发钱 - ad_audit 复算排序补 id 次级键;health-check 限 finance;调账/拒绝 reason 去空白校验 ## 2. 反馈改版 (5a18dbb) - contact 可选、截图≤6;admin 反馈列表筛选/排序;admin·wallet 接口调整 + docs ## 3. 列表页码分页 (1a7a624) - CursorPage 加 total;新增 offset_paginate(count 与分页同源) - 上报/审计日志从 id 游标改 offset 分页(支持跳页) - 用户 / 提现 / 上报 / 审计日志 四页接入页码分页 测试:admin 套件 47 passed。前端配套改动见 shaguabijia-admin-web。 --------- Co-authored-by: OuYingJun1024 <1034284404@qq.com> Reviewed-on: #51 Co-authored-by: ouzhou <ouzhou@wonderable.ai> Co-committed-by: ouzhou <ouzhou@wonderable.ai>
108 lines
4.7 KiB
Python
108 lines
4.7 KiB
Python
"""admin 上报更低价审核:列表 + 统计(读)+ 通过(发金币)/拒绝(写,带审计)。
|
|
|
|
数据由客户端 POST /api/v1/report 写入 price_report 表(提交即 pending);本路由是运营后台
|
|
对它的人工审核窗口。**通过** → 给上报用户钱包发固定金币(PRICE_REPORT_REWARD_COINS):
|
|
改状态 + 发金币(wallet.grant_coins)+ 审计同一事务一起 commit(原子,仿 users.grant_user_coins),
|
|
绝不只改状态不发钱或反之。客户端轮询 GET /api/v1/report/records 自动看到结果(无需推送)。
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from typing import Annotated
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query, Request
|
|
|
|
from app.admin.audit import write_audit
|
|
from app.admin.deps import AdminDb, get_client_ip, get_current_admin, require_role
|
|
from app.admin.repositories import mutations, queries
|
|
from app.admin.schemas.common import CursorPage, OkResponse
|
|
from app.admin.schemas.price_report import (
|
|
PriceReportOut,
|
|
PriceReportRejectRequest,
|
|
PriceReportSummary,
|
|
)
|
|
from app.core.rewards import PRICE_REPORT_REWARD_COINS
|
|
from app.models.admin import AdminUser
|
|
from app.models.price_report import PriceReport
|
|
from app.repositories import wallet as wallet_repo
|
|
|
|
router = APIRouter(
|
|
prefix="/admin/api/price-reports",
|
|
tags=["admin-price-report"],
|
|
dependencies=[Depends(get_current_admin)],
|
|
)
|
|
|
|
|
|
@router.get("", response_model=CursorPage[PriceReportOut], summary="上报更低价列表(筛选+分页)")
|
|
def list_price_reports(
|
|
db: AdminDb,
|
|
status: Annotated[str | None, Query()] = None,
|
|
user_id: Annotated[int | None, Query()] = None,
|
|
limit: Annotated[int, Query(ge=1, le=100)] = 20,
|
|
cursor: Annotated[int | None, Query()] = None,
|
|
) -> CursorPage[PriceReportOut]:
|
|
items, next_cursor, total = queries.list_price_reports(
|
|
db, status=status, user_id=user_id, limit=limit, cursor=cursor,
|
|
)
|
|
return CursorPage(
|
|
items=[PriceReportOut.model_validate(r) for r in items],
|
|
next_cursor=next_cursor,
|
|
total=total,
|
|
)
|
|
|
|
|
|
@router.get("/summary", response_model=PriceReportSummary, summary="上报审核统计(各状态计数)")
|
|
def price_report_summary(db: AdminDb) -> PriceReportSummary:
|
|
return PriceReportSummary.model_validate(queries.price_report_summary(db))
|
|
|
|
|
|
@router.post("/{report_id}/approve", response_model=OkResponse, summary="通过上报(发固定金币)")
|
|
def approve_price_report(
|
|
report_id: int,
|
|
request: Request,
|
|
admin: Annotated[AdminUser, Depends(require_role("operator"))],
|
|
db: AdminDb,
|
|
) -> OkResponse:
|
|
# 行锁(SELECT FOR UPDATE):并发/连点双请求会都读到 pending → 各发一次金币双倍发奖,
|
|
# 锁住该行串行化,第二个请求拿锁后看到 approved → 走 400。SQLite 下 FOR UPDATE 为 no-op。
|
|
rep = db.get(PriceReport, report_id, with_for_update=True)
|
|
if rep is None:
|
|
raise HTTPException(status_code=404, detail="上报记录不存在")
|
|
if rep.status != "pending":
|
|
raise HTTPException(status_code=400, detail=f"该上报已审核过(当前 {rep.status}),不可重复操作")
|
|
coins = PRICE_REPORT_REWARD_COINS
|
|
# 改状态 + 发金币 + 审计同一事务(commit=False),最后一起 commit:改了就有痕、发了就留账
|
|
mutations.review_price_report(db, rep, status="approved", reward_coins=coins, commit=False)
|
|
wallet_repo.grant_coins(
|
|
db, rep.user_id, coins,
|
|
biz_type="price_report_reward", ref_id=str(rep.id), remark="上报更低价审核通过",
|
|
)
|
|
write_audit(
|
|
db, admin, action="price_report.approve", target_type="price_report", target_id=report_id,
|
|
detail={"reward_coins": coins, "user_id": rep.user_id}, ip=get_client_ip(request), commit=False,
|
|
)
|
|
db.commit()
|
|
return OkResponse()
|
|
|
|
|
|
@router.post("/{report_id}/reject", response_model=OkResponse, summary="拒绝上报")
|
|
def reject_price_report(
|
|
report_id: int,
|
|
body: PriceReportRejectRequest,
|
|
request: Request,
|
|
admin: Annotated[AdminUser, Depends(require_role("operator"))],
|
|
db: AdminDb,
|
|
) -> OkResponse:
|
|
rep = db.get(PriceReport, report_id, with_for_update=True) # 行锁,同 approve(防并发重复审核)
|
|
if rep is None:
|
|
raise HTTPException(status_code=404, detail="上报记录不存在")
|
|
if rep.status != "pending":
|
|
raise HTTPException(status_code=400, detail=f"该上报已审核过(当前 {rep.status}),不可重复操作")
|
|
reason = body.reason.strip()
|
|
mutations.review_price_report(db, rep, status="rejected", reject_reason=reason, commit=False)
|
|
write_audit(
|
|
db, admin, action="price_report.reject", target_type="price_report", target_id=report_id,
|
|
detail={"reason": reason, "user_id": rep.user_id}, ip=get_client_ip(request), commit=False,
|
|
)
|
|
db.commit()
|
|
return OkResponse()
|