b50495bebe
短信(SMS_MOCK 切 mock/real): - integrations/sms.py 重写: real 模式走极光短信 REST /v1/messages 自定义验证码(本服务 secrets 生成 6 位码 + 进程内存 + 本地校验一次性/防爆破), 鉴权复用极光一键登录 JG_APP_KEY/MASTER_SECRET (同一极光应用, 上线只需 SMS_MOCK=false); mock 仍"任意6位通过"不动其余测试 - 防刷四层: 单号冷却 + 单号每日上限 + 单IP rate_limit(/sms/send 10/min、/sms/login 20/min) + 单码失败次数作废; SmsError 带 status_code 映射 429/503/400 - config 增 SMS_SEND_ENDPOINT/SIGN_ID/TEMPLATE_ID/CODE_LENGTH/DAILY_LIMIT/MAX_VERIFY_ATTEMPTS; test_auth 加 real 模式单测; sms.md/后端技术实现/待办账本同步 admin 后台(app/admin/ 独立子应用, uvicorn app.admin.main:admin_app :8771): - 复用主仓 models/repositories/integrations + 同库, 鉴权完全隔离(ADMIN_JWT_SECRET≠JWT_SECRET_KEY + payload typ=admin + bcrypt 密码 + 可选 IP 白名单); 主 app 不 import 本包, admin 崩不影响主进程 - 路由: 登录 / 账号管理(RBAC: super_admin·finance·operator) / 用户列表+360详情+封禁+手动调币 / 钱包流水 / 提现重试对账 / 反馈工单 / 数据大盘; 全写操作落 admin_audit_log(涉钱与业务写同事务) - 涉钱逻辑(调微信/退款/对账)复用 app.repositories.wallet 不重写 - 新增 models/admin.py(AdminUser/AdminAuditLog) + admin_tables 迁移 + create_admin.py + deploy/shaguabijia-admin.service; 依赖加 bcrypt Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
81 lines
2.5 KiB
Python
81 lines
2.5 KiB
Python
"""Admin 后台 FastAPI app(独立进程)。
|
|
|
|
启动:uvicorn app.admin.main:admin_app --host 127.0.0.1 --port 8771
|
|
复用 App 的 DB/models/repositories/integrations;鉴权独立(admin JWT,见 app/admin/security.py)。
|
|
现有 app.main:app 不 import 本模块,两进程互不影响。
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import logging
|
|
from collections.abc import AsyncIterator
|
|
from contextlib import asynccontextmanager
|
|
|
|
from fastapi import FastAPI
|
|
from fastapi.middleware.cors import CORSMiddleware
|
|
|
|
from app.admin.routers.admins import router as admins_router
|
|
from app.admin.routers.audit import router as audit_router
|
|
from app.admin.routers.auth import router as auth_router
|
|
from app.admin.routers.dashboard import router as dashboard_router
|
|
from app.admin.routers.feedback import router as feedback_router
|
|
from app.admin.routers.users import router as users_router
|
|
from app.admin.routers.wallet import router as wallet_router
|
|
from app.admin.routers.withdraw import router as withdraw_router
|
|
from app.core.config import settings
|
|
from app.core.logging import setup_logging
|
|
|
|
setup_logging(debug=settings.APP_DEBUG)
|
|
logger = logging.getLogger("shagua.admin")
|
|
|
|
|
|
@asynccontextmanager
|
|
async def lifespan(_: FastAPI) -> AsyncIterator[None]:
|
|
logger.info(
|
|
"admin app started env=%s db=%s",
|
|
settings.APP_ENV,
|
|
settings.DATABASE_URL.split("://", 1)[0],
|
|
)
|
|
yield
|
|
logger.info("admin app shutting down")
|
|
|
|
|
|
admin_app = FastAPI(
|
|
title=f"{settings.APP_NAME} · Admin",
|
|
version="0.1.0",
|
|
docs_url="/admin/docs" if not settings.is_prod else None,
|
|
redoc_url=None,
|
|
lifespan=lifespan,
|
|
)
|
|
|
|
# admin 前端独立部署。生产同域(nginx)无需 CORS;本地 next dev 跨域需放行开发源。
|
|
_dev_origins = [
|
|
"http://localhost:3001",
|
|
"http://127.0.0.1:3001",
|
|
"http://localhost:3000",
|
|
"http://127.0.0.1:3000",
|
|
]
|
|
_origins = settings.cors_origins_list or ([] if settings.is_prod else _dev_origins)
|
|
if _origins:
|
|
admin_app.add_middleware(
|
|
CORSMiddleware,
|
|
allow_origins=_origins,
|
|
allow_credentials=True,
|
|
allow_methods=["*"],
|
|
allow_headers=["*"],
|
|
)
|
|
|
|
|
|
@admin_app.get("/admin/api/health", tags=["meta"])
|
|
def health() -> dict[str, str]:
|
|
return {"status": "ok", "service": "admin"}
|
|
|
|
|
|
admin_app.include_router(auth_router)
|
|
admin_app.include_router(dashboard_router)
|
|
admin_app.include_router(users_router)
|
|
admin_app.include_router(wallet_router)
|
|
admin_app.include_router(withdraw_router)
|
|
admin_app.include_router(feedback_router)
|
|
admin_app.include_router(admins_router)
|
|
admin_app.include_router(audit_router)
|