b50495bebe
短信(SMS_MOCK 切 mock/real): - integrations/sms.py 重写: real 模式走极光短信 REST /v1/messages 自定义验证码(本服务 secrets 生成 6 位码 + 进程内存 + 本地校验一次性/防爆破), 鉴权复用极光一键登录 JG_APP_KEY/MASTER_SECRET (同一极光应用, 上线只需 SMS_MOCK=false); mock 仍"任意6位通过"不动其余测试 - 防刷四层: 单号冷却 + 单号每日上限 + 单IP rate_limit(/sms/send 10/min、/sms/login 20/min) + 单码失败次数作废; SmsError 带 status_code 映射 429/503/400 - config 增 SMS_SEND_ENDPOINT/SIGN_ID/TEMPLATE_ID/CODE_LENGTH/DAILY_LIMIT/MAX_VERIFY_ATTEMPTS; test_auth 加 real 模式单测; sms.md/后端技术实现/待办账本同步 admin 后台(app/admin/ 独立子应用, uvicorn app.admin.main:admin_app :8771): - 复用主仓 models/repositories/integrations + 同库, 鉴权完全隔离(ADMIN_JWT_SECRET≠JWT_SECRET_KEY + payload typ=admin + bcrypt 密码 + 可选 IP 白名单); 主 app 不 import 本包, admin 崩不影响主进程 - 路由: 登录 / 账号管理(RBAC: super_admin·finance·operator) / 用户列表+360详情+封禁+手动调币 / 钱包流水 / 提现重试对账 / 反馈工单 / 数据大盘; 全写操作落 admin_audit_log(涉钱与业务写同事务) - 涉钱逻辑(调微信/退款/对账)复用 app.repositories.wallet 不重写 - 新增 models/admin.py(AdminUser/AdminAuditLog) + admin_tables 迁移 + create_admin.py + deploy/shaguabijia-admin.service; 依赖加 bcrypt Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
112 lines
4.4 KiB
Python
112 lines
4.4 KiB
Python
"""admin 用户管理:列表 + 360 详情(读)+ 封禁/解封 + 手动调金币(写,带审计)。"""
|
|
from __future__ import annotations
|
|
|
|
from typing import Annotated
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query, Request
|
|
|
|
from app.admin.audit import write_audit
|
|
from app.admin.deps import AdminDb, get_client_ip, get_current_admin, require_role
|
|
from app.admin.repositories import mutations, queries
|
|
from app.admin.schemas.common import CursorPage, OkResponse
|
|
from app.admin.schemas.user import (
|
|
AdminUserListItem,
|
|
AdminUserOverview,
|
|
GrantCoinsRequest,
|
|
SetUserStatusRequest,
|
|
)
|
|
from app.models.admin import AdminUser
|
|
from app.repositories import user as user_repo
|
|
from app.repositories import wallet as wallet_repo
|
|
|
|
router = APIRouter(
|
|
prefix="/admin/api/users",
|
|
tags=["admin-users"],
|
|
dependencies=[Depends(get_current_admin)],
|
|
)
|
|
|
|
|
|
@router.get("", response_model=CursorPage[AdminUserListItem], summary="用户列表(筛选+分页)")
|
|
def list_users(
|
|
db: AdminDb,
|
|
phone: Annotated[str | None, Query()] = None,
|
|
register_channel: Annotated[str | None, Query()] = None,
|
|
status: Annotated[str | None, Query()] = None,
|
|
limit: Annotated[int, Query(ge=1, le=100)] = 20,
|
|
cursor: Annotated[int | None, Query()] = None,
|
|
) -> CursorPage[AdminUserListItem]:
|
|
items, next_cursor = queries.list_users(
|
|
db, phone=phone, register_channel=register_channel, status=status,
|
|
limit=limit, cursor=cursor,
|
|
)
|
|
return CursorPage(
|
|
items=[AdminUserListItem.model_validate(u) for u in items],
|
|
next_cursor=next_cursor,
|
|
)
|
|
|
|
|
|
@router.get("/{user_id}", response_model=AdminUserOverview, summary="用户 360 详情")
|
|
def get_user(user_id: int, db: AdminDb) -> AdminUserOverview:
|
|
overview = queries.get_user_overview(db, user_id)
|
|
if overview is None:
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
return AdminUserOverview.model_validate(overview)
|
|
|
|
|
|
@router.post("/{user_id}/status", response_model=OkResponse, summary="封禁/解封用户")
|
|
def set_user_status(
|
|
user_id: int,
|
|
body: SetUserStatusRequest,
|
|
request: Request,
|
|
admin: Annotated[AdminUser, Depends(require_role("operator"))],
|
|
db: AdminDb,
|
|
) -> OkResponse:
|
|
user = user_repo.get_user_by_id(db, user_id)
|
|
if user is None:
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
if user.status == "deleted":
|
|
raise HTTPException(status_code=400, detail="已注销账号不可改状态")
|
|
before = user.status
|
|
# 业务写 + 审计写同一事务(commit=False),最后一起 commit:改了就有痕、有痕就真改了
|
|
mutations.set_user_status(db, user, status=body.status, commit=False)
|
|
write_audit(
|
|
db, admin, action="user.status.set", target_type="user", target_id=user_id,
|
|
detail={"before": before, "after": body.status}, ip=get_client_ip(request), commit=False,
|
|
)
|
|
db.commit()
|
|
return OkResponse()
|
|
|
|
|
|
@router.post("/{user_id}/coins", response_model=OkResponse, summary="手动增减金币(带审计)")
|
|
def grant_user_coins(
|
|
user_id: int,
|
|
body: GrantCoinsRequest,
|
|
request: Request,
|
|
admin: Annotated[AdminUser, Depends(require_role("finance"))],
|
|
db: AdminDb,
|
|
) -> OkResponse:
|
|
if body.amount == 0:
|
|
raise HTTPException(status_code=400, detail="amount 不能为 0")
|
|
user = user_repo.get_user_by_id(db, user_id)
|
|
if user is None:
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
# 负数扣减时不允许扣成负余额(运营误操作保护)
|
|
if body.amount < 0:
|
|
acc_now = wallet_repo.get_or_create_account(db, user_id, commit=False)
|
|
if acc_now.coin_balance + body.amount < 0:
|
|
raise HTTPException(
|
|
status_code=400, detail=f"扣减后金币为负(当前余额 {acc_now.coin_balance})"
|
|
)
|
|
biz_type = "admin_grant" if body.amount > 0 else "admin_deduct"
|
|
# grant_coins 只 flush 不 commit;审计同 commit=False;最后一起 commit → 原子(改钱+留痕)
|
|
acc, _ = wallet_repo.grant_coins(
|
|
db, user_id, body.amount, biz_type=biz_type, remark=f"admin:{body.reason}"[:128],
|
|
)
|
|
write_audit(
|
|
db, admin, action="user.coins.grant", target_type="user", target_id=user_id,
|
|
detail={"amount": body.amount, "balance_after": acc.coin_balance, "reason": body.reason},
|
|
ip=get_client_ip(request), commit=False,
|
|
)
|
|
db.commit()
|
|
return OkResponse()
|