1. crud/users.py
# 根据 Token 查询用户:验证 Token -> 查询用户
async def get_user_by_token(db: AsyncSession, token: str):
query = select(UserToken).where(UserToken.token == token)
result = await db.execute(query)
db_token = result.scalar_one_or_none()
if not db_token or db_token.expires_at < datetime.now():
return None
query = select(User).where(User.id == db_token.user_id)
result = await db.execute(query)
return result.scalar_one_or_none()
2. utils/auth.py
from fastapi import Header, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from starlette import status
from config.db_confing import get_db
from crud import users
# 整合 根据 Token 查询用户,返回用户
async def get_current_user(
authorization: str = Header(..., alias="Authorization"),
db: AsyncSession = Depends(get_db)
):
# Bearer xxxxx
# token = authorization.split(" ")[1]
token = authorization.replace("Bearer ", "")
user = await users.get_user_by_token(db, token)
if not user:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="无效的令牌或已经过期的令牌")
return user
3. routers/users.py
# 查 Token 查用户 -> 封装 crud -> 功能整合成一个工具函数 -> 路由导入使用:依赖注入
@router.get("/info")
async def get_user_info(user: User = Depends(get_current_user)):
return success_response(
message="获取用户信息成功",
data=UserInfoResponse.model_validate(user)
)