Merge remote-tracking branch 'origin/master'

# Conflicts:
#	backend/.env.example
#	backend/app/admin/service/auth_service.py
#	backend/core/conf.py
#	deploy/backend/docker-compose/.env.server

Author: RanY-Luck

backend/.env.example

@@ -15,23 +15,19 @@ REDIS_DATABASE=0
 TOKEN_SECRET_KEY='1VkVF75nsNABBjK_7-qz7GtzNy3AMvktc9TCPwKczCk'
 # Opera Log
 OPERA_LOG_ENCRYPT_SECRET_KEY='d77b25790a804c2b4a339dd0207941e4cefa5751935a33735bc73bb7071a005b'
-# App Admin
-# OAuth2
-OAUTH2_GITHUB_CLIENT_ID='test'
-OAUTH2_GITHUB_CLIENT_SECRET='test'
-OAUTH2_LINUX_DO_CLIENT_ID='test'
-OAUTH2_LINUX_DO_CLIENT_SECRET='test'
-# App Task
+# [ App ] task
 # Celery
 CELERY_BROKER_REDIS_DATABASE=1
 # Rabbitmq
 CELERY_RABBITMQ_HOST='127.0.0.1'
 CELERY_RABBITMQ_PORT=5672
 CELERY_RABBITMQ_USERNAME='guest'
 CELERY_RABBITMQ_PASSWORD='guest'
-# SMS
-TENCENTCLOUD_SECRET_ID='' # 腾讯云密钥ID
-TENCENTCLOUD_SECRET_KEY='' # 腾讯云密钥KEY
-SMS_LOGIN_TEMPLATE_ID='' # 短信登录模板ID
-SMS_SIGN_NAME='' # 短信签名
-SMS_SDK_APP_ID='' # 短信应用ID
+# [ Plugin ] oauth2
+OAUTH2_GITHUB_CLIENT_ID='test'
+OAUTH2_GITHUB_CLIENT_SECRET='test'
+OAUTH2_LINUX_DO_CLIENT_ID='test'
+OAUTH2_LINUX_DO_CLIENT_SECRET='test'
+# [ Plugin ] email
+EMAIL_USERNAME=''
+EMAIL_PASSWORD=''

backend/app/admin/service/auth_service.py

@@ -9,7 +9,7 @@
 from backend.app.admin.crud.crud_user import user_dao
 from backend.app.admin.model import User
 from backend.app.admin.schema.token import GetLoginToken, GetNewToken
-from backend.app.admin.schema.user import AuthLoginParam, SmsLoginParam
+from backend.app.admin.schema.user import AuthLoginParam
 from backend.app.admin.service.login_log_service import login_log_service
 from backend.common.enums import LoginLogStatusType
 from backend.common.exception import errors
@@ -163,108 +163,6 @@ async def login(
                 )
                 return data
 
-    async def login_by_sms(
-        self, *, request: Request, response: Response, obj: SmsLoginParam, background_tasks: BackgroundTasks
-    ) -> GetLoginToken:
-        """
-        短信验证码登录
-
-        :param request: 请求对象
-        :param response: 响应对象
-        :param obj: 短信登录参数
-        :param background_tasks: 后台任务
-        :return:
-        """
-        async with async_db_session.begin() as db:
-            user = None
-            try:
-                # 从Redis获取验证码
-                sms_code = await redis_client.get(f'{settings.SMS_LOGIN_REDIS_PREFIX}:{obj.phone}')
-                if not sms_code:
-                    raise errors.RequestError(msg='验证码失效，请重新获取')
-                if sms_code != obj.code:
-                    raise errors.CustomError(error=CustomErrorCode.CAPTCHA_ERROR, msg='验证码错误')
-
-                # 验证码正确，删除Redis中的验证码
-                await redis_client.delete(f'{settings.SMS_LOGIN_REDIS_PREFIX}:{obj.phone}')
-
-                # 根据手机号获取用户
-                user = await user_dao.get_by_phone(db, obj.phone)
-                if not user:
-                    raise errors.NotFoundError(msg='该手机号未注册')
-
-                if not user.status:
-                    raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员')
-
-                # 更新登录时间
-                await user_dao.update_login_time(db, user.username)
-                await db.refresh(user)
-
-                # 创建访问令牌
-                access_token = await create_access_token(
-                    user.id,
-                    user.is_multi_login,
-                    # extra info
-                    username=user.username,
-                    nickname=user.nickname,
-                    last_login_time=timezone.to_str(user.last_login_time),
-                    ip=request.state.ip,
-                    os=request.state.os,
-                    browser=request.state.browser,
-                    device=request.state.device,
-                )
-
-                # 创建刷新令牌
-                refresh_token = await create_refresh_token(access_token.session_uuid, user.id, user.is_multi_login)
-                response.set_cookie(
-                    key=settings.COOKIE_REFRESH_TOKEN_KEY,
-                    value=refresh_token.refresh_token,
-                    max_age=settings.COOKIE_REFRESH_TOKEN_EXPIRE_SECONDS,
-                    expires=timezone.to_utc(refresh_token.refresh_token_expire_time),
-                    httponly=True,
-                )
-            except errors.NotFoundError as e:
-                log.error(f'短信登录错误: {e.msg}')
-                raise errors.NotFoundError(msg=e.msg)
-            except (errors.RequestError, errors.CustomError) as e:
-                log.error(f'短信登录错误: {e.msg}')
-                task = BackgroundTask(
-                    login_log_service.create,
-                    **dict(
-                        db=db,
-                        request=request,
-                        user_uuid=user.uuid if user else uuid4_str(),
-                        username=user.username if user else obj.phone,
-                        login_time=timezone.now(),
-                        status=LoginLogStatusType.fail.value,
-                        msg=e.msg,
-                    ),
-                )
-                raise errors.RequestError(msg=e.msg, background=task)
-            except Exception as e:
-                log.error(f'短信登录错误: {e}')
-                raise e
-            else:
-                background_tasks.add_task(
-                    login_log_service.create,
-                    **dict(
-                        db=db,
-                        request=request,
-                        user_uuid=user.uuid,
-                        username=user.username,
-                        login_time=timezone.now(),
-                        status=LoginLogStatusType.success.value,
-                        msg='短信验证码登录成功',
-                    ),
-                )
-                data = GetLoginToken(
-                    access_token=access_token.access_token,
-                    access_token_expire_time=access_token.access_token_expire_time,
-                    session_uuid=access_token.session_uuid,
-                    user=user,  # type: ignore
-                )
-                return data
-
     @staticmethod
     async def get_codes(*, request: Request) -> list[str]:
         """

backend/core/conf.py

@@ -7,7 +7,6 @@
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
 from backend.core.path_conf import BASE_PATH
-import os
 
 
 class Settings(BaseSettings):
@@ -20,27 +19,8 @@ class Settings(BaseSettings):
         case_sensitive=True,
     )
 
-    # .env 环境
-    ENVIRONMENT: Literal['dev', 'pro']
-
-    # .env 数据库
-    DATABASE_TYPE: Literal['mysql', 'postgresql']
-    DATABASE_HOST: str
-    DATABASE_PORT: int
-    DATABASE_USER: str
-    DATABASE_PASSWORD: str
-
-    # .env Redis
-    REDIS_HOST: str
-    REDIS_PORT: int
-    REDIS_PASSWORD: str
-    REDIS_DATABASE: int
-
-    # .env Token
-    TOKEN_SECRET_KEY: str  # 密钥 secrets.token_urlsafe(32)
-
-    # .env 操作日志加密密钥
-    OPERA_LOG_ENCRYPT_SECRET_KEY: str  # 密钥 os.urandom(32), 需使用 bytes.hex() 方法转换为 str
+    # .env 当前环境
+    ENVIRONMENT: Literal['dev', 'prod']
 
     # FastAPI
     FASTAPI_API_V1_PATH: str = '/api/v1'
@@ -52,15 +32,31 @@ class Settings(BaseSettings):
     FASTAPI_OPENAPI_URL: str | None = '/openapi'
     FASTAPI_STATIC_FILES: bool = True
 
+    # .env 数据库
+    DATABASE_TYPE: Literal['mysql', 'postgresql']
+    DATABASE_HOST: str
+    DATABASE_PORT: int
+    DATABASE_USER: str
+    DATABASE_PASSWORD: str
+
     # 数据库
     DATABASE_ECHO: bool | Literal['debug'] = False
     DATABASE_POOL_ECHO: bool | Literal['debug'] = False
     DATABASE_SCHEMA: str = 'fba'
     DATABASE_CHARSET: str = 'utf8mb4'
 
+    # .env Redis
+    REDIS_HOST: str
+    REDIS_PORT: int
+    REDIS_PASSWORD: str
+    REDIS_DATABASE: int
+
     # Redis
     REDIS_TIMEOUT: int = 5
 
+    # .env Token
+    TOKEN_SECRET_KEY: str  # 密钥 secrets.token_urlsafe(32)
+
     # Token
     TOKEN_ALGORITHM: str = 'HS256'
     TOKEN_EXPIRE_SECONDS: int = 60 * 60 * 24  # 1 天
@@ -90,7 +86,11 @@ class Settings(BaseSettings):
     COOKIE_REFRESH_TOKEN_KEY: str = 'fba_refresh_token'
     COOKIE_REFRESH_TOKEN_EXPIRE_SECONDS: int = 60 * 60 * 24 * 7  # 7 天
 
-    # 数据权限配置
+    # 验证码
+    CAPTCHA_LOGIN_REDIS_PREFIX: str = 'fba:login:captcha'
+    CAPTCHA_LOGIN_EXPIRE_SECONDS: int = 60 * 5  # 3 分钟
+
+    # 数据权限
     DATA_PERMISSION_MODELS: dict[str, str] = {  # 允许进行数据过滤的 SQLA 模型，它必须以模块字符串的方式定义
         '部门': 'backend.app.admin.model.Dept',
     }
@@ -163,6 +163,9 @@ class Settings(BaseSettings):
     LOG_ACCESS_FILENAME: str = 'fba_access.log'
     LOG_ERROR_FILENAME: str = 'fba_error.log'
 
+    # .env 操作日志
+    OPERA_LOG_ENCRYPT_SECRET_KEY: str  # 密钥 os.urandom(32), 需使用 bytes.hex() 方法转换为 str
+
     # 操作日志
     OPERA_LOG_PATH_EXCLUDE: list[str] = [
         '/favicon.ico',
@@ -188,30 +191,12 @@ class Settings(BaseSettings):
     PLUGIN_PIP_INDEX_URL: str = 'https://mirrors.aliyun.com/pypi/simple/'
     PLUGIN_REDIS_PREFIX: str = 'fba:plugin'
 
-    # App Admin
-    # .env OAuth2
-    OAUTH2_GITHUB_CLIENT_ID: str
-    OAUTH2_GITHUB_CLIENT_SECRET: str
-    OAUTH2_LINUX_DO_CLIENT_ID: str
-    OAUTH2_LINUX_DO_CLIENT_SECRET: str
+    # I18n 配置
+    I18N_DEFAULT_LANGUAGE: str = 'zh-CN'
 
-    # OAuth2
-    OAUTH2_FRONTEND_REDIRECT_URI: str = 'http://localhost:5173/oauth2/callback'
-
-    # 验证码
-    CAPTCHA_LOGIN_REDIS_PREFIX: str = 'fba:login:captcha'
-    CAPTCHA_LOGIN_EXPIRE_SECONDS: int = 60 * 5  # 3 分钟
-
-    # 短信验证码
-    TENCENTCLOUD_SECRET_ID: str
-    TENCENTCLOUD_SECRET_KEY: str
-    SMS_LOGIN_REDIS_PREFIX: str = "fba:sms:login"
-    SMS_LOGIN_EXPIRE_SECONDS: int = 300  # 短信验证码有效期，5分钟
-    SMS_LOGIN_TEMPLATE_ID: str  # 短信登录模板ID
-    SMS_SIGN_NAME: str  # 短信签名
-    SMS_SDK_APP_ID: str  # 短信应用ID
-
-    # App Task
+    ##################################################
+    # [ App ] task
+    ##################################################
     # .env Redis
     CELERY_BROKER_REDIS_DATABASE: int
 
@@ -227,18 +212,47 @@ class Settings(BaseSettings):
     CELERY_REDIS_PREFIX: str = 'fba:celery'
     CELERY_TASK_MAX_RETRIES: int = 5
 
-    # Plugin Code Generator
+    ##################################################
+    # [ Plugin ] code_generator
+    ##################################################
     CODE_GENERATOR_DOWNLOAD_ZIP_FILENAME: str = 'fba_generator'
 
+    ##################################################
+    # [ Plugin ] oauth2
+    ##################################################
+    # .env
+    OAUTH2_GITHUB_CLIENT_ID: str
+    OAUTH2_GITHUB_CLIENT_SECRET: str
+    OAUTH2_LINUX_DO_CLIENT_ID: str
+    OAUTH2_LINUX_DO_CLIENT_SECRET: str
+
+    # 基础配置
+    OAUTH2_FRONTEND_REDIRECT_URI: str = 'http://localhost:5173/oauth2/callback'
+
+    ##################################################
+    # [ Plugin ] email
+    ##################################################
+    # .env
+    EMAIL_USERNAME: str
+    EMAIL_PASSWORD: str
+
+    # 基础配置
+    EMAIL_HOST: str = 'smtp.qq.com'
+    EMAIL_PORT: int = 465
+    EMAIL_SSL: bool = True
+    EMAIL_CAPTCHA_REDIS_PREFIX: str = 'fba:email:captcha'
+    EMAIL_CAPTCHA_EXPIRE_SECONDS: int = 60 * 3  # 3 分钟
+
     @model_validator(mode='before')
     @classmethod
     def check_env(cls, values: Any) -> Any:
         """检查环境变量"""
-        if values.get('ENVIRONMENT') == 'pro':
+        if values.get('ENVIRONMENT') == 'prod':
             # FastAPI
             values['FASTAPI_OPENAPI_URL'] = None
             values['FASTAPI_STATIC_FILES'] = False
-            # Task
+
+            # task
             values['CELERY_BROKER'] = 'rabbitmq'
 
         return values

deploy/backend/docker-compose/.env.server

@@ -15,23 +15,19 @@ REDIS_DATABASE=0
 TOKEN_SECRET_KEY='1VkVF75nsNABBjK_7-qz7GtzNy3AMvktc9TCPwKczCk'
 # Opera Log
 OPERA_LOG_ENCRYPT_SECRET_KEY='d77b25790a804c2b4a339dd0207941e4cefa5751935a33735bc73bb7071a005b'
-# Admin
-# OAuth2
-OAUTH2_GITHUB_CLIENT_ID='test'
-OAUTH2_GITHUB_CLIENT_SECRET='test'
-OAUTH2_LINUX_DO_CLIENT_ID='test'
-OAUTH2_LINUX_DO_CLIENT_SECRET='test'
-# Task
+# [ App ] task
 # Celery
 CELERY_BROKER_REDIS_DATABASE=1
 # Rabbitmq
 CELERY_RABBITMQ_HOST='fba_rabbitmq'
 CELERY_RABBITMQ_PORT=5672
 CELERY_RABBITMQ_USERNAME='guest'
 CELERY_RABBITMQ_PASSWORD='guest'
-# SMS
-TENCENTCLOUD_SECRET_ID=''
-TENCENTCLOUD_SECRET_KEY=''
-SMS_LOGIN_TEMPLATE_ID='' # 短信登录模板ID
-SMS_SIGN_NAME='' # 短信签名
-SMS_SDK_APP_ID='' # 短信应用ID
+# [ Plugin ] oauth2
+OAUTH2_GITHUB_CLIENT_ID='test'
+OAUTH2_GITHUB_CLIENT_SECRET='test'
+OAUTH2_LINUX_DO_CLIENT_ID='test'
+OAUTH2_LINUX_DO_CLIENT_SECRET='test'
+# [ Plugin ] email
+EMAIL_USERNAME=''
+EMAIL_PASSWORD=''