♻️ refactor(users): 重构用户模块使用服务层

- 将用户相关数据库操作迁移至UserService类
- 在路由层使用服务类方法替代直接CRUD操作
- 添加用户密码更新、删除等业务逻辑的集中处理
- 统一异常处理流程使用try/catch块

♻️ refactor(items): 重构项目模块模型方法

- 在Item模型添加CRUD类方法
- 实现项目查询的分页和权限检查逻辑
- 分离数据库操作到模型层方法

✨ feat(service): 添加用户和项目服务层

- 创建UserService处理用户相关业务逻辑
- 创建ItemService处理项目CRUD操作
- 实现完整的权限验证流程
- 添加服务层的单元测试支持

♻️ refactor(models): 调整模型文件结构

- 拆分原models模块为独立model包
- 将User和Item模型移至对应子模块
- 更新所有相关模块的导入路径
- 添加模型间的关联关系定义

♻️ refactor(tests): 更新测试用例依赖

- 调整测试用例使用新的模型导入路径
- 重构测试工具函数使用服务层
- 保持测试覆盖率不变的情况下优化测试结构

Author: lucien277

backend/app/api/routes/users.py

@@ -4,27 +4,27 @@
 from fastapi import APIRouter, Depends, HTTPException
 from sqlmodel import col, delete, func, select
 
-from app import crud
+from app.service.user_service import UserService
 from app.api.deps import (
     CurrentUser,
     SessionDep,
     get_current_active_superuser,
 )
 from app.core.config import settings
 from app.core.security import get_password_hash, verify_password
-from app.models import (
-    Item,
-    Message,
+from app.models import Message
+from app.utils import generate_new_account_email, send_email
+from app.model.users import (
     UpdatePassword,
     User,
     UserCreate,
     UserPublic,
     UserRegister,
-    UsersPublic,
     UserUpdate,
     UserUpdateMe,
+    UsersPublic,
 )
-from app.utils import generate_new_account_email, send_email
+from app.model.items import Item
 
 router = APIRouter(prefix="/users", tags=["users"])
 
@@ -38,14 +38,9 @@ def read_users(session: SessionDep, skip: int = 0, limit: int = 100) -> Any:
     """
     Retrieve users.
     """
-
-    count_statement = select(func.count()).select_from(User)
-    count = session.exec(count_statement).one()
-
-    statement = select(User).offset(skip).limit(limit)
-    users = session.exec(statement).all()
-
-    return UsersPublic(data=users, count=count)
+    user_service = UserService(session)
+    result = user_service.get_users(skip=skip, limit=limit)
+    return UsersPublic(data=result["data"], count=result["count"])
 
 
 @router.post(
@@ -55,14 +50,15 @@ def create_user(*, session: SessionDep, user_in: UserCreate) -> Any:
     """
     Create new user.
     """
-    user = crud.get_user_by_email(session=session, email=user_in.email)
+    user_service = UserService(session)
+    user = user_service.get_user_by_email(email=user_in.email)
     if user:
         raise HTTPException(
             status_code=400,
             detail="The user with this email already exists in the system.",
         )
 
-    user = crud.create_user(session=session, user_create=user_in)
+    user = user_service.create_user(user_in)
     if settings.emails_enabled and user_in.email:
         email_data = generate_new_account_email(
             email_to=user_in.email, username=user_in.email, password=user_in.password
@@ -82,19 +78,11 @@ def update_user_me(
     """
     Update own user.
     """
-
-    if user_in.email:
-        existing_user = crud.get_user_by_email(session=session, email=user_in.email)
-        if existing_user and existing_user.id != current_user.id:
-            raise HTTPException(
-                status_code=409, detail="User with this email already exists"
-            )
-    user_data = user_in.model_dump(exclude_unset=True)
-    current_user.sqlmodel_update(user_data)
-    session.add(current_user)
-    session.commit()
-    session.refresh(current_user)
-    return current_user
+    user_service = UserService(session)
+    try:
+        return user_service.update_user_me(current_user, user_in)
+    except ValueError as e:
+        raise HTTPException(status_code=409, detail=str(e))
 
 
 @router.patch("/me/password", response_model=Message)
@@ -104,18 +92,16 @@ def update_password_me(
     """
     Update own password.
     """
-    if not verify_password(body.current_password, current_user.hashed_password):
-        raise HTTPException(status_code=400, detail="Incorrect password")
-    if body.current_password == body.new_password:
-        raise HTTPException(
-            status_code=400, detail="New password cannot be the same as the current one"
+    user_service = UserService(session)
+    try:
+        user_service.update_password(
+            current_user,
+            body.current_password,
+            body.new_password
         )
-    hashed_password = get_password_hash(body.new_password)
-    current_user.hashed_password = hashed_password
-    session.add(current_user)
-    session.commit()
-    return Message(message="Password updated successfully")
-
+        return Message(message="Password updated successfully")
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
 
 @router.get("/me", response_model=UserPublic)
 def read_user_me(current_user: CurrentUser) -> Any:
@@ -130,30 +116,33 @@ def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
     """
     Delete own user.
     """
-    if current_user.is_superuser:
-        raise HTTPException(
-            status_code=403, detail="Super users are not allowed to delete themselves"
+
+    user_service = UserService(session)
+    try:
+        user_service.delete_user(
+            str(current_user.id),
+            str(current_user.id),
+            current_user.is_superuser
         )
-    statement = delete(Item).where(col(Item.owner_id) == current_user.id)
-    session.exec(statement)  # type: ignore
-    session.delete(current_user)
-    session.commit()
-    return Message(message="User deleted successfully")
+        return Message(message="User deleted successfully")
+    except ValueError as e:
+        raise HTTPException(status_code=403, detail=str(e))
 
 
 @router.post("/signup", response_model=UserPublic)
 def register_user(session: SessionDep, user_in: UserRegister) -> Any:
     """
     Create new user without the need to be logged in.
     """
-    user = crud.get_user_by_email(session=session, email=user_in.email)
+    user_service = UserService(session)
+    user = user_service.get_user_by_email(email=user_in.email)
     if user:
         raise HTTPException(
             status_code=400,
             detail="The user with this email already exists in the system",
         )
     user_create = UserCreate.model_validate(user_in)
-    user = crud.create_user(session=session, user_create=user_create)
+    user = user_service.create_user(user_create)
     return user
 
 
@@ -164,7 +153,10 @@ def read_user_by_id(
     """
     Get a specific user by id.
     """
-    user = session.get(User, user_id)
+    user_service = UserService(session)
+    user = user_service.get_user_by_id(str(user_id))
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
     if user == current_user:
         return user
     if not current_user.is_superuser:
@@ -189,22 +181,14 @@ def update_user(
     """
     Update a user.
     """
-
-    db_user = session.get(User, user_id)
+    user_service = UserService(session)
+    db_user = user_service.get_user_by_id(str(user_id))
     if not db_user:
         raise HTTPException(
             status_code=404,
             detail="The user with this id does not exist in the system",
         )
-    if user_in.email:
-        existing_user = crud.get_user_by_email(session=session, email=user_in.email)
-        if existing_user and existing_user.id != user_id:
-            raise HTTPException(
-                status_code=409, detail="User with this email already exists"
-            )
-
-    db_user = crud.update_user(session=session, db_user=db_user, user_in=user_in)
-    return db_user
+    return user_service.update_user(db_user=db_user, user_in=user_in)
 
 
 @router.delete("/{user_id}", dependencies=[Depends(get_current_active_superuser)])
@@ -214,15 +198,13 @@ def delete_user(
     """
     Delete a user.
     """
-    user = session.get(User, user_id)
-    if not user:
-        raise HTTPException(status_code=404, detail="User not found")
-    if user == current_user:
-        raise HTTPException(
-            status_code=403, detail="Super users are not allowed to delete themselves"
+    user_service = UserService(session)
+    try:
+        user_service.delete_user(
+            str(user_id),
+            str(current_user.id),
+            current_user.is_superuser
         )
-    statement = delete(Item).where(col(Item.owner_id) == user_id)
-    session.exec(statement)  # type: ignore
-    session.delete(user)
-    session.commit()
-    return Message(message="User deleted successfully")
+        return Message(message="User deleted successfully")
+    except ValueError as e:
+        raise HTTPException(status_code=403, detail=str(e))

backend/app/model/items.py

@@ -1,7 +1,11 @@
 import uuid
+from typing import Any
+
+from sqlmodel import Field, Relationship, SQLModel, Session, select, func
+from fastapi import HTTPException
 
 from app.model.users import User
-from sqlmodel import Field, Relationship, SQLModel
+
 
 
 # Shared properties
@@ -19,7 +23,6 @@ class ItemCreate(ItemBase):
 class ItemUpdate(ItemBase):
     title: str | None = Field(default=None, min_length=1, max_length=255)  # type: ignore
 
-
 # Database model, database table inferred from class name
 class Item(ItemBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
@@ -29,6 +32,59 @@ class Item(ItemBase, table=True):
     )
     owner: User | None = Relationship(back_populates="items")
 
+    @classmethod
+    def create(cls, session: Session, item_in: ItemCreate, owner_id: uuid.UUID) -> "Item":
+        db_item = cls.model_validate(item_in, update={"owner_id": owner_id})
+        session.add(db_item)
+        session.commit()
+        session.refresh(db_item)
+        return db_item
+    
+    @classmethod
+    def get_items(
+        cls, session: Session, owner_id: uuid.UUID, is_superuser: bool, skip: int = 0, limit: int = 100
+    ) -> Any:
+        if is_superuser:
+            count_statement = select(func.count()).select_from(cls)
+            count = session.exec(count_statement).one()
+            statement = select(cls).offset(skip).limit(limit)
+            items = session.exec(statement).all()
+        else:
+            count_statement = (
+                select(func.count())
+                .select_from(cls)
+                .where(cls.owner_id == owner_id)
+            )
+            count = session.exec(count_statement).one()
+            statement = (
+                select(cls)
+                .where(cls.owner_id == owner_id)
+                .offset(skip)
+                .limit(limit)
+            )
+            items = session.exec(statement).all()
+        return {"data": items, "count": count}
+
+    @classmethod
+    def get_by_id(cls, session: Session, item_id: uuid.UUID) -> "Item | None":
+        return session.get(cls, item_id)
+
+    @classmethod
+    def update(cls, session: Session, item: "Item", item_in: ItemUpdate) -> "Item":
+        update_dict = item_in.model_dump(exclude_unset=True)
+        item.sqlmodel_update(update_dict)
+        session.add(item)
+        session.commit()
+        session.refresh(item)
+        return item
+
+    @classmethod
+    def delete(cls, session: Session, item_id: uuid.UUID) -> None:
+        item = session.get(cls, item_id)
+        if item:
+            session.delete(item)
+            session.commit()
+
 
 # Properties to return via API, id is always required
 class ItemPublic(ItemBase):

backend/app/model/users.py

@@ -1,18 +1,19 @@
 import uuid
+from typing import Any, Optional
 
 from pydantic import EmailStr
-from sqlmodel import Field, Relationship, SQLModel
+from sqlmodel import Field, Relationship, SQLModel, Session, select, func
+
+from app.core.security import get_password_hash, verify_password
 
 
-# Shared properties
 class UserBase(SQLModel):
     email: EmailStr = Field(unique=True, index=True, max_length=255)
     is_active: bool = True
     is_superuser: bool = False
     full_name: str | None = Field(default=None, max_length=255)
 
 
-# Properties to receive via API on creation
 class UserCreate(UserBase):
     password: str = Field(min_length=8, max_length=40)
 
@@ -38,15 +39,61 @@ class UpdatePassword(SQLModel):
     current_password: str = Field(min_length=8, max_length=40)
     new_password: str = Field(min_length=8, max_length=40)
 
-
-# Database model, database table inferred from class name
 class User(UserBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
     hashed_password: str
     items: list["Item"] = Relationship(back_populates="owner", cascade_delete=True)  # type: ignore
 
+    @classmethod
+    def create(cls, session: Session, user_create: UserCreate) -> "User":
+        db_obj = cls.model_validate(
+            user_create, update={"hashed_password": get_password_hash(user_create.password)}
+        )
+        session.add(db_obj)
+        session.commit()
+        session.refresh(db_obj)
+        return db_obj
+
+    @classmethod
+    def update(cls, session: Session, db_user: "User", user_in: UserUpdate) -> Any:
+        user_data = user_in.model_dump(exclude_unset=True)
+        extra_data = {}
+        if "password" in user_data:
+            password = user_data["password"]
+            hashed_password = get_password_hash(password)
+            extra_data["hashed_password"] = hashed_password
+        db_user.sqlmodel_update(user_data, update=extra_data)
+        session.add(db_user)
+        session.commit()
+        session.refresh(db_user)
+        return db_user
+
+    @classmethod
+    def get_by_email(cls, session: Session, email: str) -> "User | None":
+        statement = select(cls).where(cls.email == email)
+        return session.exec(statement).first()
+
+    @classmethod
+    def get_by_id(cls, session: Session, user_id: str) -> "User | None":
+        statement = select(cls).where(cls.id == uuid.UUID(user_id))
+        return session.exec(statement).first()
+
+    @classmethod
+    def get_users(cls, session: Session, skip: int = 0, limit: int = 100) -> dict:
+        count_statement = select(func.count()).select_from(cls)
+        count = session.exec(count_statement).one()
+        statement = select(cls).offset(skip).limit(limit)
+        users = session.exec(statement).all()
+        return {"data": users, "count": count}
+
+    @classmethod
+    def delete_user(cls, session: Session, user_id: str) -> None:
+        user = cls.get_by_id(session, user_id)
+        if user:
+            session.delete(user)
+            session.commit()
+
 
-# Properties to return via API, id is always required
 class UserPublic(UserBase):
     id: uuid.UUID