♻️ refactor(backend): 重构用户和模块相关代码结构

- 将用户模型和CRUD操作迁移到service层，实现逻辑分离
- 统一使用UserService处理用户认证、密码管理等业务逻辑
- 优化模块导入顺序并清理多余的空格，保持代码风格统一
- 调整模型类文件结构，分离公共模型定义与数据库模型

Author: lucien277

backend/app/api/deps.py

@@ -1,7 +1,8 @@
+import uuid
 from collections.abc import Generator
 from typing import Annotated
 
-import uuid
+
 import jwt
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
@@ -12,8 +13,9 @@
 from app.core import security
 from app.core.config import settings
 from app.core.db import engine
-from app.models import TokenPayload
 from app.model.users import User
+from app.models import TokenPayload
+
 
 reusable_oauth2 = OAuth2PasswordBearer(
     tokenUrl=f"{settings.API_V1_STR}/login/access-token"

backend/app/api/routes/login.py

@@ -5,13 +5,14 @@
 from fastapi.responses import HTMLResponse
 from fastapi.security import OAuth2PasswordRequestForm
 
-from app import crud
 from app.api.deps import CurrentUser, SessionDep, get_current_active_superuser
 from app.core import security
 from app.core.config import settings
 from app.core.security import get_password_hash
+from app.model.users import UserPublic
 from app.models import Message, NewPassword, Token
 from app.model.users import UserPublic
+from app.service.user_service import UserService
 from app.utils import (
     generate_password_reset_token,
     generate_reset_password_email,
@@ -29,8 +30,9 @@ def login_access_token(
     """
     OAuth2 compatible token login, get an access token for future requests
     """
-    user = crud.authenticate(
-        session=session, email=form_data.username, password=form_data.password
+    user_service = UserService(session)
+    user = user_service.authenticate(
+        email=form_data.username, password=form_data.password
     )
     if not user:
         raise HTTPException(status_code=400, detail="Incorrect email or password")
@@ -57,7 +59,8 @@ def recover_password(email: str, session: SessionDep) -> Message:
     """
     Password Recovery
     """
-    user = crud.get_user_by_email(session=session, email=email)
+    user_service = UserService(session)
+    user = user_service.get_user_by_email(email=email)
 
     if not user:
         raise HTTPException(
@@ -84,7 +87,8 @@ def reset_password(session: SessionDep, body: NewPassword) -> Message:
     email = verify_password_reset_token(token=body.token)
     if not email:
         raise HTTPException(status_code=400, detail="Invalid token")
-    user = crud.get_user_by_email(session=session, email=email)
+    user_service = UserService(session)
+    user = user_service.get_user_by_email(email=email)
     if not user:
         raise HTTPException(
             status_code=404,
@@ -108,7 +112,8 @@ def recover_password_html_content(email: str, session: SessionDep) -> Any:
     """
     HTML Content for Password Recovery
     """
-    user = crud.get_user_by_email(session=session, email=email)
+    user_service = UserService(session)
+    user = user_service.get_user_by_email(email=email)
 
     if not user:
         raise HTTPException(

backend/app/api/routes/private.py

@@ -5,10 +5,7 @@
 
 from app.api.deps import SessionDep
 from app.core.security import get_password_hash
-from app.models import (
-    User,
-    UserPublic,
-)
+from app.model.users import User, UserPublic
 
 router = APIRouter(tags=["private"], prefix="/private")
 

backend/app/api/routes/users.py

@@ -2,29 +2,25 @@
 from typing import Any
 
 from fastapi import APIRouter, Depends, HTTPException
-from sqlmodel import col, delete, func, select
 
-from app.service.user_service import UserService
 from app.api.deps import (
     CurrentUser,
     SessionDep,
     get_current_active_superuser,
 )
 from app.core.config import settings
-from app.core.security import get_password_hash, verify_password
-from app.models import Message
-from app.utils import generate_new_account_email, send_email
 from app.model.users import (
     UpdatePassword,
-    User,
     UserCreate,
     UserPublic,
     UserRegister,
+    UsersPublic,
     UserUpdate,
     UserUpdateMe,
-    UsersPublic,
 )
-from app.model.items import Item
+from app.models import Message
+from app.service.user_service import UserService
+from app.utils import generate_new_account_email, send_email
 
 router = APIRouter(prefix="/users", tags=["users"])
 
@@ -95,14 +91,13 @@ def update_password_me(
     user_service = UserService(session)
     try:
         user_service.update_password(
-            current_user,
-            body.current_password,
-            body.new_password
+            current_user, body.current_password, body.new_password
         )
         return Message(message="Password updated successfully")
     except ValueError as e:
         raise HTTPException(status_code=400, detail=str(e))
 
+
 @router.get("/me", response_model=UserPublic)
 def read_user_me(current_user: CurrentUser) -> Any:
     """
@@ -116,13 +111,10 @@ def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
     """
     Delete own user.
     """
-
     user_service = UserService(session)
     try:
         user_service.delete_user(
-            str(current_user.id),
-            str(current_user.id),
-            current_user.is_superuser
+            str(current_user.id), str(current_user.id), current_user.is_superuser
         )
         return Message(message="User deleted successfully")
     except ValueError as e:
@@ -201,9 +193,7 @@ def delete_user(
     user_service = UserService(session)
     try:
         user_service.delete_user(
-            str(user_id),
-            str(current_user.id),
-            current_user.is_superuser
+            str(user_id), str(current_user.id), current_user.is_superuser
         )
         return Message(message="User deleted successfully")
     except ValueError as e:

backend/app/core/db.py

@@ -1,8 +1,9 @@
 from sqlmodel import Session, create_engine, select
 
-from app import crud
+
 from app.core.config import settings
-from app.models import User, UserCreate
+from app.model.users import User, UserCreate
+from app.service.user_service import UserService
 
 engine = create_engine(str(settings.SQLALCHEMY_DATABASE_URI))
 
@@ -30,4 +31,5 @@ def init_db(session: Session) -> None:
             password=settings.FIRST_SUPERUSER_PASSWORD,
             is_superuser=True,
         )
-        user = crud.create_user(session=session, user_create=user_in)
+        user_service = UserService(session)
+        user = user_service.create_user(user_in)

backend/app/model/users.py

@@ -1,10 +1,11 @@
 import uuid
-from typing import Any, Optional
+from typing import Any
 
 from pydantic import EmailStr
-from sqlmodel import Field, Relationship, SQLModel, Session, select, func
+from sqlmodel import Field, Relationship, Session, SQLModel, func, select
 
-from app.core.security import get_password_hash, verify_password
+from app.core.security import get_password_hash
+from app.model.items import Item
 
 
 class UserBase(SQLModel):
@@ -42,12 +43,13 @@ class UpdatePassword(SQLModel):
 class User(UserBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
     hashed_password: str
-    items: list["Item"] = Relationship(back_populates="owner", cascade_delete=True)  # type: ignore
+    items: list["Item"] = Relationship(back_populates="owner", cascade_delete=True)  
 
     @classmethod
     def create(cls, session: Session, user_create: UserCreate) -> "User":
         db_obj = cls.model_validate(
-            user_create, update={"hashed_password": get_password_hash(user_create.password)}
+            user_create,
+            update={"hashed_password": get_password_hash(user_create.password)},
         )
         session.add(db_obj)
         session.commit()

backend/app/models.py

@@ -1,4 +1,96 @@
-from sqlmodel import SQLModel, Field
+import uuid
+
+from pydantic import EmailStr
+from sqlmodel import Field, Relationship, SQLModel
+
+
+# Shared properties
+class UserBase(SQLModel):
+    email: EmailStr = Field(unique=True, index=True, max_length=255)
+    is_active: bool = True
+    is_superuser: bool = False
+    full_name: str | None = Field(default=None, max_length=255)
+
+
+# Properties to receive via API on creation
+class UserCreate(UserBase):
+    password: str = Field(min_length=8, max_length=40)
+
+
+class UserRegister(SQLModel):
+    email: EmailStr = Field(max_length=255)
+    password: str = Field(min_length=8, max_length=40)
+    full_name: str | None = Field(default=None, max_length=255)
+
+
+# Properties to receive via API on update, all are optional
+class UserUpdate(UserBase):
+    email: EmailStr | None = Field(default=None, max_length=255)  # type: ignore
+    password: str | None = Field(default=None, min_length=8, max_length=40)
+
+
+class UserUpdateMe(SQLModel):
+    full_name: str | None = Field(default=None, max_length=255)
+    email: EmailStr | None = Field(default=None, max_length=255)
+
+
+class UpdatePassword(SQLModel):
+    current_password: str = Field(min_length=8, max_length=40)
+    new_password: str = Field(min_length=8, max_length=40)
+
+
+# Database model, database table inferred from class name
+class User(UserBase, table=True):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
+    hashed_password: str
+    items: list["Item"] = Relationship(back_populates="owner", cascade_delete=True)
+
+
+# Properties to return via API, id is always required
+class UserPublic(UserBase):
+    id: uuid.UUID
+
+
+class UsersPublic(SQLModel):
+    data: list[UserPublic]
+    count: int
+
+
+# Shared properties
+class ItemBase(SQLModel):
+    title: str = Field(min_length=1, max_length=255)
+    description: str | None = Field(default=None, max_length=255)
+
+
+# Properties to receive on item creation
+class ItemCreate(ItemBase):
+    pass
+
+
+# Properties to receive on item update
+class ItemUpdate(ItemBase):
+    title: str | None = Field(default=None, min_length=1, max_length=255)  # type: ignore
+
+
+# Database model, database table inferred from class name
+class Item(ItemBase, table=True):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
+    title: str = Field(max_length=255)
+    owner_id: uuid.UUID = Field(
+        foreign_key="user.id", nullable=False, ondelete="CASCADE"
+    )
+    owner: User | None = Relationship(back_populates="items")
+
+
+# Properties to return via API, id is always required
+class ItemPublic(ItemBase):
+    id: uuid.UUID
+    owner_id: uuid.UUID
+
+
+class ItemsPublic(SQLModel):
+    data: list[ItemPublic]
+    count: int
 
 
 # Generic message

backend/app/service/item_service.py

@@ -1,8 +1,8 @@
 import uuid
 from typing import Any
 
-from sqlmodel import Session
 from fastapi import HTTPException
+from sqlmodel import Session
 
 from app.model.items import Item, ItemCreate, ItemUpdate
 from app.models import Message
@@ -22,10 +22,13 @@ def read_items(
             owner_id=owner_id,
             is_superuser=is_superuser,
             skip=skip,
-            limit=limit
+            limit=limit,
         )
 
-    def read_item(self, item_id: uuid.UUID, owner_id: uuid.UUID, is_superuser: bool) -> Any:
+
+    def read_item(
+        self, item_id: uuid.UUID, owner_id: uuid.UUID, is_superuser: bool
+    ) -> Any:
         item = Item.get_by_id(self.session, item_id)
         if not item:
             raise HTTPException(status_code=404, detail="Item not found")
@@ -34,7 +37,11 @@ def read_item(self, item_id: uuid.UUID, owner_id: uuid.UUID, is_superuser: bool)
         return item
 
     def update_item(
-        self, item_id: uuid.UUID, item_in: ItemUpdate, owner_id: uuid.UUID, is_superuser: bool
+        self,
+        item_id: uuid.UUID,
+        item_in: ItemUpdate,
+        owner_id: uuid.UUID,
+        is_superuser: bool,
     ) -> Any:
         item = Item.get_by_id(self.session, item_id)
         if not item:
@@ -43,7 +50,9 @@ def update_item(
             raise HTTPException(status_code=400, detail="Not enough permissions")
         return Item.update(self.session, item, item_in)
 
-    def delete_item(self, item_id: uuid.UUID, owner_id: uuid.UUID, is_superuser: bool) -> Message:
+    def delete_item(
+        self, item_id: uuid.UUID, owner_id: uuid.UUID, is_superuser: bool
+    ) -> Message:
         item = Item.get_by_id(self.session, item_id)
         if not item:
             raise HTTPException(status_code=404, detail="Item not found")