feat: add user settings page (change username/password) and remove public registration
This commit is contained in:
@@ -17,7 +17,7 @@ from app.auth import (
|
||||
)
|
||||
from app.config import SECRET_KEY, SESSION_COOKIE_NAME, UPLOAD_DIR
|
||||
from app.database import get_db
|
||||
from app.models import ApiKey, Postcard, Profile, User
|
||||
from app.models import Postcard, Profile, User
|
||||
|
||||
router = APIRouter(tags=["web"])
|
||||
templates = Jinja2Templates(directory=str(Path(__file__).resolve().parent.parent / "templates"))
|
||||
@@ -71,35 +71,69 @@ def login_submit(
|
||||
return resp
|
||||
|
||||
|
||||
@router.get("/register", response_class=HTMLResponse)
|
||||
def register_page(request: Request):
|
||||
return templates.TemplateResponse("register.html", {"request": request})
|
||||
# ---------- Settings ----------
|
||||
|
||||
|
||||
@router.post("/register")
|
||||
def register_submit(
|
||||
@router.get("/settings", response_class=HTMLResponse)
|
||||
def settings_page(
|
||||
request: Request,
|
||||
username: str = Form(...),
|
||||
user: User = Depends(get_current_user_web),
|
||||
):
|
||||
return templates.TemplateResponse("settings.html", {"request": request, "user": user})
|
||||
|
||||
|
||||
@router.post("/settings/change-username")
|
||||
def change_username(
|
||||
request: Request,
|
||||
new_username: str = Form(...),
|
||||
password: str = Form(...),
|
||||
password2: str = Form(...),
|
||||
user: User = Depends(get_current_user_web),
|
||||
db: Session = Depends(get_db),
|
||||
):
|
||||
if password != password2:
|
||||
if not verify_password(password, user.password_hash):
|
||||
return templates.TemplateResponse(
|
||||
"register.html", {"request": request, "error": "两次密码不一致"}, status_code=400
|
||||
"settings.html", {"request": request, "user": user, "error": "密码错误"}, status_code=400
|
||||
)
|
||||
if db.query(User).filter(User.username == username).first():
|
||||
if db.query(User).filter(User.username == new_username, User.id != user.id).first():
|
||||
return templates.TemplateResponse(
|
||||
"register.html", {"request": request, "error": "用户名已存在"}, status_code=400
|
||||
"settings.html", {"request": request, "user": user, "error": "用户名已存在"}, status_code=400
|
||||
)
|
||||
user = User(username=username, password_hash=hash_password(password))
|
||||
db.add(user)
|
||||
user.username = new_username
|
||||
db.commit()
|
||||
resp = _redirect("/dashboard")
|
||||
resp.set_cookie(SESSION_COOKIE_NAME, create_session(user.id), httponly=True)
|
||||
return resp
|
||||
return templates.TemplateResponse(
|
||||
"settings.html", {"request": request, "user": user, "success": "用户名修改成功"}
|
||||
)
|
||||
|
||||
|
||||
@router.post("/settings/change-password")
|
||||
def change_password(
|
||||
request: Request,
|
||||
old_password: str = Form(...),
|
||||
new_password: str = Form(...),
|
||||
confirm_password: str = Form(...),
|
||||
user: User = Depends(get_current_user_web),
|
||||
db: Session = Depends(get_db),
|
||||
):
|
||||
if not verify_password(old_password, user.password_hash):
|
||||
return templates.TemplateResponse(
|
||||
"settings.html", {"request": request, "user": user, "error": "当前密码错误"}, status_code=400
|
||||
)
|
||||
if new_password != confirm_password:
|
||||
return templates.TemplateResponse(
|
||||
"settings.html", {"request": request, "user": user, "error": "两次输入的新密码不一致"}, status_code=400
|
||||
)
|
||||
if len(new_password) < 6:
|
||||
return templates.TemplateResponse(
|
||||
"settings.html", {"request": request, "user": user, "error": "新密码长度至少6位"}, status_code=400
|
||||
)
|
||||
user.password_hash = hash_password(new_password)
|
||||
db.commit()
|
||||
return templates.TemplateResponse(
|
||||
"settings.html", {"request": request, "user": user, "success": "密码修改成功"}
|
||||
)
|
||||
|
||||
|
||||
# ---------- Auth ----------
|
||||
|
||||
@router.get("/logout")
|
||||
def logout(request: Request, db: Session = Depends(get_db)):
|
||||
token = request.cookies.get(SESSION_COOKIE_NAME)
|
||||
|
||||
Reference in New Issue
Block a user