login with JWT

This commit is contained in:
2026-05-15 22:58:53 +08:00
parent d14fe10ea7
commit 1c513a2f3e
5 changed files with 150 additions and 6 deletions
+74 -6
View File
@@ -1,8 +1,12 @@
import httpx
from fastapi import APIRouter, Request, HTTPException
from fastapi import APIRouter, Depends, Request, HTTPException
from fastapi.responses import RedirectResponse
import os
import secrets
from auth.deps import get_current_user
from db import SessionLocal
from models import User
from auth.jwt import create_access_token, create_refresh_token, decode_token
router = APIRouter()
@@ -28,7 +32,13 @@ def login_google():
)
response = RedirectResponse(url)
response.set_cookie("oauth_state", state, httponly=True)
response.set_cookie(
"oauth_state",
state,
httponly=True,
secure=True,
samesite="lax"
)
return response
@router.get("/auth/callback")
@@ -57,10 +67,68 @@ async def auth_callback(request: Request, code: str, state: str):
GOOGLE_USERINFO_URL,
headers={"Authorization": f"Bearer {access_token}"},
)
user_info = user_res.json()
db = SessionLocal()
user = db.query(User).filter(User.email == user_info["email"]).first()
if not user:
user = User(
google_id=user_info["id"],
email=user_info["email"],
name=user_info["name"],
avatar=user_info["picture"],
)
db.add(user)
db.commit()
db.refresh(user)
db.close()
jwt_token = create_access_token({
"sub": user.id,
"email": user.email,
})
refresh_token = create_refresh_token({
"sub": user.id,
"email": user.email,
})
return {
"email": user_info["email"],
"name": user_info["name"],
"picture": user_info["picture"],
}
"access_token": jwt_token,
"refresh_token": refresh_token,
"token_type": "bearer",
"user": {
"email": user.email,
"name": user.name,
"avatar": user.avatar,
}
}
@router.get("/me")
def me(user = Depends(get_current_user)):
return {
"email": user.email,
"name": user.name,
"avatar": user.avatar,
}
@router.post("/refresh")
def refresh_token(refresh_token: str):
payload = decode_token(refresh_token)
if payload.get("type") != "refresh":
raise HTTPException(status_code=401)
user_id = payload.get("sub")
new_access = create_access_token({"sub": user_id})
return {"access_token": new_access}
@router.post("/logout")
def logout():
return {"message": "ok"}