secure avatar to s3 by exception control
This commit is contained in:
+34
-20
@@ -73,30 +73,44 @@ async def auth_callback(request: Request, code: str, state: str):
|
|||||||
|
|
||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
|
|
||||||
user = db.query(User).filter(User.email == user_info["email"]).first()
|
try:
|
||||||
|
user = db.query(User).filter(User.email == user_info["email"]).first()
|
||||||
|
|
||||||
if not user:
|
if not user:
|
||||||
user = User(
|
# 提取邮箱前缀作为 handle 基础
|
||||||
google_id=user_info["id"],
|
# 比如 "john.doe@gmail.com" -> "john_doe"
|
||||||
email=user_info["email"],
|
base_handle = user_info["email"].split("@")[0].replace(".", "_").lower()
|
||||||
name=user_info["name"],
|
|
||||||
avatar=user_info["picture"],
|
|
||||||
)
|
|
||||||
db.add(user)
|
|
||||||
db.commit()
|
|
||||||
db.refresh(user)
|
|
||||||
|
|
||||||
# 异步/同步将头像转存到 S3
|
# 拼接一个随机短字符串,确保 handle 的唯一性
|
||||||
from app.utils.s3 import upload_google_avatar_to_s3
|
import secrets
|
||||||
s3_avatar_url = await upload_google_avatar_to_s3(user_info["picture"], str(user.id))
|
random_suffix = secrets.token_hex(3) # 生成 6 位随机字符
|
||||||
|
suggested_handle = f"{base_handle}_{random_suffix}"
|
||||||
|
|
||||||
# 将更新后的 S3 URL 写回数据库
|
user = User(
|
||||||
user.avatar = s3_avatar_url
|
google_id=user_info["id"],
|
||||||
db.commit()
|
email=user_info["email"],
|
||||||
# 这里不需要再次 refresh,除非后面还要用到更新后的 user 对象
|
name=user_info["name"],
|
||||||
# db.refresh(user)
|
avatar=user_info["picture"],
|
||||||
|
handle=suggested_handle,
|
||||||
|
)
|
||||||
|
db.add(user)
|
||||||
|
db.commit()
|
||||||
|
db.refresh(user)
|
||||||
|
|
||||||
db.close()
|
# 异步/同步将头像转存到 S3
|
||||||
|
from app.utils.s3 import upload_google_avatar_to_s3
|
||||||
|
try:
|
||||||
|
s3_avatar_url = await upload_google_avatar_to_s3(user_info["picture"], str(user.id))
|
||||||
|
# 将更新后的 S3 URL 写回数据库
|
||||||
|
user.avatar = s3_avatar_url
|
||||||
|
db.commit()
|
||||||
|
except Exception as s3_err:
|
||||||
|
print(f"S3 Upload failed: {s3_err}")
|
||||||
|
|
||||||
|
# 这里不需要再次 refresh,除非后面还要用到更新后的 user 对象
|
||||||
|
# db.refresh(user)
|
||||||
|
finally:
|
||||||
|
db.close()
|
||||||
|
|
||||||
jwt_token = create_jwt_token({
|
jwt_token = create_jwt_token({
|
||||||
"sub": user.id,
|
"sub": user.id,
|
||||||
|
|||||||
Reference in New Issue
Block a user