89 lines
2.8 KiB
Python
89 lines
2.8 KiB
Python
![]() |
from rest_framework import status, generics
|
||
|
from rest_framework.decorators import api_view, permission_classes
|
||
|
from rest_framework.permissions import AllowAny, IsAuthenticated
|
||
|
from rest_framework.response import Response
|
||
|
from rest_framework_simplejwt.tokens import RefreshToken
|
||
|
from django.contrib.auth import get_user_model
|
||
|
from .serializers import (
|
||
|
UserRegistrationSerializer,
|
||
|
UserLoginSerializer,
|
||
|
UserProfileSerializer,
|
||
|
UserListSerializer
|
||
|
)
|
||
|
|
||
|
User = get_user_model()
|
||
|
|
||
|
|
||
|
@api_view(['POST'])
|
||
|
@permission_classes([AllowAny])
|
||
|
def register(request):
|
||
|
"""用户注册"""
|
||
|
serializer = UserRegistrationSerializer(data=request.data)
|
||
|
if serializer.is_valid():
|
||
|
user = serializer.save()
|
||
|
refresh = RefreshToken.for_user(user)
|
||
|
return Response({
|
||
|
'message': '注册成功',
|
||
|
'user': UserProfileSerializer(user).data,
|
||
|
'tokens': {
|
||
|
'refresh': str(refresh),
|
||
|
'access': str(refresh.access_token),
|
||
|
}
|
||
|
}, status=status.HTTP_201_CREATED)
|
||
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
||
|
|
||
|
|
||
|
@api_view(['POST'])
|
||
|
@permission_classes([AllowAny])
|
||
|
def login(request):
|
||
|
"""用户登录"""
|
||
|
serializer = UserLoginSerializer(data=request.data)
|
||
|
if serializer.is_valid():
|
||
|
user = serializer.validated_data['user']
|
||
|
refresh = RefreshToken.for_user(user)
|
||
|
return Response({
|
||
|
'message': '登录成功',
|
||
|
'user': UserProfileSerializer(user).data,
|
||
|
'tokens': {
|
||
|
'refresh': str(refresh),
|
||
|
'access': str(refresh.access_token),
|
||
|
}
|
||
|
})
|
||
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
||
|
|
||
|
|
||
|
@api_view(['POST'])
|
||
|
@permission_classes([IsAuthenticated])
|
||
|
def logout(request):
|
||
|
"""用户登出"""
|
||
|
try:
|
||
|
refresh_token = request.data.get('refresh_token')
|
||
|
if refresh_token:
|
||
|
token = RefreshToken(refresh_token)
|
||
|
token.blacklist()
|
||
|
return Response({'message': '登出成功'})
|
||
|
except Exception as e:
|
||
|
return Response({'error': '登出失败'}, status=status.HTTP_400_BAD_REQUEST)
|
||
|
|
||
|
|
||
|
class UserProfileView(generics.RetrieveUpdateAPIView):
|
||
|
"""用户信息查看和更新"""
|
||
|
serializer_class = UserProfileSerializer
|
||
|
permission_classes = [IsAuthenticated]
|
||
|
|
||
|
def get_object(self):
|
||
|
return self.request.user
|
||
|
|
||
|
|
||
|
class UserListView(generics.ListAPIView):
|
||
|
"""用户列表(仅管理员可访问)"""
|
||
|
queryset = User.objects.filter(is_active=True)
|
||
|
serializer_class = UserListSerializer
|
||
|
permission_classes = [IsAuthenticated]
|
||
|
|
||
|
def get_queryset(self):
|
||
|
# 只有管理员可以查看所有用户列表
|
||
|
if self.request.user.is_staff:
|
||
|
return super().get_queryset()
|
||
|
return User.objects.filter(id=self.request.user.id)
|