duxingchen/KCGL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

超级管理员登录设置

Browse Source
This commit is contained in:
dxc
2026-02-04 13:30:07 +08:00
parent 4aa43a0607
commit 13590b1fac
21 changed files with 881 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
inventory-backend/app/__init__.py
View File

@ -2,37 +2,50 @@
from flask import Flask
from config import Config
from app.extensions import db, migrate, cors
# 【修改】增加 jwt 引入
from app.extensions import db, migrate, cors, jwt
import os
def create_app():
app = Flask(__name__)
app.config.from_object(Config)
# =========================================================
# 1. 初始化插件
# =========================================================
db.init_app(app)
migrate.init_app(app, db)
# 【新增】初始化 JWT (用于 Token 认证)
jwt.init_app(app)
# 确保跨域配置
# 允许 /api/ 开头的请求跨域
cors.init_app(app, resources={r"/*": {"origins": "*"}}) # 放宽跨域限制,防止图片访问被拦截
cors.init_app(app, resources={r"/*": {"origins": "*"}})
# =========================================================
# 2. 注册蓝图 (Blueprints)
# =========================================================
# -----------------------------------------------------
# 2.0 [新增] 注册权限与认证模块 (Auth) - 最关键修复
# -----------------------------------------------------
try:
from app.api.v1.auth import auth_bp
# 前端请求地址: /api/v1/auth/login
app.register_blueprint(auth_bp, url_prefix='/api/v1/auth')
print("✅ Auth (System & Login) 模块注册成功")
except ImportError as e:
print(f"❌ 错误: Auth 模块导入失败: {e}")
# -----------------------------------------------------
# 2.1 注册入库聚合模块 (Inbound)
# -----------------------------------------------------
try:
# 指向聚合文件: app/api/v1/inbound/__init__.py
from app.api.v1.inbound import inbound_bp
# 注册父蓝图,路由前缀为 /api/v1/inbound
app.register_blueprint(inbound_bp, url_prefix='/api/v1/inbound')
print("✅ Inbound (Buy, Semi, Product, Base) 模块注册成功")
except ImportError as e:
print(f"❌ 错误: Inbound 模块导入失败: {e}")
@ -41,34 +54,36 @@ def create_app():
# -----------------------------------------------------
try:
from app.api.v1.common.print import print_bp
# 注册打印蓝图
app.register_blueprint(print_bp, url_prefix='/api/v1/common/print')
print("✅ Print (Label Printing) 模块注册成功")
except ImportError as e:
print(f"❌ 错误: Print 模块导入失败: {e}")
# -----------------------------------------------------
# 2.3 [新增] 注册通用上传模块 (Common Upload)
# 2.3 注册通用上传模块 (Common Upload)
# -----------------------------------------------------
try:
from app.api.v1.common.upload import upload_bp
# 【核心修改】注册方式 1: 标准路径 (对应 /api/v1/common/files/xxx)
# 注册方式 1: 标准路径
app.register_blueprint(upload_bp, url_prefix='/api/v1/common')
# 【核心修改】注册方式 2: 兼容路径 (对应 /v1/common/files/xxx)
# 解决部分代理服务器剥离 /api 前缀导致的 404 问题
# name='upload_fallback' 防止蓝图名称冲突
# 注册方式 2: 兼容路径 (防止反向代理剥离 /api)
app.register_blueprint(upload_bp, url_prefix='/v1/common', name='upload_fallback')
print("✅ Upload (File Storage) 模块注册成功 (双路径兼容模式)")
except ImportError as e:
print(f"❌ 错误: Upload 模块导入失败: {e}")
# -----------------------------------------------------
# 2.4 [新增] 注册业务操作模块 (Transactions)
# -----------------------------------------------------
try:
# 对应 borrow, return, scrap 等操作
from app.api.v1.transactions import trans_bp
app.register_blueprint(trans_bp, url_prefix='/api/v1/trans')
print("✅ Transactions (Borrow, Return, Scrap) 模块注册成功")
except ImportError as e:
# 如果文件还没写好,这里会报错,但不影响主程序启动
print(f"⚠️ 警告: Transaction 模块导入失败 (如果是新建项目可忽略): {e}")
# =========================================================
# 3. 预加载数据模型 (解决 relationship 找不到模型的问题)
# =========================================================
@ -83,11 +98,16 @@ def create_app():
# 4. 成品入库
from app.models.inbound.product import StockProduct
# 开发环境如果需要自动建表,可以取消注释
# 【新增】5. 系统用户 (关键:确保创建 user 表)
from app.models.system import SysUser, SysLog
# 【新增】6. 业务流水
from app.models.transaction import TransBorrow, TransRepair, TransScrap
# 开发环境自动建表 (根据之前的对话,强烈建议在容器第一次启动时开启或手动调用)
# db.create_all()
except ImportError as e:
# 建议打印错误,防止因为文件名拼写错误导致静默失败
print(f"⚠️ 模型预加载失败: {e}")
except Exception as e:
print(f"⚠️ 模型预加载发生未知错误: {e}")

37
inventory-backend/app/api/v1/auth.py
View File

@ -0,0 +1,37 @@
# app/api/v1/auth.py
from flask import Blueprint, request, jsonify
from flask_jwt_extended import jwt_required, get_jwt
from app.services.auth_service import AuthService
auth_bp = Blueprint('auth', __name__)
@auth_bp.route('/login', methods=['POST'])
def login():
try:
data = request.get_json()
if not data.get('username') or not data.get('password'):
return jsonify({'msg': '请输入用户名和密码'}), 400
result = AuthService.login(data)
return jsonify({'msg': '登录成功', 'data': result}), 200
except Exception as e:
return jsonify({'msg': str(e)}), 401
# 新增:创建用户 (替代了原来的注册)
@auth_bp.route('/user/create', methods=['POST'])
@jwt_required() # 必须携带 Token
def create_user():
try:
data = request.get_json()
# 从 Token 中获取当前操作人的角色
claims = get_jwt()
operator_role = claims.get('role')
result = AuthService.create_user(data, operator_role)
return jsonify({'msg': '用户创建成功', 'data': result}), 201
except Exception as e:
# 这里虽然返回 400但实际可能包含 403 的含义,具体看前端处理
return jsonify({'msg': str(e)}), 400

8
inventory-backend/app/api/v1/transactions.py
View File

@ -0,0 +1,8 @@
from flask import Blueprint, jsonify
# 定义蓝图,名字叫 'transactions'
trans_bp = Blueprint('transactions', __name__)
@trans_bp.route('/test', methods=['GET'])
def test_transaction():
return jsonify({"message": "Transaction module is working"})

26
inventory-backend/app/extensions.py
View File

@ -1,8 +1,28 @@
# 文件路径: app/extensions.py
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_cors import CORS # 解决前后端跨域问题
from flask_cors import CORS
from flask_jwt_extended import JWTManager # 确保引入了 JWTManager
# 1. 创建扩展实例(此时未绑定具体的 App
db = SQLAlchemy()
migrate = Migrate()
cors = CORS()
cors = CORS()
jwt = JWTManager() # 必须实例化
# 2. 定义初始化函数 (供工厂函数 create_app 调用)
def init_extensions(app):
"""
统一初始化所有 Flask 扩展
"""
# 初始化数据库
db.init_app(app)
# 初始化迁移工具
migrate.init_app(app, db)
# 初始化跨域设置 (允许 /api/* 路径被所有来源访问)
cors.init_app(app, resources={r"/api/*": {"origins": "*"}})
# 初始化 JWT (这一步至关重要,缺少它会导致 500 错误)
jwt.init_app(app)

62
inventory-backend/app/models/system.py
View File

@ -0,0 +1,62 @@
# app/models/system.py
from app.extensions import db
from werkzeug.security import generate_password_hash, check_password_hash
from datetime import datetime
class SysUser(db.Model):
__tablename__ = 'sys_user'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(100), nullable=False)
email = db.Column(db.String(100), unique=True)
department = db.Column(db.String(100))
role = db.Column(db.String(50))
status = db.Column(db.String(20), default='active')
password_hash = db.Column(db.Text)
def set_password(self, password):
"""生成加密密码"""
self.password_hash = generate_password_hash(password)
def check_password(self, password):
"""验证密码"""
return check_password_hash(self.password_hash, password)
def to_dict(self):
"""序列化为字典,供接口返回使用"""
return {
'id': self.id,
'username': self.username,
'email': self.email,
'department': self.department,
'role': self.role,
'status': self.status
}
class SysLog(db.Model):
"""
系统操作日志表
对应数据库表: sys_log
"""
__tablename__ = 'sys_log'
id = db.Column(db.Integer, primary_key=True)
op_time = db.Column(db.DateTime, default=datetime.now)
op_user_name = db.Column(db.String(100))
op_user_id = db.Column(db.String(50))
module_name = db.Column(db.String(100))
action_type = db.Column(db.String(50))
target_table = db.Column(db.String(100))
target_id = db.Column(db.Integer)
description = db.Column(db.Text)
ip_address = db.Column(db.String(50))
def to_dict(self):
return {
'id': self.id,
'op_time': self.op_time.isoformat() if self.op_time else None,
'op_user_name': self.op_user_name,
'module_name': self.module_name,
'action_type': self.action_type,
'description': self.description
}

66
inventory-backend/app/models/transaction.py
View File

@ -0,0 +1,66 @@
from app.extensions import db
from datetime import datetime
# 1. 借用表
class TransBorrow(db.Model):
__tablename__ = 'trans_borrow'
id = db.Column(db.Integer, primary_key=True)
sku = db.Column(db.String(100))
source_table = db.Column(db.String(50))
stock_id = db.Column(db.Integer)
quantity = db.Column(db.Numeric(19, 4))
borrow_time = db.Column(db.DateTime, default=datetime.now)
expected_return_time = db.Column(db.DateTime)
borrower_name = db.Column(db.String(100))
actual_return_time = db.Column(db.DateTime)
approver_name = db.Column(db.String(100))
status = db.Column(db.String(20))
def to_dict(self):
return {
'id': self.id,
'sku': self.sku,
'borrower_name': self.borrower_name,
'status': self.status
}
# 2. 维修表
class TransRepair(db.Model):
__tablename__ = 'trans_repair'
id = db.Column(db.Integer, primary_key=True)
sku = db.Column(db.String(100))
source_table = db.Column(db.String(50))
stock_id = db.Column(db.Integer)
arrival_date = db.Column(db.Date)
expected_repair_time = db.Column(db.String(100))
shipping_date = db.Column(db.Date)
is_self_made = db.Column(db.Boolean, default=False)
related_product_id = db.Column(db.Integer)
related_contract_id = db.Column(db.String(100))
repair_manager = db.Column(db.String(100))
fault_description = db.Column(db.Text)
repair_result = db.Column(db.Text)
cost_price = db.Column(db.Numeric(19, 4))
sale_price = db.Column(db.Numeric(19, 4))
def to_dict(self):
return {'id': self.id, 'sku': self.sku, 'status': 'repaired' if self.repair_result else 'pending'}
# 3. 报废表
class TransScrap(db.Model):
__tablename__ = 'trans_scrap'
id = db.Column(db.Integer, primary_key=True)
sku = db.Column(db.String(100))
source_table = db.Column(db.String(50))
stock_id = db.Column(db.Integer)
quantity = db.Column(db.Numeric(19, 4))
reason = db.Column(db.Text)
operator_name = db.Column(db.String(100))
operation_time = db.Column(db.DateTime, default=datetime.now)
approver_name = db.Column(db.String(100))
approval_status = db.Column(db.String(20))
cost_at_scrap = db.Column(db.Numeric(19, 4))
total_loss = db.Column(db.Numeric(19, 4))
def to_dict(self):
return {'id': self.id, 'sku': self.sku, 'total_loss': float(self.total_loss) if self.total_loss else 0}

95
inventory-backend/app/services/auth_service.py
View File

@ -0,0 +1,95 @@
# app/services/auth_service.py
from app.models.system import SysUser
from app.extensions import db
from flask_jwt_extended import create_access_token, get_jwt_identity, get_jwt
from werkzeug.security import check_password_hash
from app.utils.constants import UserRole
class AuthService:
# 硬编码的超级管理员凭证
SUPER_ADMIN_USER = "IRIS"
SUPER_ADMIN_PASS = "licahk"
@staticmethod
def login(data):
username = data.get('username')
password = data.get('password')
user_role = None
user_id = None
user_info = {}
# 1. 优先检查硬编码的超级管理员
if username == AuthService.SUPER_ADMIN_USER:
if password == AuthService.SUPER_ADMIN_PASS:
user_role = UserRole.SUPER_ADMIN
user_id = 0 # 虚拟ID
user_info = {
'username': username,
'role': user_role,
'department': 'System'
}
else:
raise Exception("密码错误")
# 2. 如果不是 IRIS检查数据库用户
else:
user = SysUser.query.filter_by(username=username).first()
if not user or not user.check_password(password):
raise Exception("用户名或密码错误")
if user.status != 'active':
raise Exception("账号已被禁用")
user_role = user.role
user_id = user.id
user_info = user.to_dict()
# 3. 生成 Token将角色写入 claims (关键步骤:用于后期权限控制)
# identity 存 IDadditional_claims 存角色
access_token = create_access_token(
identity=user_id,
additional_claims={'role': user_role, 'username': username}
)
return {
'access_token': access_token,
'user': user_info
}
@staticmethod
def create_user(data, operator_role):
"""
创建新用户 (仅限管理员使用)
:param data: 新用户数据
:param operator_role: 当前操作人的角色 (从 Token 获取)
"""
# 简单权限控制:只有超级管理员或主管可以创建用户
if operator_role not in [UserRole.SUPER_ADMIN, UserRole.SUPERVISOR]:
raise Exception("权限不足:只有超级管理员或主管可以创建新用户")
# 检查重名
if SysUser.query.filter_by(username=data.get('username')).first():
raise Exception("用户名已存在")
# 默认角色处理
role = data.get('role')
# 验证角色是否合法
valid_roles = [v for k, v in UserRole.__dict__.items() if not k.startswith('__')]
if role not in valid_roles:
raise Exception(f"角色无效,可选角色: {valid_roles}")
new_user = SysUser(
username=data.get('username'),
email=data.get('email', ''), # 允许为空
department=data.get('department', ''),
role=role,
status='active'
)
new_user.set_password(data.get('password'))
db.session.add(new_user)
db.session.commit()
return new_user.to_dict()

23
inventory-backend/app/utils/constants.py Normal file
View File

@ -0,0 +1,23 @@
# app/utils/constants.py
class UserRole:
SUPER_ADMIN = 'super_admin' # 超级管理员 (IRIS)
SUPERVISOR = 'supervisor' # 主管
FINANCE = 'finance' # 财务
WAREHOUSE_MGR = 'warehouse_manager' # 库管
INBOUND = 'inbound' # 入库员
OUTBOUND = 'outbound' # 出库员
PURCHASER = 'purchaser' # 采购员
SALES = 'sales' # 销售
# 角色中文映射(用于前端展示或日志)
ROLE_MAP = {
SUPER_ADMIN: '超级管理员',
SUPERVISOR: '主管',
FINANCE: '财务',
WAREHOUSE_MGR: '库管',
INBOUND: '入库员',
OUTBOUND: '出库员',
PURCHASER: '采购员',
SALES: '销售'
}

30
inventory-backend/app/utils/decorators.py
View File

@ -0,0 +1,30 @@
# app/utils/decorators.py
from functools import wraps
from flask_jwt_extended import get_jwt
from flask import jsonify
def role_required(*roles):
"""
自定义装饰器:检查用户角色
使用方法: @role_required('super_admin', 'finance')
"""
def wrapper(fn):
@wraps(fn)
def decorator(*args, **kwargs):
claims = get_jwt()
user_role = claims.get('role')
# 如果是超级管理员,拥有上帝视角,直接放行 (可选)
if user_role == 'super_admin':
return fn(*args, **kwargs)
if user_role not in roles:
return jsonify(msg='权限不足:您没有访问此资源的权限'), 403
return fn(*args, **kwargs)
return decorator
return wrapper

41
inventory-backend/config.py
View File

@ -1,16 +1,43 @@
import os
from datetime import timedelta
class Config:
# 【核心修改】
# 优先读取 Docker 传入的 'DATABASE_URL' 环境变量。
# 如果读不到(比如你在非 Docker 环境下本地直接运行),才回退使用 'localhost'。
# =========================================================
# 1. 基础路径与安全配置
# =========================================================
# 获取当前文件所在目录的绝对路径 (用于定位 uploads 文件夹等)
BASE_DIR = os.path.abspath(os.path.dirname(__file__))
# Flask 的基础密钥 (用于 Session, Flash 消息等安全签名)
SECRET_KEY = os.getenv('SECRET_KEY', 'dev-secret-key-1234')
# =========================================================
# 2. 数据库配置
# =========================================================
# 优先读取 .env 中的 'DATABASE_URL'。
# 如果读不到,才回退使用默认的 localhost 连接字符串。
SQLALCHEMY_DATABASE_URI = os.getenv(
'DATABASE_URL',
'postgresql://test:1234@localhost:5432/inventory_system'
'postgresql://postgres:1234@localhost:5432/inventory_system'
)
# 关闭 SQLAlchemy 的事件追踪,减少内存消耗
# 关闭 SQLAlchemy 的事件追踪,减少内存消耗 (推荐设为 False)
SQLALCHEMY_TRACK_MODIFICATIONS = False
# Flask 的密钥
SECRET_KEY = 'dev-secret-key-1234'
# =========================================================
# 3. JWT 配置 (修复 500 报错的核心区域)
# =========================================================
# 【核心】必须设置 JWT_SECRET_KEY否则 create_access_token 会报错
# 逻辑:优先读环境变量,读不到就用默认字符串
JWT_SECRET_KEY = os.getenv('JWT_SECRET_KEY', 'default-jwt-secret-key-if-missing')
# 设置 Token 过期时间 (这里设为 1 天)
JWT_ACCESS_TOKEN_EXPIRES = timedelta(days=1)
# =========================================================
# 4. 文件上传配置
# =========================================================
# 上传文件存储路径
UPLOAD_FOLDER = os.path.join(BASE_DIR, 'uploads')
# 限制最大上传 16MB
MAX_CONTENT_LENGTH = 16 * 1024 * 1024

4
inventory-backend/requirements.txt
View File

@ -7,4 +7,6 @@ psycopg2-binary==2.9.9
python-dotenv==1.0.0
flask-cors==4.0.0
Pillow>=10.0.0
python-barcode>=0.14.0
python-barcode>=0.14.0
# [新增] 必须添加,用于处理 token 登录
Flask-JWT-Extended==4.6.0

8
inventory-backend/run.py
View File

@ -1,12 +1,14 @@
# 文件路径: run.py (在项目根目录下,与 config.py 同级)
# inventory-backend/run.py
from app import create_app
# 【关键】这一行必须在最外层,不能放在 if __name__ ... 里面!
# Gunicorn 会导入这个变量
app = create_app()
if __name__ == '__main__':
# debug=True 修改代码后会自动重启
# 这里是开发调试用的Docker/Gunicorn 不会执行这里
print("\n====== 当前所有注册路由 ======")
for rule in app.url_map.iter_rules():
print(f"{rule} -> {rule.endpoint}")
print("==============================\n")
app.run(host='0.0.0.0', port=5000, debug=True)
app.run(host='0.0.0.0', port=8000, debug=True)