app/api/auth.py

from __future__ import annotations

import logging

from fastapi import APIRouter, Depends, HTTPException, Request, status
from redis.asyncio import Redis

from app.config import Settings
from app.core.ip_utils import extract_client_ip
from app.core.security import (
    clear_login_failures,
    create_admin_jwt,
    ensure_login_allowed,
    register_login_failure,
    verify_admin_password,
)
from app.dependencies import get_redis, get_settings
from app.schemas.auth import LoginRequest, TokenResponse

logger = logging.getLogger(__name__)

router = APIRouter(prefix="/admin/api", tags=["auth"])


@router.post("/login", response_model=TokenResponse)
async def login(
    payload: LoginRequest,
    request: Request,
    settings: Settings = Depends(get_settings),
    redis: Redis | None = Depends(get_redis),
) -> TokenResponse:
    if redis is None:
        raise HTTPException(
            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
            detail="Login service is unavailable because Redis is offline.",
        )

    client_ip = extract_client_ip(request, settings)
    await ensure_login_allowed(redis, client_ip, settings)

    if not verify_admin_password(payload.password, settings):
        await register_login_failure(redis, client_ip, settings)
        logger.warning("Admin login failed.", extra={"client_ip": client_ip})
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid admin password.")

    await clear_login_failures(redis, client_ip)
    token, expires_in = create_admin_jwt(settings)
    logger.info("Admin login succeeded.", extra={"client_ip": client_ip})
    return TokenResponse(access_token=token, expires_in=expires_in)
feat(core): 初始化 Key-IP Sentinel 服务与部署骨架 - 搭建 FastAPI、Redis、PostgreSQL、Nginx 与 Docker Compose 基础结构 - 实现反向代理、首用绑定、拦截告警、归档任务和管理接口 - 提供 Vue3 管理后台初版，以及 uv/requirements 双依赖配置 2026-03-04 00:18:33 +08:00			`from __future__ import annotations`

			`import logging`

			`from fastapi import APIRouter, Depends, HTTPException, Request, status`
			`from redis.asyncio import Redis`

			`from app.config import Settings`
			`from app.core.ip_utils import extract_client_ip`
			`from app.core.security import (`
			`clear_login_failures,`
			`create_admin_jwt,`
			`ensure_login_allowed,`
			`register_login_failure,`
			`verify_admin_password,`
			`)`
			`from app.dependencies import get_redis, get_settings`
			`from app.schemas.auth import LoginRequest, TokenResponse`

			`logger = logging.getLogger(__name__)`

			`router = APIRouter(prefix="/admin/api", tags=["auth"])`


			`@router.post("/login", response_model=TokenResponse)`
			`async def login(`
			`payload: LoginRequest,`
			`request: Request,`
			`settings: Settings = Depends(get_settings),`
			`redis: Redis \| None = Depends(get_redis),`
			`) -> TokenResponse:`
			`if redis is None:`
			`raise HTTPException(`
			`status_code=status.HTTP_503_SERVICE_UNAVAILABLE,`
			`detail="Login service is unavailable because Redis is offline.",`
			`)`

			`client_ip = extract_client_ip(request, settings)`
			`await ensure_login_allowed(redis, client_ip, settings)`

			`if not verify_admin_password(payload.password, settings):`
			`await register_login_failure(redis, client_ip, settings)`
			`logger.warning("Admin login failed.", extra={"client_ip": client_ip})`
			`raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid admin password.")`

			`await clear_login_failures(redis, client_ip)`
			`token, expires_in = create_admin_jwt(settings)`
			`logger.info("Admin login succeeded.", extra={"client_ip": client_ip})`
			`return TokenResponse(access_token=token, expires_in=expires_in)`