feat: 初始版本，圆角主题与首次管理员引导

2025-12-07 10:53:52 +08:00
commit 63db6a0815
43 changed files with 1293 additions and 0 deletions
--- a/app/blueprints/auth.py
+++ b/app/blueprints/auth.py
@@ -0,0 +1,61 @@
+import os
+from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app
+from flask_login import login_user, logout_user, current_user
+from werkzeug.security import generate_password_hash, check_password_hash
+from werkzeug.utils import secure_filename
+from ..extensions import db, login_manager
+from ..models import User, Profile, UserStatus
+
+bp = Blueprint("auth", __name__, url_prefix="/auth")
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+@bp.route("/register", methods=["GET", "POST"])
+def register():
+    if request.method == "POST":
+        email = request.form.get("email")
+        username = request.form.get("username")
+        password = request.form.get("password")
+        photo = request.files.get("identity_photo")
+        if not email or not username or not password or not photo:
+            flash("请完整填写信息并上传身份照片")
+            return redirect(url_for("auth.register"))
+        if User.query.filter_by(email=email).first() or User.query.filter_by(username=username).first():
+            flash("邮箱或用户名已存在")
+            return redirect(url_for("auth.register"))
+        filename = secure_filename(photo.filename)
+        upload_dir = os.path.join(current_app.config["UPLOAD_FOLDER"], "identity")
+        path = os.path.join(upload_dir, filename)
+        photo.save(path)
+        user = User(email=email, username=username, password_hash=generate_password_hash(password), status=UserStatus.pending, identity_photo_path=path)
+        db.session.add(user)
+        db.session.flush()
+        profile = Profile(user_id=user.id)
+        db.session.add(profile)
+        db.session.commit()
+        flash("注册提交成功，请等待管理员审核")
+        return redirect(url_for("auth.login"))
+    return render_template("auth/register.html")
+
+@bp.route("/login", methods=["GET", "POST"])
+def login():
+    if request.method == "POST":
+        email = request.form.get("email")
+        password = request.form.get("password")
+        user = User.query.filter_by(email=email).first()
+        if not user or not check_password_hash(user.password_hash, password):
+            flash("登录失败")
+            return redirect(url_for("auth.login"))
+        if user.status != UserStatus.approved:
+            flash("账户未审核通过")
+            return redirect(url_for("auth.login"))
+        login_user(user)
+        return redirect(url_for("feed.discover"))
+    return render_template("auth/login.html")
+
+@bp.route("/logout")
+def logout():
+    logout_user()
+    return redirect(url_for("auth.login"))