backend/app/api/dev_auth.py

# =============================================================================
# 企微IT智能服务台 — 开发模式 Mock 登录
# =============================================================================
# ⚠️ 警告:此模块只在 DEV_MODE=true 时可用
#   - 仅供本地开发 / 集成测试使用
#   - 生产环境(DEV_MODE 未设置或 false)会直接 403
#   - 部署前必须确认 .env / .env.production 没有 DEV_MODE=true
# 用法:
#   GET /api/dev/login?userid=dev-user-001&name=测试&role=user
#   GET /api/dev/users  # 列出所有预设 dev 用户
# =============================================================================

import logging
import os
from typing import Optional

import redis.asyncio as aioredis
from fastapi import APIRouter, Depends, HTTPException, Query

from app.config import settings
from app.dependencies import get_redis
from app.services.token_service import TokenService

logger = logging.getLogger(__name__)

router = APIRouter(prefix="/api/dev", tags=["dev-mock"])


def _dev_mode_enabled() -> bool:
    """检查是否启用了开发模式。

    三个检查源(任一为 true 即启用):
    1. 环境变量 DEV_MODE=true
    2. settings.dev_mode(从 .env.dev 读)
    3. DEBUG 模式 + 本地主机(最严格)
    """
    env_val = os.getenv("DEV_MODE", "false").lower() == "true"
    if env_val:
        return True
    # 兜底:从 settings 读
    if hasattr(settings, "dev_mode") and getattr(settings, "dev_mode", False):
        return True
    return False


# -----------------------------------------------------------------------------
# 预设 dev 用户(便于测试不同角色)
# -----------------------------------------------------------------------------
PRESET_DEV_USERS = [
    {"userid": "dev-user-001", "name": "张三(普通员工)", "role": "user", "department": "财务部"},
    {"userid": "dev-agent-001", "name": "李四(IT 坐席)", "role": "agent", "department": "信息技术部"},
    {"userid": "dev-supervisor-001", "name": "王五(部门主管)", "role": "supervisor", "department": "信息技术部"},
    {"userid": "dev-security-001", "name": "赵六(安全团队)", "role": "security", "department": "信息安全部"},
    {"userid": "dev-admin-001", "name": "钱七(系统管理员)", "role": "admin", "department": "信息技术部"},
    {"userid": "dev-multi-001", "name": "周八(多角色测试)", "role": "user,agent,supervisor", "department": "测试部"},
]


# -----------------------------------------------------------------------------
# GET /api/dev/login — Mock 登录(返回 token)
# -----------------------------------------------------------------------------
@router.get("/login")
async def dev_login(
    userid: str = Query("dev-user-001", description="用户 ID(模拟企微 userid)"),
    name: str = Query("开发测试用户", description="用户姓名"),
    role: str = Query("user", description="角色:user/agent/admin/supervisor/security,多个用逗号分隔"),
    department: str = Query("信息技术部", description="部门"),
    avatar: Optional[str] = Query(None, description="头像 URL(可选)"),
    redis: aioredis.Redis = Depends(get_redis),
):
    """开发模式 Mock 登录。

    用法:
        GET /api/dev/login?userid=dev-agent-001&name=李四&role=agent

    返回:
        {
            "code": 0,
            "data": {
                "token": "abc123...",
                "user": { "userid": "...", "name": "...", "roles": [...] }
            }
        }
    """
    if not _dev_mode_enabled():
        logger.warning("🚨 /api/dev/login 被调用但 DEV_MODE 未启用,返回 403")
        raise HTTPException(
            status_code=403,
            detail="DEV_MODE not enabled. Set DEV_MODE=true in .env.dev to use this endpoint."
        )

    # 解析多角色
    roles = [r.strip() for r in role.split(",") if r.strip()]
    if not roles:
        roles = ["user"]

    # 调 TokenService 创建 token(走完全真实的 token 流程)
    token_service = TokenService(redis)
    token = await token_service.create_token(
        employee_id=userid,
        name=name,
        roles=roles,
        department=department,
        avatar=avatar or "",
        login_source="dev",
    )

    logger.info(f"🧪 [DEV] Mock 登录成功: userid={userid}, roles={roles}")

    return {
        "code": 0,
        "message": "ok",
        "data": {
            "token": token,
            "user": {
                "userid": userid,
                "name": name,
                "department": department,
                "avatar": avatar or "",
                "roles": roles,
                "login_source": "dev",
            },
        },
    }


# -----------------------------------------------------------------------------
# GET /api/dev/users — 列出所有预设 dev 用户
# -----------------------------------------------------------------------------
@router.get("/users")
async def dev_list_users():
    """列出所有预设 dev 用户(便于前端测试用)。"""
    if not _dev_mode_enabled():
        raise HTTPException(status_code=403, detail="DEV_MODE not enabled")

    return {
        "code": 0,
        "message": "ok",
        "data": PRESET_DEV_USERS,
    }


# -----------------------------------------------------------------------------
# GET /api/dev/health — 检查 dev 模式状态
# -----------------------------------------------------------------------------
@router.get("/health")
async def dev_health():
    """检查 dev 模式是否启用 + 关键依赖。"""
    if not _dev_mode_enabled():
        raise HTTPException(status_code=403, detail="DEV_MODE not enabled")

    return {
        "code": 0,
        "data": {
            "dev_mode": True,
            "env": os.getenv("APP_ENV", "unknown"),
            "database_url": os.getenv("DATABASE_URL", "not set")[:50] + "...",
            "redis_url": os.getenv("REDIS_URL", "not set"),
            "preset_users": len(PRESET_DEV_USERS),
        },
    }
feat(dev): 本地开发环境(docker-compose + Mock OAuth + 一键脚本) 2026-06-16 14:28:51 +08:00			`# =============================================================================`
			`# 企微IT智能服务台 — 开发模式 Mock 登录`
			`# =============================================================================`
			`# ⚠️ 警告:此模块只在 DEV_MODE=true 时可用`
			`# - 仅供本地开发 / 集成测试使用`
			`# - 生产环境(DEV_MODE 未设置或 false)会直接 403`
			`# - 部署前必须确认 .env / .env.production 没有 DEV_MODE=true`
			`# 用法:`
			`# GET /api/dev/login?userid=dev-user-001&name=测试&role=user`
			`# GET /api/dev/users # 列出所有预设 dev 用户`
			`# =============================================================================`

			`import logging`
			`import os`
			`from typing import Optional`

			`import redis.asyncio as aioredis`
			`from fastapi import APIRouter, Depends, HTTPException, Query`

			`from app.config import settings`
			`from app.dependencies import get_redis`
			`from app.services.token_service import TokenService`

			`logger = logging.getLogger(__name__)`

			`router = APIRouter(prefix="/api/dev", tags=["dev-mock"])`


			`def _dev_mode_enabled() -> bool:`
			`"""检查是否启用了开发模式。`

			`三个检查源(任一为 true 即启用):`
			`1. 环境变量 DEV_MODE=true`
			`2. settings.dev_mode(从 .env.dev 读)`
			`3. DEBUG 模式 + 本地主机(最严格)`
			`"""`
			`env_val = os.getenv("DEV_MODE", "false").lower() == "true"`
			`if env_val:`
			`return True`
			`# 兜底:从 settings 读`
			`if hasattr(settings, "dev_mode") and getattr(settings, "dev_mode", False):`
			`return True`
			`return False`


			`# -----------------------------------------------------------------------------`
			`# 预设 dev 用户(便于测试不同角色)`
			`# -----------------------------------------------------------------------------`
			`PRESET_DEV_USERS = [`
			`{"userid": "dev-user-001", "name": "张三(普通员工)", "role": "user", "department": "财务部"},`
			`{"userid": "dev-agent-001", "name": "李四(IT 坐席)", "role": "agent", "department": "信息技术部"},`
			`{"userid": "dev-supervisor-001", "name": "王五(部门主管)", "role": "supervisor", "department": "信息技术部"},`
			`{"userid": "dev-security-001", "name": "赵六(安全团队)", "role": "security", "department": "信息安全部"},`
			`{"userid": "dev-admin-001", "name": "钱七(系统管理员)", "role": "admin", "department": "信息技术部"},`
			`{"userid": "dev-multi-001", "name": "周八(多角色测试)", "role": "user,agent,supervisor", "department": "测试部"},`
			`]`


			`# -----------------------------------------------------------------------------`
			`# GET /api/dev/login — Mock 登录(返回 token)`
			`# -----------------------------------------------------------------------------`
			`@router.get("/login")`
			`async def dev_login(`
			`userid: str = Query("dev-user-001", description="用户 ID(模拟企微 userid)"),`
			`name: str = Query("开发测试用户", description="用户姓名"),`
			`role: str = Query("user", description="角色:user/agent/admin/supervisor/security,多个用逗号分隔"),`
			`department: str = Query("信息技术部", description="部门"),`
			`avatar: Optional[str] = Query(None, description="头像 URL(可选)"),`
			`redis: aioredis.Redis = Depends(get_redis),`
			`):`
			`"""开发模式 Mock 登录。`

			`用法:`
			`GET /api/dev/login?userid=dev-agent-001&name=李四&role=agent`

			`返回:`
			`{`
			`"code": 0,`
			`"data": {`
			`"token": "abc123...",`
			`"user": { "userid": "...", "name": "...", "roles": [...] }`
			`}`
			`}`
			`"""`
			`if not _dev_mode_enabled():`
			`logger.warning("🚨 /api/dev/login 被调用但 DEV_MODE 未启用,返回 403")`
			`raise HTTPException(`
			`status_code=403,`
			`detail="DEV_MODE not enabled. Set DEV_MODE=true in .env.dev to use this endpoint."`
			`)`

			`# 解析多角色`
			`roles = [r.strip() for r in role.split(",") if r.strip()]`
			`if not roles:`
			`roles = ["user"]`

			`# 调 TokenService 创建 token(走完全真实的 token 流程)`
			`token_service = TokenService(redis)`
			`token = await token_service.create_token(`
			`employee_id=userid,`
			`name=name,`
			`roles=roles,`
			`department=department,`
			`avatar=avatar or "",`
			`login_source="dev",`
			`)`

			`logger.info(f"🧪 [DEV] Mock 登录成功: userid={userid}, roles={roles}")`

			`return {`
			`"code": 0,`
			`"message": "ok",`
			`"data": {`
			`"token": token,`
			`"user": {`
			`"userid": userid,`
			`"name": name,`
			`"department": department,`
			`"avatar": avatar or "",`
			`"roles": roles,`
			`"login_source": "dev",`
			`},`
			`},`
			`}`


			`# -----------------------------------------------------------------------------`
			`# GET /api/dev/users — 列出所有预设 dev 用户`
			`# -----------------------------------------------------------------------------`
			`@router.get("/users")`
			`async def dev_list_users():`
			`"""列出所有预设 dev 用户(便于前端测试用)。"""`
			`if not _dev_mode_enabled():`
			`raise HTTPException(status_code=403, detail="DEV_MODE not enabled")`

			`return {`
			`"code": 0,`
			`"message": "ok",`
			`"data": PRESET_DEV_USERS,`
			`}`


			`# -----------------------------------------------------------------------------`
			`# GET /api/dev/health — 检查 dev 模式状态`
			`# -----------------------------------------------------------------------------`
			`@router.get("/health")`
			`async def dev_health():`
			`"""检查 dev 模式是否启用 + 关键依赖。"""`
			`if not _dev_mode_enabled():`
			`raise HTTPException(status_code=403, detail="DEV_MODE not enabled")`

			`return {`
			`"code": 0,`
			`"data": {`
			`"dev_mode": True,`
			`"env": os.getenv("APP_ENV", "unknown"),`
			`"database_url": os.getenv("DATABASE_URL", "not set")[:50] + "...",`
			`"redis_url": os.getenv("REDIS_URL", "not set"),`
			`"preset_users": len(PRESET_DEV_USERS),`
			`},`
			`}`