refactor: 后端代码重构，提取通用权限验证逻辑至common模块，减少代码冗余

2026-01-13 16:45:58 +08:00
parent 6f33e12ead
commit 46debab624
14 changed files with 907 additions and 716 deletions
@@ -10,6 +10,7 @@ from datetime import datetime
 from asyncio import Queue, Lock

 from app.database import get_db
+from app.api.common import verify_project_access
 from app.services.chapter_context_service import ChapterContextBuilder, FocusedMemoryRetriever
 from app.models.chapter import Chapter
 from app.models.project import Project
@@ -54,39 +55,6 @@ logger = get_logger(__name__)
 db_write_locks: dict[str, Lock] = {}


-async def verify_project_access(project_id: str, user_id: str, db: AsyncSession) -> Project:
-    """
-    验证用户是否有权访问指定项目
-    
-    Args:
-        project_id: 项目ID
-        user_id: 用户ID
-        db: 数据库会话
-        
-    Returns:
-        Project: 项目对象
-        
-    Raises:
-        HTTPException: 401 未登录，404 项目不存在或无权访问
-    """
-    if not user_id:
-        raise HTTPException(status_code=401, detail="未登录")
-    
-    result = await db.execute(
-        select(Project).where(
-            Project.id == project_id,
-            Project.user_id == user_id
-        )
-    )
-    project = result.scalar_one_or_none()
-    
-    if not project:
-        logger.warning(f"项目访问被拒绝: project_id={project_id}, user_id={user_id}")
-        raise HTTPException(status_code=404, detail="项目不存在或无权访问")
-    
-    return project
-
-
 async def get_db_write_lock(user_id: str) -> Lock:
    """获取或创建用户的数据库写入锁"""
    if user_id not in db_write_locks: