refactor: Phase 2 - rename routes to RESTful style

2026-02-26 13:41:32 +08:00
parent 4b707c7da1
commit 3cab7b03f7
6 changed files with 143 additions and 107 deletions
@@ -8,18 +8,17 @@ from fastapi import HTTPException
 from core.auth.models import CurrentUser
 from v1.auth.rate_limit import enforce_rate_limit
 from v1.auth.dependencies import get_auth_service
-from v1.profile.dependencies import get_current_user
+from v1.users.dependencies import get_current_user
 from v1.auth.schemas import (
-    AuthResendCodeResponse,
-    AuthSignupStartResponse,
-    AuthTokenResponse,
-    AuthUserByEmailResponse,
-    LoginRequest,
-    LogoutRequest,
-    RefreshRequest,
-    SignupResendRequest,
-    SignupStartRequest,
-    SignupVerifyRequest,
+    SessionCreateRequest,
+    SessionDeleteRequest,
+    SessionRefreshRequest,
+    SessionResponse,
+    UserByEmailResponse,
+    VerificationCreateRequest,
+    VerificationCreateResponse,
+    VerificationResendRequest,
+    VerificationVerifyRequest,
 )
 from v1.auth.service import AuthService

@@ -27,79 +26,82 @@ from v1.auth.service import AuthService
 router = APIRouter(prefix="/auth", tags=["auth"])


-@router.post("/signup/start", response_model=AuthSignupStartResponse, status_code=202)
-async def signup_start(
-    payload: SignupStartRequest,
+@router.post(
+    "/verifications", response_model=VerificationCreateResponse, status_code=202
+)
+async def create_verification(
+    payload: VerificationCreateRequest,
    service: AuthService = Depends(get_auth_service),
-) -> AuthSignupStartResponse:
+) -> VerificationCreateResponse:
    await enforce_rate_limit(
        scope="signup_start",
        identifier=payload.email,
        limit=5,
        window_seconds=60,
    )
-    return await service.signup_start(payload)
+    return await service.create_verification(payload)


-@router.post("/signup/verify", response_model=AuthTokenResponse)
-async def signup_verify(
-    payload: SignupVerifyRequest,
+@router.post("/verifications/verify", response_model=SessionResponse)
+async def verify_verification(
+    payload: VerificationVerifyRequest,
    service: AuthService = Depends(get_auth_service),
-) -> AuthTokenResponse:
+) -> SessionResponse:
    await enforce_rate_limit(
        scope="signup_verify",
        identifier=payload.email,
        limit=10,
        window_seconds=600,
    )
-    return await service.signup_verify(payload)
+    return await service.verify_verification(payload)


-@router.post("/signup/resend", response_model=AuthResendCodeResponse)
-async def signup_resend(
-    payload: SignupResendRequest,
+@router.post("/verifications/resend", status_code=204)
+async def resend_verification(
+    payload: VerificationResendRequest,
    service: AuthService = Depends(get_auth_service),
-) -> AuthResendCodeResponse:
+) -> Response:
    await enforce_rate_limit(
        scope="signup_resend",
        identifier=payload.email,
        limit=5,
        window_seconds=60,
    )
-    return await service.signup_resend(payload)
+    await service.resend_verification(payload)
+    return Response(status_code=204)


-@router.post("/login", response_model=AuthTokenResponse)
-async def login(
-    payload: LoginRequest,
+@router.post("/sessions", response_model=SessionResponse)
+async def create_session(
+    payload: SessionCreateRequest,
    service: AuthService = Depends(get_auth_service),
-) -> AuthTokenResponse:
+) -> SessionResponse:
    await enforce_rate_limit(
        scope="login",
        identifier=payload.email,
        limit=10,
        window_seconds=60,
    )
-    return await service.login(payload)
+    return await service.create_session(payload)


-@router.post("/refresh", response_model=AuthTokenResponse)
-async def refresh(
-    payload: RefreshRequest,
+@router.post("/sessions/refresh", response_model=SessionResponse)
+async def refresh_session(
+    payload: SessionRefreshRequest,
    service: AuthService = Depends(get_auth_service),
-) -> AuthTokenResponse:
+) -> SessionResponse:
    await enforce_rate_limit(
        scope="refresh",
        identifier=payload.refresh_token,
        limit=10,
        window_seconds=60,
    )
-    return await service.refresh(payload)
+    return await service.refresh_session(payload)


-@router.post("/logout", status_code=204)
-async def logout(
-    payload: LogoutRequest,
+@router.delete("/sessions", status_code=204)
+async def delete_session(
+    payload: SessionDeleteRequest,
    service: AuthService = Depends(get_auth_service),
 ) -> Response:
    await enforce_rate_limit(
@@ -108,16 +110,16 @@ async def logout(
        limit=10,
        window_seconds=60,
    )
-    await service.logout(payload.refresh_token)
+    await service.delete_session(payload.refresh_token)
    return Response(status_code=204)


-@router.get("/users/by-email", response_model=AuthUserByEmailResponse)
+@router.get("/users", response_model=UserByEmailResponse)
 async def get_user_by_email(
    email: str,
    current_user: Annotated[CurrentUser, Depends(get_current_user)],
    service: AuthService = Depends(get_auth_service),
-) -> AuthUserByEmailResponse:
+) -> UserByEmailResponse:
    if current_user.role != "service_role" and current_user.email != email:
        raise HTTPException(status_code=403, detail="Forbidden")
    return await service.get_user_by_email(email)