Document secure secrets and prune unused assets

2026-02-20 20:10:14 +00:00 · 2025-12-13 01:35:56 +08:00
parent c4bb32b163
commit 1adf30d476
28 changed files with 157 additions and 1451 deletions
--- a/backend/routers/auth.py
+++ b/backend/routers/auth.py
@@ -5,14 +5,17 @@ from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy import select
 from datetime import timedelta
+import logging

 from database import get_db
 from models import User, SystemConfig
 from schemas import UserCreate, UserLogin, Token, UserResponse
 from utils import hash_password, verify_password, create_access_token
+from rate_limit import limiter
 from services.auth_service import get_current_user

 router = APIRouter()
+logger = logging.getLogger(__name__)


@router.post("/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
@@ -61,6 +64,7 @@ async def register(


@router.post("/login", response_model=Token)
+@limiter.limit("5/minute")
 async def login(
    user_data: UserLogin,
    db: AsyncSession = Depends(get_db)
@@ -86,8 +90,7 @@ async def login(
        data={"sub": str(user.id)}  # JWT 'sub' must be a string
    )

-    print(f"✅ Login successful: user={user.username}, id={user.id}")
-    print(f"🔑 Generated token (first 50 chars): {access_token[:50]}...")
+    logger.info("Login successful", extra={"user_id": user.id})

    return {
        "access_token": access_token,