添加授权依赖

app/core/auth.py

@@ -0,0 +1,58 @@
+"""权限校验依赖
+
+Usage:
+    from app.core.auth import require_login, func_permission
+
+    # 仅需登录
+    @router.get("/profile")
+    async def get_profile(user_id: int = Depends(require_login)):
+        ...
+
+    # 需要功能权限（校验 + 扣库存，异常自动回退）
+    @router.post("/ai/generate")
+    async def generate(_: None = Depends(func_permission("ai:generate"))):
+        ...
+"""
+
+from fastapi import HTTPException
+
+from app.core.context import RequestContext
+from app.core.database import get_db
+from app.core.logger import log
+
+
+async def require_login() -> int:
+    """要求登录，返回 user_id"""
+    user_id = RequestContext.user_id.get(None)
+    if user_id is None:
+        raise HTTPException(status_code=401, detail="未经授权，请登录")
+    return user_id
+
+
+def func_permission(func_code: str):
+    """功能权限校验：校验权限 + 扣库存 → 执行业务 → 异常回退"""
+
+    async def dependency():
+        user_id = await require_login()
+
+        from app.services.func_permission_service import FuncPermissionService
+
+        # 事务1：校验 + 扣库存
+        async for session in get_db():
+            service = FuncPermissionService(session)
+            log.info(f"功能权限校验 userId:{user_id} funcCode:{func_code}")
+            log_id = await service.check_and_deduct(user_id, func_code)
+
+        try:
+            yield
+        except Exception as e:
+            # 事务2：回滚
+            log.warning(
+                f"业务异常，回退使用记录 logId:{log_id} userId:{user_id} funcCode:{func_code}"
+            )
+            async for session in get_db():
+                service = FuncPermissionService(session)
+                await service.rollback_usage(log_id, user_id, func_code)
+            raise
+
+    return dependency