zeroHYH/2026CoreBackendTest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
1 commit 1 branch 0 tags 71 KiB
  • Python 100%
Find a file
Exact
zeroHYH 22dab829ce first commit
2026-04-11 14:28:43 +08:00
app first commit 2026-04-11 14:28:43 +08:00
tests first commit 2026-04-11 14:28:43 +08:00
.gitignore first commit 2026-04-11 14:28:43 +08:00
pyproject.toml first commit 2026-04-11 14:28:43 +08:00
README.md first commit 2026-04-11 14:28:43 +08:00
sms_auth_api.py first commit 2026-04-11 14:28:43 +08:00
stage1-design.md first commit 2026-04-11 14:28:43 +08:00
stage1-student-task-book.md first commit 2026-04-11 14:28:43 +08:00
stage2-student-task-book.md first commit 2026-04-11 14:28:43 +08:00
uniform_login_des.py first commit 2026-04-11 14:28:43 +08:00
uv.lock first commit 2026-04-11 14:28:43 +08:00

README.md

2026 Core Backend Test

FastAPI + SQLModel + SQLite implementation for:

  • Stage 1 design scope (student/admin/handler core APIs)
  • Stage 2 assignment API rules
  • Unified CAS SMS login integration based on sms_auth_api.py

Tech Stack

  • FastAPI
  • SQLModel
  • SQLite
  • uv (environment and dependency management)
  • pytest

Project Structure

  • app/main.py: FastAPI app entrypoint
  • app/config.py: Settings
  • app/db.py: DB engine/session dependencies
  • app/models.py: SQLModel tables and enums
  • app/schemas.py: Request/response schemas
  • app/auth/router.py: /auth endpoints and JWT issuing
  • app/auth/deps.py: current user and role guards
  • app/api/student.py: student APIs
  • app/api/admin.py: admin APIs (includes assignment)
  • app/api/handler.py: handler APIs
  • sms_auth_api.py: CAS SMS auth upstream flow source
  • tests/: test suite

Quick Start (uv)

  1. Install dependencies:
uv sync --dev
  1. Run server:
uv run uvicorn app.main:app --reload
  1. Run tests:
uv run pytest -q

Authentication

CAS SMS flow

  • POST /auth/code : get image captcha
  • POST /auth/sms : request SMS code
  • POST /auth/login : CAS SMS login and issue JWT

/auth/login behavior:

  • Reuses sms_auth_api.py login logic to fetch SDU user info
  • Upserts local User by sduid
  • Issues JWT for business APIs

Use header for protected APIs:

Authorization: Bearer <access_token>

Role Scope

  • student: create/list/view own tickets, append notes
  • admin: list/manage tickets, assign/reassign tickets, update user role
  • handler: list own assigned tickets, start processing, close tickets

Implemented APIs

Student

  • POST /tickets
  • GET /tickets
  • GET /tickets/{ticket_id}
  • POST /tickets/{ticket_id}/notes

Admin

  • GET /admin/tickets
  • GET /admin/tickets/{ticket_id}
  • POST /admin/tickets/{ticket_id}/assignments
  • PUT /admin/users/{user_id}/role

Handler

  • GET /handler/tickets
  • GET /handler/tickets/{ticket_id}
  • POST /handler/tickets/{ticket_id}/start
  • POST /handler/tickets/{ticket_id}/close

Stage 2 Assignment Rules Implemented

The endpoint POST /admin/tickets/{ticket_id}/assignments enforces:

  1. Only admin can assign.
  2. Ticket must exist.
  3. Target handler must exist.
  4. Target user must have handler role.
  5. Supports first assignment and reassignment.
  6. Allowed source states: pending, assigned, in_progress.
  7. closed cannot be assigned.
  8. Always updates current_handler_id.
  9. Always appends TicketAssignmentHistory.

State transitions:

  • pending -> assigned
  • assigned -> assigned
  • in_progress -> assigned

Notes

  • SQLite DB file defaults to ./app.db.
  • CAS upstream depends on external SDU services; tests do not require live CAS calls.