feat: 多用户系统改造（数据模型 + 认证 API）

backend/authentication/serializers.py

@@ -0,0 +1,34 @@
+from rest_framework import serializers
+from django.contrib.auth.models import User
+from django.contrib.auth import authenticate
+
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ['id', 'username', 'email', 'date_joined']
+        read_only_fields = ['date_joined']
+
+class RegisterSerializer(serializers.ModelSerializer):
+    password = serializers.CharField(write_only=True, min_length=6)
+    
+    class Meta:
+        model = User
+        fields = ['username', 'email', 'password']
+    
+    def create(self, validated_data):
+        user = User.objects.create_user(
+            username=validated_data['username'],
+            email=validated_data.get('email', ''),
+            password=validated_data['password']
+        )
+        return user
+
+class LoginSerializer(serializers.Serializer):
+    username = serializers.CharField()
+    password = serializers.CharField(write_only=True)
+    
+    def validate(self, data):
+        user = authenticate(**data)
+        if user and user.is_active:
+            return user
+        raise serializers.ValidationError("用户名或密码错误")

backend/authentication/urls.py

@@ -0,0 +1,9 @@
+from django.urls import path
+from .views import RegisterView, LoginView, LogoutView, CurrentUserView
+
+urlpatterns = [
+    path('register/', RegisterView.as_view(), name='register'),
+    path('login/', LoginView.as_view(), name='login'),
+    path('logout/', LogoutView.as_view(), name='logout'),
+    path('me/', CurrentUserView.as_view(), name='current-user'),
+]

backend/authentication/views.py

@@ -0,0 +1,54 @@
+from rest_framework import generics, permissions, status
+from rest_framework.response import Response
+from rest_framework.authtoken.serializers import AuthTokenSerializer
+from django.contrib.auth import login, logout
+from django.contrib.auth.models import User
+from .serializers import UserSerializer, RegisterSerializer, LoginSerializer
+
+class RegisterView(generics.CreateAPIView):
+    """用户注册"""
+    serializer_class = RegisterSerializer
+    permission_classes = [permissions.AllowAny]
+    
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        user = serializer.save()
+        
+        return Response({
+            'user': UserSerializer(user).data,
+            'message': '注册成功'
+        }, status=status.HTTP_201_CREATED)
+
+class LoginView(generics.GenericAPIView):
+    """用户登录"""
+    serializer_class = LoginSerializer
+    permission_classes = [permissions.AllowAny]
+    
+    def post(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        user = serializer.validated_data
+        
+        login(request, user)
+        
+        return Response({
+            'user': UserSerializer(user).data,
+            'message': '登录成功'
+        })
+
+class LogoutView(generics.GenericAPIView):
+    """用户登出"""
+    permission_classes = [permissions.IsAuthenticated]
+    
+    def post(self, request, *args, **kwargs):
+        logout(request)
+        return Response({'message': '登出成功'})
+
+class CurrentUserView(generics.RetrieveAPIView):
+    """当前用户信息"""
+    serializer_class = UserSerializer
+    permission_classes = [permissions.IsAuthenticated]
+    
+    def get_object(self):
+        return self.request.user