修改接口调用数据库操作实现异步

.gitignore

@@ -0,0 +1,15 @@
+# Python缓存文件
+# __pycache__/
+# *.py[cod]
+# *$py.class
+# *.so
+
+# 特定目录下的缓存文件（可选）
+app/__pycache__
+app/*/__pycache__/
+app/*/*/__pycache__/
+
+# 或者更通用的匹配所有__pycache__
+# **/__pycache__/
+
+*.db

app/api/v1/admin.py

@@ -1,19 +1,18 @@
 # app/api/admin.py
 from fastapi import APIRouter, Depends, HTTPException
 from fastapi.responses import JSONResponse
-from sqlalchemy.orm import Session
+from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy import text
-import json
 
 from ..dependencies.auth import get_current_user
 from ..models.user import User
-from ..database import get_db
+from ..database import get_async_db
 
 router = APIRouter(prefix="/admin", tags=["admin"])
 
 @router.get("/database/tables")
 async def get_database_tables(
-    db: Session = Depends(get_db),
+    db: AsyncSession = Depends(get_async_db),
     current_user: User = Depends(get_current_user)
 ):
     """获取所有表（需要管理员权限）"""
@@ -47,7 +46,7 @@ async def get_database_tables(
 async def get_table_data(
     table_name: str,
     limit: int = 100,
-    db: Session = Depends(get_db),
+    db: AsyncSession = Depends(get_async_db),
     current_user: User = Depends(get_current_user)
 ):
     """获取表数据（需要管理员权限）"""
@@ -111,7 +110,7 @@ async def get_table_data(
 @router.post("/database/query")
 async def execute_custom_query(
     query: str,
-    db: Session = Depends(get_db),
+    db: AsyncSession = Depends(get_async_db),
     current_user: User = Depends(get_current_user)
 ):
     """执行自定义查询（需要管理员权限，生产环境请谨慎）"""

app/api/v1/auth.py

@@ -1,8 +1,7 @@
 # app/api/v1/auth.py
 from fastapi import APIRouter, HTTPException, status, Request, Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
-from sqlalchemy.orm import Session
-from typing import Optional
+from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.schemas.user import UserCreate, UserLogin
 from app.schemas.token import TokenResponse, RefreshTokenRequest
@@ -12,7 +11,7 @@ from app.core.security import (
     verify_access_token
 )
 from app.config import settings
-from app.database import get_db
+from app.database import get_async_db
 from app.models.user import User
 from app.services.user_service import UserService
 
@@ -32,7 +31,7 @@ logger = logging.getLogger(__name__)
 async def register(
     user_data: UserCreate,
     request: Request,
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """用户注册"""
     user_service = UserService(db)
@@ -98,7 +97,7 @@ async def register(
 async def login(
     login_data: UserLogin,
     request: Request,
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """用户登录"""
     user_service = UserService(db)
@@ -174,7 +173,7 @@ async def login(
 @router.get("/me")
 async def get_current_user(
     credentials: HTTPAuthorizationCredentials = Depends(security),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """获取当前用户信息"""
     token = credentials.credentials
@@ -221,7 +220,7 @@ async def get_current_user(
 @router.post("/refresh")
 async def refresh_token(
     refresh_data: RefreshTokenRequest,
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """刷新访问令牌"""
     refresh_token = refresh_data.refresh_token
@@ -277,7 +276,7 @@ async def refresh_token(
 @router.post("/logout")
 async def logout(
     refresh_data: RefreshTokenRequest,
-    db: Session = Depends(get_db),
+    db: AsyncSession = Depends(get_async_db),
     credentials: HTTPAuthorizationCredentials = Depends(security)
 ):
     """用户登出"""
@@ -286,7 +285,7 @@ async def logout(
     return {"message": "登出成功"}
 
 @router.get("/test-db")
-async def test_database(db: Session = Depends(get_db)):
+async def test_database(db: AsyncSession = Depends(get_async_db)):
     """测试数据库连接和用户统计"""
     user_service = UserService(db)
     

app/api/v1/users.py

@@ -1,11 +1,11 @@
 # app/api/v1/users.py
 from fastapi import APIRouter, Depends, HTTPException, status, Query
-from sqlalchemy.orm import Session
+from sqlalchemy.ext.asyncio import AsyncSession
 from typing import List, Optional
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 
 from app.schemas.user import UserProfile, UserUpdate, PasswordChange
-from app.database import get_db
+from app.database import get_async_db  # 使用异步依赖
 from app.services.user_service import UserService
 from app.core.security import password_validator
 
@@ -17,11 +17,13 @@ from app.config import settings
 router = APIRouter(prefix="/users", tags=["用户管理"])
 security = HTTPBearer()
 
-def get_current_user(
+
+# ==================== 异步认证依赖 ====================
+async def get_current_user(
     credentials: HTTPAuthorizationCredentials = Depends(security),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)  # 异步Session
 ):
-    """获取当前用户依赖"""
+    """获取当前用户依赖（异步版本）"""
     token = credentials.credentials
     
     # 验证令牌
@@ -33,8 +35,14 @@ def get_current_user(
         )
     
     username = payload.get("sub")
+    if not username:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="令牌无效"
+        )
+    
     user_service = UserService(db)
-    user = user_service.get_user_by_username(username)
+    user = await user_service.get_user_by_username(username)  # 使用await
     
     if not user:
         raise HTTPException(
@@ -50,38 +58,33 @@ def get_current_user(
     
     return user
 
+
+# ==================== 用户个人资料相关 ====================
 @router.get("/me", response_model=UserProfile)
 async def get_my_profile(
     current_user = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)  # 异步Session
 ):
     """获取我的资料"""
-    user_service = UserService(db)
-    user = await user_service.get_user_by_id(current_user.id)
-    
-    if not user:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="用户不存在"
-        )
-    
+    # 直接从current_user获取，无需再查询数据库
     return UserProfile(
-        id=user.id,
-        username=user.username,
-        email=user.email,
-        full_name=user.full_name,
-        is_active=user.is_active,
-        is_verified=user.is_verified,
-        created_at=user.created_at,
-        last_login=user.last_login,
-        avatar=user.avatar
+        id=current_user.id,
+        username=current_user.username,
+        email=current_user.email,
+        full_name=current_user.full_name,
+        is_active=current_user.is_active,
+        is_verified=current_user.is_verified,
+        created_at=current_user.created_at,
+        last_login=current_user.last_login,
+        avatar=current_user.avatar
     )
 
+
 @router.put("/me", response_model=UserProfile)
 async def update_my_profile(
     user_data: UserUpdate,
     current_user = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """更新我的资料"""
     user_service = UserService(db)
@@ -97,6 +100,7 @@ async def update_my_profile(
                 detail="邮箱已被使用"
             )
     
+    # 更新用户信息
     updated_user = await user_service.update_user(current_user.id, update_dict)
     
     if not updated_user:
@@ -117,11 +121,12 @@ async def update_my_profile(
         avatar=updated_user.avatar
     )
 
+
 @router.post("/me/change-password")
 async def change_password(
     password_data: PasswordChange,
     current_user = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """修改密码"""
     user_service = UserService(db)
@@ -147,13 +152,15 @@ async def change_password(
             detail=str(e)
         )
 
+
+# ==================== 管理员操作 ====================
 @router.get("/", response_model=List[UserProfile])
 async def list_users(
     skip: int = Query(0, ge=0),
     limit: int = Query(100, ge=1, le=100),
     active_only: bool = Query(True),
     current_user = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """获取用户列表（需要管理员权限）"""
     if not current_user.is_superuser:
@@ -180,13 +187,14 @@ async def list_users(
         for user in users
     ]
 
+
 @router.get("/{user_id}", response_model=UserProfile)
 async def get_user(
     user_id: int,
     current_user = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
-    """获取单个用户信息（需要管理员权限查看其他用户）"""
+    """获取单个用户信息"""
     user_service = UserService(db)
     
     # 普通用户只能查看自己的信息
@@ -196,6 +204,7 @@ async def get_user(
             detail="只能查看自己的用户信息"
         )
     
+    # 管理员可以查看任何人，普通用户只能查看自己（前面已校验）
     user = await user_service.get_user_by_id(user_id)
     
     if not user:
@@ -216,11 +225,12 @@ async def get_user(
         avatar=user.avatar
     )
 
+
 @router.delete("/{user_id}")
 async def delete_user(
     user_id: int,
     current_user = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ):
     """删除用户（需要管理员权限）"""
     if not current_user.is_superuser:
@@ -247,11 +257,12 @@ async def delete_user(
     
     return {"message": "用户已禁用"}
 
+
 @router.get("/test")
 async def test_users():
     """测试用户管理 API"""
     return {
-        "message": "用户管理 API 正常运行（使用 SQLite 数据库）",
+        "message": "用户管理 API 正常运行（使用 SQLite 数据库异步版本）",
         "endpoints": {
             "GET /me": "获取我的资料",
             "PUT /me": "更新我的资料",
@@ -259,5 +270,7 @@ async def test_users():
             "GET /": "获取用户列表（管理员）",
             "GET /{user_id}": "获取单个用户",
             "DELETE /{user_id}": "删除用户（管理员）"
-        }
+        },
+        "async": True,
+        "database": "异步SQLAlchemy 2.0"
     }

app/config.py

@@ -11,7 +11,10 @@ class Settings:
     # 项目配置
     PROJECT_NAME: str = os.getenv("PROJECT_NAME", "CaiYouHui 采油会")
     VERSION: str = os.getenv("VERSION", "1.0.0")
+
+    # API配置
     API_V1_PREFIX: str = os.getenv("API_V1_PREFIX", "/api/v1")
+    APP_RUN_PORT: int = int(os.getenv("APP_RUN_PORT", "10003"))
     
     # 安全配置
     SECRET_KEY: str = os.getenv("SECRET_KEY", secrets.token_urlsafe(32))
@@ -19,8 +22,8 @@ class Settings:
     ACCESS_TOKEN_EXPIRE_MINUTES: int = int(os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "1440"))  # 24小时
     
     # 数据库配置 - SQLite
-    DATABASE_URL: str = os.getenv("DATABASE_URL", "sqlite:///./caiyouhui.db")
-    
+    DATABASE_URL: str = os.getenv("DATABASE_URL", "sqlite+aiosqlite:///./caiyouhui.db")
+
     # CORS 配置
     BACKEND_CORS_ORIGINS: List[str] = os.getenv(
         "BACKEND_CORS_ORIGINS", 
@@ -29,11 +32,19 @@ class Settings:
     
     # 调试模式
     DEBUG: bool = os.getenv("DEBUG", "True").lower() == "true"
-    
+
+    # 日志配置
+    LOG_LEVEL: str = os.getenv("LOG_LEVEL", "INFO")
+    LOG_FILE: str = os.getenv("LOG_FILE", "logs/app.log")
+
     # 文件上传
     UPLOAD_DIR: str = os.getenv("UPLOAD_DIR", "./uploads")
     MAX_UPLOAD_SIZE: int = int(os.getenv("MAX_UPLOAD_SIZE", "10485760"))  # 10MB
-    
+
+    # 性能配置
+    DATABASE_POOL_SIZE: int = 20
+    DATABASE_MAX_OVERFLOW: int = 10
+
     # 邮箱验证（可选，后续添加）
     SMTP_ENABLED: bool = os.getenv("SMTP_ENABLED", "False").lower() == "true"
     SMTP_HOST: str = os.getenv("SMTP_HOST", "")

app/core/auth.py

@@ -1,6 +1,6 @@
 from passlib.context import CryptContext
 from jose import JWTError, jwt
-from datetime import datetime, timedelta
+from datetime import datetime, timezone, timedelta
 from typing import Optional, Dict, Any, Union
 import secrets
 import string
@@ -23,9 +23,9 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
     to_encode = data.copy()
     
     if expires_delta:
-        expire = datetime.utcnow() + expires_delta
+        expire = datetime.now(timezone.utc) + expires_delta
     else:
-        expire = datetime.utcnow() + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+        expire = datetime.now(timezone.utc) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
     
     to_encode.update({"exp": expire, "type": "access"})
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
@@ -34,7 +34,7 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
 def create_refresh_token(data: dict) -> str:
     """创建刷新令牌"""
     to_encode = data.copy()
-    expire = datetime.utcnow() + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS)
+    expire = datetime.now(timezone.utc) + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS)
     
     to_encode.update({"exp": expire, "type": "refresh"})
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
@@ -43,7 +43,7 @@ def create_refresh_token(data: dict) -> str:
 def create_verification_token(email: str) -> str:
     """创建验证令牌"""
     to_encode = {"email": email, "type": "verify"}
-    expire = datetime.utcnow() + timedelta(hours=settings.VERIFICATION_TOKEN_EXPIRE_HOURS)
+    expire = datetime.now(timezone.utc) + timedelta(hours=settings.VERIFICATION_TOKEN_EXPIRE_HOURS)
     
     to_encode.update({"exp": expire})
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
@@ -52,7 +52,7 @@ def create_verification_token(email: str) -> str:
 def create_reset_token(email: str) -> str:
     """创建密码重置令牌"""
     to_encode = {"email": email, "type": "reset"}
-    expire = datetime.utcnow() + timedelta(minutes=settings.RESET_TOKEN_EXPIRE_MINUTES)
+    expire = datetime.now(timezone.utc) + timedelta(minutes=settings.RESET_TOKEN_EXPIRE_MINUTES)
     
     to_encode.update({"exp": expire})
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)

app/core/security.py

@@ -6,7 +6,7 @@ import hmac
 import time
 import json
 from typing import Optional, Dict, Any, Tuple
-from datetime import datetime, timedelta
+from datetime import datetime, timezone, timedelta
 import re
 
 # 密码哈希工具
@@ -165,16 +165,16 @@ class JWTManager:
         
         # 设置过期时间
         if expires_delta:
-            expire = datetime.utcnow() + expires_delta
+            expire = datetime.now(timezone.utc) + expires_delta
         elif expires_minutes:
-            expire = datetime.utcnow() + timedelta(minutes=expires_minutes)
+            expire = datetime.now(timezone.utc) + timedelta(minutes=expires_minutes)
         else:
-            expire = datetime.utcnow() + timedelta(minutes=30)  # 默认30分钟
+            expire = datetime.now(timezone.utc) + timedelta(minutes=30)  # 默认30分钟
         
         # 添加标准声明
         payload.update({
             "exp": int(expire.timestamp()),
-            "iat": int(datetime.utcnow().timestamp()),
+            "iat": int(datetime.now(timezone.utc).timestamp()),
             "iss": "caiyouhui-api",
             "type": token_type
         })

app/database.py

@@ -1,64 +1,139 @@
 # app/database.py
-from sqlalchemy import create_engine
-from sqlalchemy.orm import sessionmaker, Session
-from sqlalchemy.ext.declarative import declarative_base
-from contextlib import contextmanager
-from typing import Generator
-import os
+from sqlalchemy.orm import DeclarativeBase
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine, AsyncEngine
+from contextlib import asynccontextmanager
+from typing import AsyncGenerator
 
 from .config import settings
 
-# 创建数据库引擎
-engine = create_engine(
-    settings.DATABASE_URL,
-    connect_args={"check_same_thread": False} if "sqlite" in settings.DATABASE_URL else {},
-    echo=settings.DEBUG
+
+# ====================== 1. 基类定义 ======================
+class Base(DeclarativeBase):
+    """SQLAlchemy 2.0 声明式基类"""
+    pass
+
+
+# ====================== 2. 异步URL转换 ======================
+def ensure_async_url(database_url: str) -> str:
+    """确保使用异步数据库URL"""
+    # 如果已经是异步URL，直接返回
+    if any(x in database_url for x in ["+asyncpg", "+aiomysql", "+aiosqlite"]):
+        return database_url
+    
+    # 转换同步URL为异步URL
+    if database_url.startswith("postgresql://"):
+        return database_url.replace("postgresql://", "postgresql+asyncpg://")
+    elif database_url.startswith("mysql://"):
+        return database_url.replace("mysql://", "mysql+aiomysql://")
+    elif database_url.startswith("sqlite://"):
+        return database_url.replace("sqlite://", "sqlite+aiosqlite://")
+    else:
+        raise ValueError(f"不支持的数据库类型: {database_url}")
+
+
+# ====================== 3. 异步引擎配置 ======================
+async_database_url = ensure_async_url(settings.DATABASE_URL)
+
+# 连接参数
+connect_args = {}
+if "sqlite+aiosqlite" in async_database_url:
+    connect_args = {"check_same_thread": False}
+
+async_engine: AsyncEngine = create_async_engine(
+    async_database_url,
+    connect_args=connect_args,
+    echo=settings.DEBUG,
+    pool_size=20,
+    max_overflow=10,
+    pool_pre_ping=True,
+    future=True,  # 启用2.0特性
 )
 
-# 创建会话工厂
-SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 
-# 声明基类
-Base = declarative_base()
+# ====================== 4. 异步会话工厂 ======================
+AsyncSessionLocal = async_sessionmaker(
+    bind=async_engine,
+    class_=AsyncSession,
+    expire_on_commit=False,
+    autoflush=False,
+)
+
 
-def get_db() -> Generator[Session, None, None]:
-    """数据库会话依赖注入"""
-    db = SessionLocal()
+# ====================== 5. 异步依赖注入 ======================
+async def get_async_db() -> AsyncGenerator[AsyncSession, None]:
+    """
+    FastAPI兼容的异步数据库依赖
+    注意：移除了@asynccontextmanager装饰器
+    """
+    session = AsyncSessionLocal()
     try:
-        yield db
+        yield session
+        await session.commit()
+    except Exception:
+        await session.rollback()
+        raise
     finally:
-        db.close()
+        await session.close()
 
-def init_db():
-    """初始化数据库表"""
+
+# ====================== 6. 数据库初始化 ======================
+async def init_async_db():
+    """异步初始化数据库"""
     from .models.user import User
-    Base.metadata.create_all(bind=engine)
+    from sqlalchemy import select
+    from .core.security import password_hasher
+    
+    # 创建表
+    async with async_engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)
     print("✅ 数据库表创建完成")
     
     # 创建默认管理员用户
-    db = SessionLocal()
+    async with AsyncSessionLocal() as session:
+        try:
+            # 异步查询
+            stmt = select(User).where(User.username == "admin")
+            result = await session.execute(stmt)
+            admin = result.scalar_one_or_none()
+            
+            if not admin:
+                admin_user = User(
+                    username="admin",
+                    email="admin@caiyouhui.com",
+                    hashed_password=password_hasher.hash_password("Admin123!"),
+                    full_name="系统管理员",
+                    is_active=True,
+                    is_verified=True,
+                    is_superuser=True
+                )
+                session.add(admin_user)
+                await session.commit()
+                print("✅ 默认管理员用户已创建")
+        except Exception as e:
+            print(f"⚠️  创建管理员用户时出错: {e}")
+            await session.rollback()
+
+
+# ====================== 7. 连接健康检查 ======================
+async def check_async_connection():
+    """检查数据库连接"""
+    from sqlalchemy import text  # 需要导入text
     try:
-        # 检查是否已存在管理员
-        admin = db.query(User).filter(User.username == "admin").first()
-        if not admin:
-            from .core.security import password_hasher
-            admin_user = User(
-                username="admin",
-                email="admin@caiyouhui.com",
-                hashed_password=password_hasher.hash_password("Admin123!"),
-                full_name="系统管理员",
-                is_active=True,
-                is_verified=True,
-                is_superuser=True
-            )
-            db.add(admin_user)
-            db.commit()
-            print("✅ 默认管理员用户已创建")
+        async with async_engine.connect() as conn:
+            await conn.execute(text("SELECT 1"))
+        print("✅ 数据库连接正常")
+        return True
     except Exception as e:
-        print(f"⚠️  创建管理员用户时出错: {e}")
-        db.rollback()
-    finally:
-        db.close()
+        print(f"❌ 数据库连接失败: {e}")
+        return False
+
 
-# 导出
-__all__ = ["Base", "engine", "SessionLocal", "get_db", "init_db"]
+# ====================== 8. 导出 ======================
+__all__ = [
+    "Base",
+    "async_engine", 
+    "AsyncSessionLocal",
+    "get_async_db",
+    "init_async_db",
+    "check_async_connection",
+]

app/dependencies/auth.py

@@ -1,10 +1,10 @@
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
-from sqlalchemy.orm import Session
+from sqlalchemy.ext.asyncio import AsyncSession
 from jose import JWTError, jwt
 from typing import Optional
 
-from ..database import get_db
+from ..database import get_async_db
 from ..models.user import User
 from ..schemas.token import TokenData
 from ..config import settings
@@ -16,7 +16,7 @@ oauth2_scheme = OAuth2PasswordBearer(
 
 async def get_current_user(
     token: Optional[str] = Depends(oauth2_scheme),
-    db: Session = Depends(get_db)
+    db: AsyncSession = Depends(get_async_db)
 ) -> Optional[User]:
     """获取当前用户"""
     if not token:

app/dependencies/database.py

@@ -6,7 +6,7 @@ from typing import Generator
 # ✅ 正确导入方式
 from app.database import SessionLocal
 
-def get_db() -> Generator[Session, None, None]:
+def get_async_db() -> Generator[Session, None, None]:
     """数据库会话依赖注入"""
     db = SessionLocal()
     try:

app/logging_config.py

@@ -2,7 +2,7 @@
 import logging
 import logging.handlers  # ✅ 这里导入 handlers
 import os
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 
 def setup_logging_with_rotation():
     """配置带轮转的日志系统"""

app/main.py

@@ -1,43 +1,155 @@
-# app/main.py - 简化版本
-from fastapi import FastAPI
+# app/main.py
+from contextlib import asynccontextmanager
+from fastapi import FastAPI, Request, status
+from fastapi.responses import JSONResponse
 from fastapi.middleware.cors import CORSMiddleware
-from app.logging_config import setup_logging_with_rotation
+from fastapi.exceptions import RequestValidationError
+from fastapi.middleware.gzip import GZipMiddleware
 import logging
-import os
+import time
+import traceback
+import sys
 
 # 配置
-from .config import settings
-
-# 配置日志
-logging.basicConfig(
-    level=logging.INFO,
-    # format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
-    # datefmt='%Y-%m-%d %H:%M:%S',
-    # handlers=[
-    #     logging.StreamHandler(),  # 控制台
-    #     logging.FileHandler('app/logs/app.log', encoding='utf-8')  # 文件
-    # ]
-)
-# 为特定模块设置更详细的日志
-logging.getLogger("app.api.v1").setLevel(logging.DEBUG)
-logging.getLogger("app.core.security").setLevel(logging.DEBUG)
+from app.config import settings
 
+# 设置日志
 logger = logging.getLogger(__name__)
 logger.info("✅ 日志配置完成")
 
-# logger = setup_logging_with_rotation
-
+# ==================== 异步生命周期管理 ====================
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """
+    应用生命周期管理器 - 完全异步
+    启动时初始化资源，关闭时清理资源
+    """
+    # 启动阶段
+    logger.info("🚀 应用启动中...")
+    
+    try:
+        # 1. 初始化数据库
+        from app.database import init_async_db, check_async_connection
+        if await check_async_connection():
+            await init_async_db()
+            logger.info("✅ 数据库初始化完成")
+        else:
+            logger.error("❌ 数据库连接失败")
+            # 可以根据需要决定是否终止启动
+            # raise RuntimeError("数据库连接失败")
+        
+        # 2. 初始化Redis等缓存（可选）
+        # try:
+        #     from app.core.redis import init_redis
+        #     await init_redis()
+        #     logger.info("✅ Redis连接完成")
+        # except ImportError:
+        #     logger.info("ℹ️  Redis未配置，跳过初始化")
+        
+        # 3. 初始化其他服务
+        # try:
+        #     from app.core.security import init_security
+        #     init_security()
+        #     logger.info("✅ 安全模块初始化完成")
+        # except Exception as e:
+        #     logger.warning(f"⚠️  安全模块初始化异常: {e}")
+        
+        logger.info(f"🎉 {settings.PROJECT_NAME} v{settings.VERSION} 启动完成")
+        yield
+        
+    except Exception as e:
+        logger.error(f"🔥 应用启动失败: {e}")
+        logger.error(traceback.format_exc())
+        sys.exit(1)
+    
+    finally:
+        # 关闭阶段
+        logger.info("🛑 应用关闭中...")
+        
+        # 清理资源
+        try:
+            from app.database import async_engine
+            await async_engine.dispose()
+            logger.info("✅ 数据库连接池已清理")
+        except Exception as e:
+            logger.warning(f"⚠️  数据库清理异常: {e}")
+        
+        logger.info("👋 应用已安全关闭")
 
 
-# 创建 FastAPI 应用
+# ==================== 创建FastAPI应用 ====================
 app = FastAPI(
     title=settings.PROJECT_NAME,
     version=settings.VERSION,
+    description=f"""
+    {settings.PROJECT_NAME} API 服务
+    
+    ## 功能特性
+    - ✅ 全异步架构（SQLAlchemy 2.0 + async/await）
+    - 🔒 JWT认证与授权
+    - 📊 性能监控中间件
+    - 🚀 自动API文档
+    
+    ## 环境
+    - **调试模式**: {'开启' if settings.DEBUG else '关闭'}
+    - **数据库**: {settings.DATABASE_URL.split('://')[0] if '://' in settings.DATABASE_URL else '未知'}
+    """,
     docs_url="/docs" if settings.DEBUG else None,
-    redoc_url="/redoc" if settings.DEBUG else None
+    redoc_url="/redoc" if settings.DEBUG else None,
+    openapi_url="/openapi.json" if settings.DEBUG else None,
+    lifespan=lifespan,  # 异步生命周期管理
+    swagger_ui_parameters={
+        "persistAuthorization": True,
+        "displayRequestDuration": True,
+        "filter": True,
+    }
 )
 
-# 配置CORS
+# ==================== 全局异常处理器 ====================
+@app.exception_handler(Exception)
+async def global_exception_handler(request: Request, exc: Exception):
+    """全局异常处理器"""
+    logger.error(f"🔥 未捕获的异常: {exc}", exc_info=True)
+    
+    # 在调试模式下返回详细错误
+    if settings.DEBUG:
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            content={
+                "detail": str(exc),
+                "type": exc.__class__.__name__,
+                "traceback": traceback.format_exc().split('\n'),
+                "path": request.url.path,
+                "method": request.method,
+            }
+        )
+    
+    # 生产环境返回简化错误
+    return JSONResponse(
+        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        content={
+            "detail": "服务器内部错误",
+            "request_id": request.state.get("request_id", "unknown") if hasattr(request.state, "request_id") else "unknown"
+        }
+    )
+
+
+@app.exception_handler(RequestValidationError)
+async def validation_exception_handler(request: Request, exc: RequestValidationError):
+    """请求验证异常处理器"""
+    logger.warning(f"⚠️  请求验证失败: {exc}")
+    
+    return JSONResponse(
+        status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+        content={
+            "detail": exc.errors(),
+            "body": exc.body,
+        }
+    )
+
+
+# ==================== 中间件配置 ====================
+# 1. CORS中间件
 if settings.BACKEND_CORS_ORIGINS:
     app.add_middleware(
         CORSMiddleware,
@@ -45,39 +157,287 @@ if settings.BACKEND_CORS_ORIGINS:
         allow_credentials=True,
         allow_methods=["*"],
         allow_headers=["*"],
+        expose_headers=["*"],
+        max_age=600,  # 预检请求缓存时间（秒）
     )
+    logger.info(f"✅ CORS已启用，允许的源: {settings.BACKEND_CORS_ORIGINS}")
 
-# 导入并注册路由
-try:
-    # 导入所有路由模块
-    # from .api.v1.admin import router as admin_router
-    from .api.v1.auth import router as auth_router
-    from .api.v1.users import router as users_router
-    # from .api.v1.verify import router as verify_router
+# 2. 请求ID中间件（用于日志追踪）
+@app.middleware("http")
+async def add_request_id(request: Request, call_next):
+    """为每个请求添加唯一ID"""
+    import uuid
+    request_id = str(uuid.uuid4())[:8]
+    request.state.request_id = request_id
     
-    # 注册路由
-    app.include_router(auth_router, prefix=settings.API_V1_PREFIX)
-    app.include_router(users_router, prefix=settings.API_V1_PREFIX)
-    # app.include_router(verify_router, prefix=settings.API_V1_PREFIX)
+    response = await call_next(request)
+    response.headers["X-Request-ID"] = request_id
+    return response
+
+
+# 3. 性能监控中间件
+@app.middleware("http")
+async def performance_middleware(request: Request, call_next):
+    """记录请求处理时间"""
+    start_time = time.time()
+    
+    try:
+        response = await call_next(request)
+        process_time = time.time() - start_time
+        
+        # 记录慢请求
+        if process_time > 1.0:  # 超过1秒
+            logger.warning(
+                f"🐌 慢请求: {request.method} {request.url.path} "
+                f"耗时: {process_time:.3f}s "
+                f"状态: {response.status_code} "
+                f"请求ID: {getattr(request.state, 'request_id', 'unknown')}"
+            )
+        elif settings.DEBUG:
+            logger.debug(
+                f"⚡ 请求: {request.method} {request.url.path} "
+                f"耗时: {process_time:.3f}s"
+            )
+        
+        # 添加处理时间到响应头
+        response.headers["X-Process-Time"] = str(process_time)
+        return response
+        
+    except Exception as e:
+        process_time = time.time() - start_time
+        logger.error(
+            f"🔥 请求异常: {request.method} {request.url.path} "
+            f"耗时: {process_time:.3f}s "
+            f"错误: {e}"
+        )
+        raise
+
+
+# 4. GZIP压缩中间件（提升性能）
+app.add_middleware(
+    GZipMiddleware,
+    minimum_size=1000,  # 只压缩大于1KB的响应
+)
+
+
+# ==================== 路由注册 ====================
+def register_routers():
+    """注册所有API路由"""
+    routers = []
     
-    logger.info("✅ API 路由注册成功")
+    # 尝试导入并注册路由模块
+    try:
+        from app.api.v1.auth import router as auth_router
+        routers.append(("认证模块", auth_router))
+    except ImportError as e:
+        logger.warning(f"⚠️  认证路由导入失败: {e}")
     
-except ImportError as e:
-    logger.warning(f"⚠️  部分路由模块未找到: {e}")
+    try:
+        from app.api.v1.users import router as users_router
+        routers.append(("用户管理", users_router))
+    except ImportError as e:
+        logger.warning(f"⚠️  用户路由导入失败: {e}")
+    
+    # 更多路由模块...
+    # try:
+    #     from app.api.v1.admin import router as admin_router
+    #     routers.append(("管理后台", admin_router))
+    # except ImportError:
+    #     pass
+    
+    # 注册所有路由
+    for name, router in routers:
+        app.include_router(router, prefix=settings.API_V1_PREFIX)
+        logger.info(f"✅ 路由注册: {name}")
+    
+    logger.info(f"🎯 共注册 {len(routers)} 个路由模块")
+
 
-# 系统级路由
-@app.get("/health")
+# 调用路由注册
+register_routers()
+
+
+# ==================== 系统级路由 ====================
+@app.get("/health", tags=["系统监控"])
 async def health_check():
-    return {"status": "healthy", "service": settings.PROJECT_NAME}
+    """
+    健康检查端点
+    
+    返回服务健康状态，可用于K8s探针、负载均衡器健康检查等
+    """
+    from app.database import check_async_connection
+    
+    health_status = {
+        "status": "healthy",
+        "service": settings.PROJECT_NAME,
+        "version": settings.VERSION,
+        "timestamp": time.time(),
+        "async": True,
+        "debug": settings.DEBUG,
+    }
+    
+    # 检查数据库连接
+    try:
+        db_healthy = await check_async_connection()
+        health_status["database"] = "healthy" if db_healthy else "unhealthy"
+    except Exception as e:
+        health_status["database"] = f"error: {str(e)}"
+    
+    # 检查Redis连接（可选）
+    # try:
+    #     from app.core.redis import check_redis_connection
+    #     redis_healthy = await check_redis_connection()
+    #     health_status["redis"] = "healthy" if redis_healthy else "unhealthy"
+    # except ImportError:
+    #     health_status["redis"] = "not_configured"
+    # except Exception as e:
+    #     health_status["redis"] = f"error: {str(e)}"
+    
+    # 如果有不健康的服务，返回503
+    if "unhealthy" in health_status.values() or "error" in str(health_status.values()):
+        return JSONResponse(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            content=health_status
+        )
+    
+    return health_status
 
-@app.get("/")
+
+@app.get("/", tags=["系统"])
 async def root():
+    """
+    根端点
+    
+    返回API基本信息和可用端点
+    """
+    # 获取已注册的路由信息
+    routes_info = []
+    for route in app.routes:
+        if hasattr(route, "methods"):
+            routes_info.append({
+                "path": route.path,
+                "methods": list(route.methods) if route.methods else [],
+                "name": route.name or "",
+            })
+    
     return {
-        "message": f"Welcome to {settings.PROJECT_NAME} API",
+        "message": f"欢迎使用 {settings.PROJECT_NAME} API",
         "version": settings.VERSION,
-        "docs": "/docs"
+        "description": "基于FastAPI的现代化异步API服务",
+        "docs": "/docs" if settings.DEBUG else None,
+        "redoc": "/redoc" if settings.DEBUG else None,
+        "health_check": "/health",
+        "async": True,
+        "database": "SQLAlchemy 2.0 Async",
+        "routes_count": len(routes_info),
+        "quick_links": {
+            "认证": f"{settings.API_V1_PREFIX}/auth/login",
+            "用户信息": f"{settings.API_V1_PREFIX}/users/me",
+            "API文档": "/docs" if settings.DEBUG else "未启用",
+        }
     }
 
-if __name__ == "__main__":
+
+@app.get("/metrics", tags=["系统监控"])
+async def metrics():
+    """
+    监控指标端点（可用于Prometheus）
+    
+    返回应用性能指标
+    """
+    import psutil
+    import gc
+    
+    # 内存使用
+    process = psutil.Process()
+    mem_info = process.memory_info()
+    
+    # GC统计
+    gc_counts = gc.get_count()
+    
+    return {
+        "process": {
+            "pid": process.pid,
+            "cpu_percent": process.cpu_percent(),
+            "memory_mb": mem_info.rss / 1024 / 1024,
+            "threads": process.num_threads(),
+        },
+        "gc": {
+            "generation0": gc_counts[0],
+            "generation1": gc_counts[1],
+            "generation2": gc_counts[2],
+        },
+        "python": {
+            "version": sys.version,
+            "implementation": sys.implementation.name,
+        },
+        "timestamp": time.time(),
+    }
+
+
+@app.get("/config", tags=["系统"])
+async def show_config():
+    """
+    显示当前配置（调试用）
+    
+    注意：生产环境建议禁用此端点或限制访问
+    """
+    if not settings.DEBUG:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="仅调试模式下可用"
+        )
+    
+    # 安全地显示配置（隐藏敏感信息）
+    config_dict = {}
+    for key in dir(settings):
+        if not key.startswith("_"):
+            value = getattr(settings, key)
+            
+            # 隐藏敏感信息
+            if any(sensitive in key.lower() for sensitive in ["secret", "key", "password", "token"]):
+                config_dict[key] = "***HIDDEN***"
+            elif "url" in key.lower() and "database" in key.lower():
+                # 显示数据库类型但不显示完整URL
+                db_type = value.split("://")[0] if "://" in value else "unknown"
+                config_dict[key] = f"{db_type}://***HIDDEN***"
+            else:
+                config_dict[key] = value
+    
+    return {
+        "config": config_dict,
+        "environment": settings.ENVIRONMENT,
+        "debug": settings.DEBUG,
+    }
+
+
+# ==================== 启动入口 ====================
+def run_server():
+    """启动服务器（开发模式）"""
     import uvicorn
-    uvicorn.run(app, host="0.0.0.0", port=10003, reload=settings.DEBUG)
+    
+    logger.info("=" * 50)
+    logger.info(f"🚀 启动 {settings.PROJECT_NAME} v{settings.VERSION}")
+    logger.info(f"🐛 调试模式: {settings.DEBUG}")
+    logger.info(f"🌐 主机: 0.0.0.0")
+    logger.info(f"🔌 端口: {settings.APP_RUN_PORT}")
+    logger.info(f"🗄️  数据库: {settings.DATABASE_URL.split('://')[0] if '://' in settings.DATABASE_URL else '未知'}")
+    logger.info("=" * 50)
+    
+    uvicorn.run(
+        app,
+        host="0.0.0.0",
+        port=settings.APP_RUN_PORT,
+        reload=settings.DEBUG,
+        log_level="info" if settings.DEBUG else "warning",
+        access_log=True,
+        use_colors=True,
+        # 优化性能的配置
+        limit_concurrency=1000,
+        limit_max_requests=10000,
+        timeout_keep_alive=5,
+    )
+
+
+if __name__ == "__main__":
+    run_server()

app/models/token.py

@@ -1,7 +1,7 @@
 from sqlalchemy import Column, Integer, String, DateTime, Boolean, ForeignKey
 from sqlalchemy.orm import relationship
 from sqlalchemy.sql import func
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 from ..database import Base
 
 class Token(Base):
@@ -25,7 +25,7 @@ class Token(Base):
     created_at = Column(DateTime(timezone=True), server_default=func.now())
     
     def is_expired(self):
-        return datetime.utcnow() > self.expires_at
+        return datetime.now(timezone.utc) > self.expires_at
     
     def __repr__(self):
         return f"<Token {self.token_type} for user {self.user_id}>"

app/models/user.py

@@ -1,7 +1,9 @@
 # app/models/user.py
 from sqlalchemy import Column, Integer, String, Boolean, DateTime, Text
 from sqlalchemy.sql import func
-from ..database import Base
+
+# 从database.py导入Base（确保是DeclarativeBase）
+from app.database import Base
 
 class User(Base):
     __tablename__ = "users"
@@ -10,6 +12,8 @@ class User(Base):
     username = Column(String(50), unique=True, index=True, nullable=False)
     email = Column(String(100), unique=True, index=True, nullable=False)
     hashed_password = Column(String(255), nullable=False)
+    full_name = Column(String(100))
+    avatar = Column(String(255))
     
     # 用户状态
     is_active = Column(Boolean, default=True)

app/schemas/auth.py

@@ -1,6 +1,6 @@
 from pydantic import BaseModel, Field
 from typing import Optional
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 from .user import UserResponse
 
 class TokenBase(BaseModel):

app/schemas/token.py

@@ -1,7 +1,7 @@
 # app/schemas/token.py
 from pydantic import BaseModel, Field
 from typing import Optional
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 
 class Token(BaseModel):
     """令牌响应模型"""

app/schemas/user.py

@@ -1,7 +1,7 @@
 # app/schemas/user.py
 from pydantic import BaseModel, EmailStr, Field, validator
 from typing import Optional
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 
 class UserBase(BaseModel):
     """用户基础模型"""

app/services/auth_service.py

@@ -1,14 +1,15 @@
 from typing import Optional, Dict, Any, Tuple
-from datetime import datetime, timedelta
-from sqlalchemy.orm import Session
+from datetime import datetime, timezone, timedelta
+from sqlalchemy import select, update, delete, func, or_
+from sqlalchemy.ext.asyncio import AsyncSession
 from fastapi import HTTPException, status, BackgroundTasks
 import secrets
 import string
 
-from ..models.user import User
-from ..models.token import Token
+from app.models.user import User
+from app.models.token import Token
 from ..schemas.auth import LoginRequest, TokenResponse
-from ..core.security import (
+from app.core.security import (
     verify_password,
     create_access_token,
     create_refresh_token,
@@ -17,11 +18,11 @@ from ..core.security import (
     decode_token,
     generate_verification_code
 )
-from ..core.email import email_service
+from app.core.email import email_service
 from ..config import settings
 
 class AuthService:
-    def __init__(self, db: Session):
+    def __init__(self, db: AsyncSession):
         self.db = db
     
     async def register_user(
@@ -31,12 +32,16 @@ class AuthService:
         ip_address: Optional[str] = None,
         user_agent: Optional[str] = None
     ) -> User:
-        """注册新用户"""
-        # 检查用户是否存在
-        existing_user = self.db.query(User).filter(
-            (User.username == user_data["username"]) | 
-            (User.email == user_data["email"])
-        ).first()
+        """注册新用户（SQLAlchemy 2.0异步版）"""
+        # 1. 检查用户是否存在 - 使用异步查询
+        stmt = select(User).where(
+            or_(
+                User.username == user_data["username"],
+                User.email == user_data["email"]
+            )
+        )
+        result = await self.db.execute(stmt)
+        existing_user = result.scalar_one_or_none()
         
         if existing_user:
             if existing_user.username == user_data["username"]:
@@ -50,7 +55,7 @@ class AuthService:
                     detail="Email already registered"
                 )
         
-        # 创建用户
+        # 2. 创建用户
         from ..core.security import get_password_hash
         hashed_password = get_password_hash(user_data["password"])
         
@@ -64,16 +69,17 @@ class AuthService:
             is_verified=False
         )
         
-        # 生成验证码
+        # 3. 生成验证码
         verification_code = generate_verification_code()
         user.verification_code = verification_code
-        user.verification_code_expires = datetime.utcnow() + timedelta(hours=24)
+        user.verification_code_expires = datetime.now(timezone.utc) + timedelta(hours=24)
         
+        # 4. 异步保存用户
         self.db.add(user)
-        self.db.commit()
-        self.db.refresh(user)
+        await self.db.commit()
+        await self.db.refresh(user)
         
-        # 发送验证邮件（后台任务）
+        # 5. 发送验证邮件（后台任务）
         verification_token = create_verification_token(user.email)
         verification_url = f"{settings.FRONTEND_URL}/verify-email?token={verification_token}"
         
@@ -93,11 +99,16 @@ class AuthService:
         ip_address: Optional[str] = None,
         user_agent: Optional[str] = None
     ) -> Tuple[TokenResponse, User]:
-        """用户登录"""
-        user = self.db.query(User).filter(
-            (User.username == login_data.username) | 
-            (User.email == login_data.username)
-        ).first()
+        """用户登录（SQLAlchemy 2.0异步版）"""
+        # 1. 查找用户 - 异步查询
+        stmt = select(User).where(
+            or_(
+                User.username == login_data.username,
+                User.email == login_data.username
+            )
+        )
+        result = await self.db.execute(stmt)
+        user = result.scalar_one_or_none()
         
         if not user:
             raise HTTPException(
@@ -105,69 +116,95 @@ class AuthService:
                 detail="Incorrect username or password"
             )
         
-        # 检查账户是否被锁定
-        if user.is_locked and user.locked_until and user.locked_until > datetime.utcnow():
+        # 2. 检查账户是否被锁定
+        if user.is_locked and user.locked_until and user.locked_until > datetime.now(timezone.utc):
             raise HTTPException(
                 status_code=status.HTTP_423_LOCKED,
                 detail=f"Account is locked until {user.locked_until}"
             )
         
-        # 验证密码
+        # 3. 验证密码
         if not verify_password(login_data.password, user.hashed_password):
-            # 记录失败尝试
-            user.failed_login_attempts += 1
+            # 记录失败尝试 - 异步更新
+            new_attempts = (user.failed_login_attempts or 0) + 1
+            
+            update_data = {
+                "failed_login_attempts": new_attempts,
+                "updated_at": datetime.now(timezone.utc)
+            }
             
             # 如果失败次数超过5次，锁定账户
-            if user.failed_login_attempts >= 5:
-                user.is_locked = True
-                user.locked_until = datetime.utcnow() + timedelta(minutes=30)
+            if new_attempts >= 5:
+                update_data.update({
+                    "is_locked" : True,
+                    "locked_until": datetime.now(timezone.utc) + timedelta(minutes=30)
+                })
             
-            self.db.commit()
+            update_stmt = (
+                update(User)
+                .where(User.id == user.id)
+                .values(**update_data)
+            )
+            
+            await self.db.execute(update_stmt)
+            await self.db.commit()
             
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
                 detail="Incorrect username or password"
             )
         
-        # 检查邮箱是否已验证
+        # 4. 检查邮箱是否已验证
         if not user.is_verified:
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,
                 detail="Email not verified"
             )
         
-        # 检查账户是否激活
+        # 5. 检查账户是否激活
         if not user.is_active:
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,
                 detail="Account is not active"
             )
         
-        # 重置失败尝试次数
-        user.failed_login_attempts = 0
-        user.last_login = datetime.utcnow()
-        user.is_locked = False
-        user.locked_until = None
-        self.db.commit()
+        # 6. 重置失败尝试次数 - 异步更新
+        reset_stmt = (
+            update(User)
+            .where(User.id == user.id)
+            .values(
+                failed_login_attempts = 0,
+                last_login = datetime.now(timezone.utc),
+                is_locked = False,
+                locked_until = None,
+            )
+        )
+        
+        await self.db.execute(reset_stmt)
         
-        # 创建令牌
+        # 7. 创建令牌
         access_token = create_access_token({"sub": user.username, "user_id": user.id})
         refresh_token = create_refresh_token({"sub": user.username, "user_id": user.id})
         
-        # 保存刷新令牌到数据库
+        # 8. 保存刷新令牌到数据库 - 异步添加
         refresh_token_entry = Token(
             token=refresh_token,
             token_type="refresh",
-            expires_at=datetime.utcnow() + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS),
+            expires_at=datetime.now(timezone.utc) + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS),
             user_id=user.id,
             ip_address=ip_address,
             user_agent=user_agent
         )
         
         self.db.add(refresh_token_entry)
-        self.db.commit()
         
-        # 构建响应
+        # 9. 提交所有更改
+        await self.db.commit()
+        
+        # 10. 刷新用户对象以获取最新数据
+        await self.db.refresh(user)
+        
+        # 11. 构建响应
         token_response = TokenResponse(
             access_token=access_token,
             refresh_token=refresh_token,
@@ -182,7 +219,8 @@ class AuthService:
         token: str,
         code: Optional[str] = None
     ) -> bool:
-        """验证邮箱"""
+        """验证邮箱（SQLAlchemy 2.0异步版）"""
+        # 1. 解码令牌
         payload = decode_token(token)
         
         if not payload or payload.get("type") != "verify":
@@ -198,7 +236,10 @@ class AuthService:
                 detail="Invalid token payload"
             )
         
-        user = self.db.query(User).filter(User.email == email).first()
+        # 2. 查找用户 - 异步查询
+        stmt = select(User).where(User.email == email)
+        result = await self.db.execute(stmt)
+        user = result.scalar_one_or_none()
         
         if not user:
             raise HTTPException(
@@ -212,25 +253,35 @@ class AuthService:
                 detail="Email already verified"
             )
         
-        # 验证码验证
+        # 3. 验证码验证
         if code:
+            now = datetime.now(timezone.utc)
             if (not user.verification_code or 
                 user.verification_code != code or
                 not user.verification_code_expires or
-                user.verification_code_expires < datetime.utcnow()):
+                user.verification_code_expires < now):
                 raise HTTPException(
                     status_code=status.HTTP_400_BAD_REQUEST,
                     detail="Invalid or expired verification code"
                 )
         
-        # 更新用户状态
-        user.is_verified = True
-        user.is_active = True
-        user.verification_code = None
-        user.verification_code_expires = None
-        self.db.commit()
+        # 4. 更新用户状态 - 异步更新
+        update_stmt = (
+            update(User)
+            .where(User.id == user.id)
+            .values(
+                is_verified = True,
+                is_active = True,
+                verification_code = None,
+                verification_code_expires = None,
+                updated_at = datetime.now(timezone.utc)
+            )
+        )
+        
+        await self.db.execute(update_stmt)
+        await self.db.commit()
         
-        # 发送欢迎邮件
+        # 5. 发送欢迎邮件（假设是异步的）
         await email_service.send_welcome_email(user.email, user.username)
         
         return True
@@ -240,8 +291,11 @@ class AuthService:
         email: str,
         background_tasks: BackgroundTasks
     ) -> bool:
-        """重新发送验证邮件"""
-        user = self.db.query(User).filter(User.email == email).first()
+        """重新发送验证邮件（SQLAlchemy 2.0异步版）"""
+        # 1. 查找用户 - 异步查询
+        stmt = select(User).where(User.email == email)
+        result = await self.db.execute(stmt)
+        user = result.scalar_one_or_none()
         
         if not user:
             # 出于安全考虑，即使用户不存在也返回成功
@@ -253,14 +307,24 @@ class AuthService:
                 detail="Email already verified"
             )
         
-        # 生成新的验证码
+        # 2. 生成新的验证码
         verification_code = generate_verification_code()
-        user.verification_code = verification_code
-        user.verification_code_expires = datetime.utcnow() + timedelta(hours=24)
         
-        self.db.commit()
+        # 3. 更新用户验证信息 - 异步更新
+        update_stmt = (
+            update(User)
+            .where(User.id == user.id)
+            .values(
+                verification_code = verification_code,
+                verification_code_expires = datetime.now(timezone.utc) + timedelta(hours=24),
+                updated_at=datetime.now(timezone.utc)
+            )
+        )
         
-        # 发送验证邮件
+        await self.db.execute(update_stmt)
+        await self.db.commit()
+        
+        # 4. 发送验证邮件
         verification_token = create_verification_token(user.email)
         verification_url = f"{settings.FRONTEND_URL}/verify-email?token={verification_token}"
         
@@ -279,8 +343,11 @@ class AuthService:
         email: str,
         background_tasks: BackgroundTasks
     ) -> bool:
-        """请求密码重置"""
-        user = self.db.query(User).filter(User.email == email).first()
+        """请求密码重置（SQLAlchemy 2.0异步版）"""
+        # 1. 查找用户 - 异步查询
+        stmt = select(User).where(User.email == email)
+        result = await self.db.execute(stmt)
+        user = result.scalar_one_or_none()
         
         if not user:
             # 出于安全考虑，即使用户不存在也返回成功
@@ -292,22 +359,22 @@ class AuthService:
                 detail="Account is not active"
             )
         
-        # 生成重置令牌
+        # 2. 生成重置令牌
         reset_token = create_reset_token(user.email)
         reset_url = f"{settings.FRONTEND_URL}/reset-password?token={reset_token}"
         
-        # 保存重置令牌到数据库
+        # 3. 保存重置令牌到数据库 - 异步添加
         reset_token_entry = Token(
             token=reset_token,
             token_type="reset",
-            expires_at=datetime.utcnow() + timedelta(minutes=settings.RESET_TOKEN_EXPIRE_MINUTES),
+            expires_at=datetime.now(timezone.utc) + timedelta(minutes=settings.RESET_TOKEN_EXPIRE_MINUTES),
             user_id=user.id
         )
         
         self.db.add(reset_token_entry)
-        self.db.commit()
+        await self.db.commit()
         
-        # 发送重置邮件
+        # 4. 发送重置邮件
         background_tasks.add_task(
             email_service.send_password_reset_email,
             user.email,
@@ -322,8 +389,8 @@ class AuthService:
         token: str,
         new_password: str
     ) -> bool:
-        """重置密码"""
-        # 验证令牌
+        """重置密码（SQLAlchemy 2.0异步版）"""
+        # 1. 验证令牌
         payload = decode_token(token)
         
         if not payload or payload.get("type") != "reset":
@@ -339,13 +406,15 @@ class AuthService:
                 detail="Invalid token payload"
             )
         
-        # 检查令牌是否在数据库中且未过期
-        token_entry = self.db.query(Token).filter(
+        # 2. 检查令牌是否在数据库中且未过期 - 异步查询
+        stmt = select(Token).where(
             Token.token == token,
             Token.token_type == "reset",
             Token.is_revoked == False,
-            Token.expires_at > datetime.utcnow()
-        ).first()
+            Token.expires_at > datetime.now(timezone.utc)
+        )
+        result = await self.db.execute(stmt)
+        token_entry = result.scalar_one_or_none()
         
         if not token_entry:
             raise HTTPException(
@@ -353,7 +422,10 @@ class AuthService:
                 detail="Invalid or expired reset token"
             )
         
-        user = self.db.query(User).filter(User.email == email).first()
+        # 3. 查找用户 - 异步查询
+        user_stmt = select(User).where(User.email == email)
+        user_result = await self.db.execute(user_stmt)
+        user = user_result.scalar_one_or_none()
         
         if not user:
             raise HTTPException(
@@ -367,21 +439,41 @@ class AuthService:
                 detail="Account is not active"
             )
         
-        # 更新密码
+        # 4. 更新密码 - 异步更新
         from ..core.security import get_password_hash
-        user.hashed_password = get_password_hash(new_password)
-        user.last_password_change = datetime.utcnow()
         
-        # 撤销所有现有令牌
-        self.db.query(Token).filter(
-            Token.user_id == user.id,
-            Token.token_type.in_(["access", "refresh"])
-        ).update({"is_revoked": True})
+        update_user_stmt = (
+            update(User)
+            .where(User.id == user.id)
+            .values(
+                hashed_password = get_password_hash(new_password),
+                last_password_change = datetime.now(timezone.utc),
+                updated_at = datetime.now(timezone.utc)
+            )
+        )
+        
+        # 5. 撤销所有现有令牌 - 异步更新
+        revoke_tokens_stmt = (
+            update(Token)
+            .where(
+                Token.user_id == user.id,
+                Token.token_type.in_(["access", "refresh"])
+            )
+            .values(is_revoked = True)
+        )
         
-        # 标记重置令牌为已使用
-        token_entry.is_revoked = True
+        # 6. 标记重置令牌为已使用 - 异步更新
+        revoke_reset_token_stmt = (
+            update(Token)
+            .where(Token.token == token)
+            .values(is_revoked=True)
+        )
         
-        self.db.commit()
+        # 执行所有更新
+        await self.db.execute(update_user_stmt)
+        await self.db.execute(revoke_tokens_stmt)
+        await self.db.execute(revoke_reset_token_stmt)
+        await self.db.commit()
         
         return True
     
@@ -391,8 +483,8 @@ class AuthService:
         ip_address: Optional[str] = None,
         user_agent: Optional[str] = None
     ) -> TokenResponse:
-        """刷新访问令牌"""
-        # 验证刷新令牌
+        """刷新访问令牌（SQLAlchemy 2.0异步版）"""
+        # 1. 验证刷新令牌
         payload = decode_token(refresh_token)
         
         if not payload or payload.get("type") != "refresh":
@@ -401,13 +493,15 @@ class AuthService:
                 detail="Invalid refresh token"
             )
         
-        # 检查令牌是否在数据库中且有效
-        token_entry = self.db.query(Token).filter(
+        # 2. 检查令牌是否在数据库中且有效 - 异步查询
+        token_stmt = select(Token).where(
             Token.token == refresh_token,
             Token.token_type == "refresh",
             Token.is_revoked == False,
-            Token.expires_at > datetime.utcnow()
-        ).first()
+            Token.expires_at > datetime.now(timezone.utc)
+        )
+        token_result = await self.db.execute(token_stmt)
+        token_entry = token_result.scalar_one_or_none()
         
         if not token_entry:
             raise HTTPException(
@@ -424,11 +518,14 @@ class AuthService:
                 detail="Invalid token payload"
             )
         
-        user = self.db.query(User).filter(
+        # 3. 查找用户 - 异步查询
+        user_stmt = select(User).where(
             User.id == user_id,
             User.username == username,
             User.is_active == True
-        ).first()
+        )
+        user_result = await self.db.execute(user_stmt)
+        user = user_result.scalar_one_or_none()
         
         if not user:
             raise HTTPException(
@@ -436,29 +533,35 @@ class AuthService:
                 detail="User not found or inactive"
             )
         
-        # 创建新的访问令牌
+        # 4. 创建新的访问令牌
         access_token = create_access_token({"sub": user.username, "user_id": user.id})
         
-        # 可选：创建新的刷新令牌（刷新令牌轮换）
+        # 5. 创建新的刷新令牌（刷新令牌轮换）
         new_refresh_token = create_refresh_token({"sub": user.username, "user_id": user.id})
         
-        # 保存新的刷新令牌
+        # 6. 保存新的刷新令牌 - 异步添加
         new_refresh_token_entry = Token(
             token=new_refresh_token,
-            token_type="refresh",
-            expires_at=datetime.utcnow() + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS),
-            user_id=user.id,
-            ip_address=ip_address,
-            user_agent=user_agent
+            token_type = "refresh",
+            expires_at = datetime.now(timezone.utc) + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS),
+            user_id = user.id,
+            ip_address = ip_address,
+            user_agent = user_agent
         )
         
-        # 标记旧令牌为已撤销
-        token_entry.is_revoked = True
+        # 7. 标记旧令牌为已撤销 - 异步更新
+        revoke_stmt = (
+            update(Token)
+            .where(Token.token == refresh_token)
+            .values(is_revoked = True)
+        )
         
+        # 执行更新和添加操作
+        await self.db.execute(revoke_stmt)
         self.db.add(new_refresh_token_entry)
-        self.db.commit()
+        await self.db.commit()
         
-        # 构建响应
+        # 8. 构建响应
         return TokenResponse(
             access_token=access_token,
             refresh_token=new_refresh_token,
@@ -470,16 +573,24 @@ class AuthService:
         self,
         refresh_token: str
     ) -> bool:
-        """用户登出"""
-        # 撤销刷新令牌
-        token_entry = self.db.query(Token).filter(
+        """用户登出（SQLAlchemy 2.0异步版）"""
+        # 1. 查找刷新令牌 - 异步查询
+        stmt = select(Token).where(
             Token.token == refresh_token,
             Token.token_type == "refresh"
-        ).first()
+        )
+        result = await self.db.execute(stmt)
+        token_entry = result.scalar_one_or_none()
         
+        # 2. 如果找到令牌，则撤销它 - 异步更新
         if token_entry:
-            token_entry.is_revoked = True
-            self.db.commit()
+            update_stmt = (
+                update(Token)
+                .where(Token.token == refresh_token)
+                .values(is_revoked = True)
+            )
+            await self.db.execute(update_stmt)
+            await self.db.commit()
         
         return True
     
@@ -487,12 +598,19 @@ class AuthService:
         self,
         user_id: int
     ) -> bool:
-        """撤销用户的所有令牌"""
-        self.db.query(Token).filter(
-            Token.user_id == user_id,
-            Token.token_type.in_(["access", "refresh"]),
-            Token.is_revoked == False
-        ).update({"is_revoked": True})
-        
-        self.db.commit()
-        return True
+        """撤销用户的所有令牌（SQLAlchemy 2.0异步版）"""
+        # 撤销用户的所有访问和刷新令牌 - 异步更新
+        stmt = (
+            update(Token)
+            .where(
+                Token.user_id == user_id,
+                Token.token_type.in_(["access", "refresh"]),
+                Token.is_revoked == False
+            )
+            .values(is_revoked = True)
+        )
+        
+        result = await self.db.execute(stmt)
+        await self.db.commit()
+        
+        return result.rowcount > 0

app/services/user_service.py

@@ -1,33 +1,36 @@
 # app/services/user_service.py
-from sqlalchemy.orm import Session
-from sqlalchemy import or_
-from typing import Optional, List
-from datetime import datetime
+from sqlalchemy import select, update, delete, func, or_
+from sqlalchemy.orm import selectinload
+from sqlalchemy.ext.asyncio import AsyncSession
+from typing import List, Optional, Dict, Any
+from datetime import datetime, timezone, timedelta
 
-from ..models.user import User
-from ..core.security import password_hasher, password_validator
+from app.models.user import User
+from app.core.security import password_hasher, password_validator
 from ..schemas.user import UserCreate, UserUpdate, UserResponse
 
 class UserService:
     """用户服务"""
     
-    def __init__(self, db: Session):
+    def __init__(self, db: AsyncSession):  # 异步Session
         self.db = db
     
     async def create_user(self, user_data: UserCreate) -> User:
-        """创建用户"""
+        """创建用户（异步版本）"""
         # 验证密码强度
         is_valid, error_msg = password_validator.validate_password_strength(user_data.password)
         if not is_valid:
             raise ValueError(error_msg)
         
-        # 检查用户是否已存在
-        existing_user = self.db.query(User).filter(
+        # 检查用户是否已存在 - 使用异步查询
+        stmt = select(User).where(
             or_(
                 User.username == user_data.username,
                 User.email == user_data.email
             )
-        ).first()
+        )
+        result = await self.db.execute(stmt)
+        existing_user = result.scalar_one_or_none()
         
         if existing_user:
             if existing_user.username == user_data.username:
@@ -38,7 +41,7 @@ class UserService:
         # 哈希密码
         hashed_password = password_hasher.hash_password(user_data.password)
         
-        # 创建用户
+        # 创建用户对象
         user = User(
             username=user_data.username,
             email=user_data.email,
@@ -48,55 +51,84 @@ class UserService:
             is_verified=False
         )
         
+        # 异步保存
         self.db.add(user)
-        self.db.commit()
-        self.db.refresh(user)
+        await self.db.commit()
+        await self.db.refresh(user)
         
         return user
     
     async def get_user_by_id(self, user_id: int) -> Optional[User]:
-        """通过ID获取用户"""
-        return self.db.query(User).filter(User.id == user_id).first()
+        """通过ID获取用户（异步）"""
+        stmt = select(User).where(User.id == user_id)
+        result = await self.db.execute(stmt)
+        return result.scalar_one_or_none()
     
     async def get_user_by_username(self, username: str) -> Optional[User]:
-        """通过用户名获取用户"""
-        return self.db.query(User).filter(User.username == username).first()
+        """通过用户名获取用户（异步）"""
+        stmt = select(User).where(User.username == username)
+        result = await self.db.execute(stmt)
+        return result.scalar_one_or_none()
     
     async def get_user_by_email(self, email: str) -> Optional[User]:
-        """通过邮箱获取用户"""
-        return self.db.query(User).filter(User.email == email).first()
-    
+        """通过邮箱获取用户（异步）"""
+        stmt = select(User).where(User.email == email)
+        result = await self.db.execute(stmt)
+        return result.scalar_one_or_none()
+
     async def authenticate_user(self, username: str, password: str) -> Optional[User]:
-        """验证用户"""
-        # 通过用户名或邮箱查找用户
-        user = self.db.query(User).filter(
+        """验证用户（SQLAlchemy 2.0异步版）"""
+        # 通过用户名或邮箱查找用户 - 使用异步select
+        stmt = select(User).where(
             or_(
                 User.username == username,
                 User.email == username
             )
-        ).first()
+        )
+        result = await self.db.execute(stmt)
+        user = result.scalar_one_or_none()
         
         if not user:
             return None
         
+        # 验证密码
         if not password_hasher.verify_password(password, user.hashed_password):
-            # 记录失败尝试
-            user.failed_login_attempts += 1
-            if user.failed_login_attempts >= 5:
-                user.is_locked = True
-            self.db.commit()
+            # 记录失败尝试 - 使用异步更新
+            new_attempts = (user.failed_login_attempts or 0) + 1
+            update_stmt = (
+                update(User)
+                .where(User.id == user.id)
+                .values(
+                    failed_login_attempts=new_attempts,
+                    is_locked=(new_attempts >= 5)  # 5次失败后锁定
+                )
+            )
+            await self.db.execute(update_stmt)
+            await self.db.commit()
             return None
         
-        # 重置失败尝试
-        user.failed_login_attempts = 0
-        user.last_login = datetime.now()
-        user.is_locked = False
-        self.db.commit()
+        # 登录成功 - 重置失败尝试并更新最后登录时间
+        update_stmt = (
+            update(User)
+            .where(User.id == user.id)
+            .values(
+                failed_login_attempts = 0,
+                last_login = datetime.now(timezone.utc),
+                is_locked = False
+            )
+        )
         
-        return user
-    
+        await self.db.execute(update_stmt)
+        await self.db.commit()
+        
+        # 4. 刷新用户对象以获取最新数据
+        await self.db.refresh(user)
+
+        return user 
+
+    # ==================== 用户操作 ====================
     async def update_user(self, user_id: int, update_data: dict) -> Optional[User]:
-        """更新用户信息"""
+        """更新用户信息（异步）"""
         user = await self.get_user_by_id(user_id)
         if not user:
             return None
@@ -105,14 +137,15 @@ class UserService:
             if hasattr(user, key) and value is not None:
                 setattr(user, key, value)
         
-        user.updated_at = datetime.now()
-        self.db.commit()
-        self.db.refresh(user)
+        user.updated_at = datetime.now(timezone.utc)
+        await self.db.commit()
+        await self.db.refresh(user)
         
         return user
     
     async def change_password(self, user_id: int, current_password: str, new_password: str) -> bool:
-        """修改密码"""
+        """修改用户密码（异步）"""
+        # 获取用户
         user = await self.get_user_by_id(user_id)
         if not user:
             return False
@@ -128,42 +161,58 @@ class UserService:
         
         # 更新密码
         user.hashed_password = password_hasher.hash_password(new_password)
-        user.last_password_change = datetime.now()
-        self.db.commit()
+        user.last_password_change = datetime.now(timezone.utc)
+        await self.db.commit()
         
         return True
     
-    async def list_users(
-        self, 
-        skip: int = 0, 
-        limit: int = 100,
-        active_only: bool = True
-    ) -> List[User]:
-        """列出用户"""
-        query = self.db.query(User)
+    # ==================== 用户列表 ====================
+    async def list_users(self, skip: int = 0, limit: int = 100, active_only: bool = True) -> List[User]:
+        """获取用户列表（异步）"""
+        stmt = select(User)
         
         if active_only:
-            query = query.filter(User.is_active == True)
+            stmt = stmt.where(User.is_active == True)
+        
+        stmt = stmt.offset(skip).limit(limit)
         
-        return query.offset(skip).limit(limit).all()
+        result = await self.db.execute(stmt)
+        users = result.scalars().all()
+        return users
     
     async def delete_user(self, user_id: int) -> bool:
         """删除用户（软删除）"""
-        user = await self.get_user_by_id(user_id)
-        if not user:
-            return False
+        """删除/禁用用户（异步）"""
+        # 通常我们不会真正删除，而是标记为禁用
+        stmt = (
+            update(User)
+            .where(User.id == user_id)
+            .values(is_active = False, updated_at = datetime.now(timezone.utc))
+        )
         
-        user.is_active = False
-        user.updated_at = datetime.now()
-        self.db.commit()
+        result = await self.db.execute(stmt)
+        await self.db.commit()
         
-        return True
+        # 检查是否影响了一行
+        return result.rowcount > 0
     
     async def count_users(self, active_only: bool = True) -> int:
-        """统计用户数量"""
-        query = self.db.query(User)
-        
+        """统计用户数量（异步）"""
         if active_only:
-            query = query.filter(User.is_active == True)
+            stmt = select(func.count()).where(User.is_active == True)
+        else:
+            stmt = select(func.count())
+        
+        result = await self.db.execute(stmt)
+        return result.scalar() or 0
+    
+    async def update_last_login(self, user_id: int) -> None:
+        """更新最后登录时间（异步）"""
+        stmt = (
+            update(User)
+            .where(User.id == user_id)
+            .values(last_login=datetime.now(timezone.utc))
+        )
         
-        return query.count()
+        await self.db.execute(stmt)
+        await self.db.commit()