添加微信小程序用API，增加了新的鉴权方式

.cursor/djangorest.mdc

@@ -0,0 +1,78 @@
+---
+alwaysApply: false
+---
+You are an expert in Python, Django, and scalable RESTful API development.
+
+Core Principles
+- Django-First Approach: Use Django's built-in features and tools wherever possible to leverage its full capabilities
+- Code Quality: Prioritize readability and maintainability; follow Django's coding style guide (PEP 8 compliance)
+- Naming Conventions: Use descriptive variable and function names; adhere to naming conventions (lowercase with underscores for functions and variables)
+- Modular Architecture: Structure your project in a modular way using Django apps to promote reusability and separation of concerns
+- Performance Awareness: Always consider scalability and performance implications in your design decisions
+
+Django/Python Development Guidelines
+
+Views and API Design
+- Use Class-Based Views: Leverage Django's class-based views (CBVs) with DRF's APIViews
+- RESTful Design: Follow RESTful principles strictly with proper HTTP methods and status codes
+- Keep Views Light: Focus views on request handling; keep business logic in models, managers, and services
+- Consistent Response Format: Use unified response structure for both success and error cases
+- Always write API documentation with @extend_schema
+
+Models and Database
+- ORM First: Leverage Django's ORM for database interactions; avoid raw SQL queries unless necessary for performance
+- Business Logic in Models: Keep business logic in models and custom managers
+- Query Optimization: Use select_related and prefetch_related for related object fetching
+- Database Indexing: Implement proper database indexing for frequently queried fields
+- Transactions: Use transaction.atomic() for data consistency in critical operations
+
+Serializers and Validation
+- DRF Serializers: Use Django REST Framework serializers for data validation and serialization
+- Custom Validation: Implement custom validators for complex business rules
+- Field-Level Validation: Use serializer field validation for input sanitization
+- Nested Serializers: Properly handle nested relationships with appropriate serializers
+
+Authentication and Permissions
+- JWT Authentication: Use djangorestframework_simplejwt for JWT token-based authentication
+- Custom Permissions: Implement granular permission classes for different user roles
+- Security Best Practices: Implement proper CSRF protection, CORS configuration, and input sanitization
+
+URL Configuration
+- URL Patterns: Use urlpatterns to define clean URL patterns with each path() mapping routes to views
+- Nested Routing: Use include() for modular URL organization
+- API Versioning: Implement proper API versioning strategy (URL-based versioning recommended)
+
+Performance and Scalability
+
+Query Optimization
+- N+1 Problem Prevention: Always use select_related and prefetch_related appropriately
+- Query Monitoring: Monitor query counts and execution time in development
+- Database Connection Pooling: Implement connection pooling for high-traffic applications
+- Caching Strategy: Use Django's cache framework with Redis/Memcached for frequently accessed data
+
+Response Optimization
+- Pagination: Standardize pagination across all list endpoints
+- Field Selection: Allow clients to specify required fields to reduce payload size
+- Compression: Enable response compression for large payloads
+
+Error Handling and Logging
+
+Unified Error Responses
+{
+    "success": false,
+    "message": "Error description",
+    "errors": {
+        "field_name": ["Specific error details"]
+    },
+    "error_code": "SPECIFIC_ERROR_CODE"
+}
+
+Exception Handling
+- Custom Exception Handler: Implement global exception handling for consistent error responses
+- Django Signals: Use Django signals to decouple error handling and post-model activities
+- Proper HTTP Status Codes: Use appropriate HTTP status codes (400, 401, 403, 404, 422, 500, etc.)
+
+Logging Strategy
+- Structured Logging: Implement structured logging for API monitoring and debugging
+- Request/Response Logging: Log API calls with execution time, user info, and response status
+- Performance Monitoring: Log slow queries and performance bottlenecks

.cursor/overview.mdc

@@ -0,0 +1,10 @@
+---
+alwaysApply: true
+---
+
+You are working on a django web project.
+The global urls pattern is in `/boot/urls.py`.
+The global models can be found in `/generic/models.py`.
+The module specific models can be found in `/module_name/models.py`.
+
+When implementing a new function, add its corresponding test when possible.

Appointment/utils/identity.py

@@ -66,6 +66,28 @@ def get_participant(user: User | str, update: bool = False,
         return None
 
 
+def get_or_create_participant(request: UserRequest) -> Participant:
+    '''通过User对象或学号获取对应的参与人对象，如果不存在则创建
+    Args:
+    - user: User对象或学号
+    Returns:
+    - participant: 满足participant.Sid=user, 不存在时创建并返回新对象
+    Raises:
+    - Exception: 当不允许创建，或者创建失败时抛出异常
+    '''
+    participant = get_participant(request.user, raise_except=False)
+    if participant is not None:
+        return participant
+    if not CONFIG.allow_newstu_appoint:
+        raise Exception('不允许创建地下室账户')
+
+    participant = _create_account(request)
+
+    if participant is None:
+        raise Exception('创建地下室账户失败')
+    return participant
+
+
 def _arg2user(participant: Participant | User) -> User:
     '''把范围内的参数转化为User对象'''
     if isinstance(participant, Participant):

api/YQpools/__init__.py

@@ -0,0 +1,3 @@
+"""
+YQpools API module.
+"""

api/YQpools/serializers.py

@@ -0,0 +1,104 @@
+""" 
+Serializers for YQpools API.
+"""
+from rest_framework import serializers
+from app.models import Pool, PoolItem
+
+
+class PoolSerializer(serializers.ModelSerializer):
+    """Serializer for Pool model with computed fields."""
+    # Computed fields from get_pools_and_items
+    status = serializers.IntegerField(read_only=True)
+    capacity = serializers.IntegerField(read_only=True, required=False)
+    items = serializers.ListField(
+        child=serializers.DictField(), read_only=True, required=False)
+    my_entry_time = serializers.IntegerField(read_only=True, required=False)
+    records_num = serializers.IntegerField(read_only=True, required=False)
+    results = serializers.DictField(
+        read_only=True, required=False, allow_null=True)
+
+    class Meta:
+        model = Pool
+        fields = '__all__'
+
+    def to_representation(self, instance):
+        """Handle both Pool instances and dictionaries from get_pools_and_items."""
+        # If instance is a dict (from get_pools_and_items), preserve ALL fields including computed ones
+        if isinstance(instance, dict):
+            ret = instance.copy()
+            return self._convert_imagefields_in_dict(instance)
+
+        # Otherwise, serialize the Pool instance normally
+        ret = super().to_representation(instance)
+        return ret
+
+    # Keys that hold Prize/other image paths (from .values() they are already strings)
+    _IMAGE_PATH_KEYS = frozenset({"prize__image", "prize_image", "image"})
+
+    def _ensure_media_prefix(self, path):
+        """Ensure image path has /media prefix for API response."""
+        if not path or not isinstance(path, str):
+            return path or ""
+        return path if path.startswith("/media") else f"/media/{path}"
+
+    def _convert_imagefields_in_dict(self, d):
+        """Helper to convert ImageField objects and image path strings with /media prefix in nested dicts."""
+        result = {}
+        for key, value in d.items():
+            if hasattr(value, 'name') and hasattr(value, 'storage'):  # ImageField object
+                result[key] = self._ensure_media_prefix(
+                    str(value) if value else "")
+            # String path images
+            elif key in self._IMAGE_PATH_KEYS and isinstance(value, str):
+                result[key] = self._ensure_media_prefix(value)
+            elif isinstance(value, dict):
+                result[key] = self._convert_imagefields_in_dict(value)
+            elif isinstance(value, list):
+                result[key] = [
+                    self._convert_imagefields_in_dict(
+                        item) if isinstance(item, dict) else item
+                    for item in value
+                ]
+            else:
+                result[key] = value
+        return result
+
+
+class PoolItemSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = PoolItem
+        fields = '__all__'
+
+
+class PoolListSerializer(serializers.Serializer):
+    pools_info = PoolSerializer(many=True)
+
+
+class ExchangePurchaseSerializer(serializers.Serializer):
+    """Serializer for exchange item purchase request."""
+
+    poolitem_id = serializers.IntegerField(
+        help_text="ID of the pool item to purchase")
+    attributes = serializers.DictField(
+        child=serializers.CharField(),
+        default=dict,
+        help_text="Exchange attributes if required"
+    )
+
+
+class LotteryPurchaseSerializer(serializers.Serializer):
+    """Serializer for lottery ticket purchase request."""
+
+    pool_id = serializers.IntegerField(help_text="ID of the lottery pool")
+
+
+class RandomPurchaseSerializer(serializers.Serializer):
+    """Serializer for random box purchase request."""
+
+    pool_id = serializers.IntegerField(help_text="ID of the random pool")
+
+
+class YQPointBalanceSerializer(serializers.Serializer):
+    """Serializer for user's YQPoint balance."""
+
+    YQpoint = serializers.IntegerField(help_text="Current YQPoint balance")