phase 3 23 qr-scan-check

2026-03-10 12:11:38 +00:00
parent 887a718a65
commit 3bf4a2189f
8 changed files with 377 additions and 8 deletions
--- a/backend/api/routers/tickets.py
+++ b/backend/api/routers/tickets.py
@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
@@ -6,7 +6,7 @@ from sqlalchemy.orm import selectinload
 from api.deps import get_current_user
 from database.models import Seat, Ticket, TicketStatus, User
 from database.session import get_db
-from schemas.ticket import TicketResponse
+from schemas.ticket import TicketResponse, TicketScanRequest, TicketScanResponse

 router = APIRouter(prefix="/api/tickets", tags=["tickets"])

@@ -27,3 +27,59 @@ async def get_my_tickets(
        .order_by(Ticket.created_at.desc())
    )
    return list(result.scalars().all())
+
+
+@router.post("/scan", response_model=TicketScanResponse)
+async def scan_ticket(
+    body: TicketScanRequest,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+) -> TicketScanResponse:
+    """
+    Сканирует билет по secret_token (QR-код).
+    Переводит статус PAID → SCANNED. Идемпотентно обрабатывает повторное сканирование.
+    """
+    result = await db.execute(
+        select(Ticket).where(Ticket.secret_token == body.token)
+    )
+    ticket: Ticket | None = result.scalar_one_or_none()
+
+    if ticket is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=TicketScanResponse(
+                success=False,
+                message="Билет не найден или подделка",
+                ticket_id=None,
+            ).model_dump(),
+        )
+
+    if ticket.status == TicketStatus.SCANNED:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=TicketScanResponse(
+                success=False,
+                message="Билет уже отсканирован!",
+                ticket_id=ticket.id,
+            ).model_dump(),
+        )
+
+    if ticket.status != TicketStatus.PAID:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=TicketScanResponse(
+                success=False,
+                message=f"Проход запрещен: статус билета '{ticket.status.value}'",
+                ticket_id=ticket.id,
+            ).model_dump(),
+        )
+
+    # PAID → SCANNED
+    ticket.status = TicketStatus.SCANNED
+    await db.commit()
+
+    return TicketScanResponse(
+        success=True,
+        message="Проход разрешен",
+        ticket_id=ticket.id,
+    )