app/security/session.py

@@ -1,6 +1,6 @@
 from __future__ import annotations
 
-from datetime import datetime, timedelta, timezone
+from datetime import datetime, timedelta
 from uuid import uuid4
 
 from fastapi import Request, Response
@@ -8,21 +8,14 @@ from sqlalchemy import delete, select
 
 from app.core.config import settings
 from app.db.engine import get_session
-from app.db.models import Session, User
+from app.db.models import Session
 
 
 SESSION_COOKIE_NAME = "session_id"
 
 
 def _now_utc() -> datetime:
-    return datetime.now(timezone.utc)
+    return datetime.utcnow()
-
-
-def _as_utc(dt: datetime) -> datetime:
-    # 兼容历史脏数据：若为 naive，按 UTC 解释；若为 aware，统一转换到 UTC。
-    if dt.tzinfo is None:
-        return dt.replace(tzinfo=timezone.utc)
-    return dt.astimezone(timezone.utc)
 
 
 def create_session(user_id: int, request: Request) -> str:
@@ -82,7 +75,7 @@ def get_current_user(request: Request) -> User | None:
         if not record:
             request.state.user = None
             return None
-        if _as_utc(record.expires_at) <= _now_utc():
+        if record.expires_at <= _now_utc():
             db.execute(delete(Session).where(Session.id == session_id))
             db.commit()
             request.state.user = None