PyPI - bid-master-cli - Versions diffs - 1.0.0__py3-none-any.whl - Mend

bid-master-cli 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

app/__init__.py +1 -0
app/api/__init__.py +1 -0
app/api/api_keys.py +60 -0
app/api/auth.py +258 -0
app/api/cli_auth.py +165 -0
app/api/database.py +286 -0
app/api/extract.py +158 -0
app/api/files.py +163 -0
app/api/health.py +62 -0
app/api/logs.py +26 -0
app/api/settings.py +101 -0
app/api/simulate.py +195 -0
app/api/statistics.py +1214 -0
app/cli.py +894 -0
app/config.py +93 -0
app/dependencies.py +12 -0
app/infrastructure/__init__.py +1 -0
app/infrastructure/database.py +126 -0
app/infrastructure/db_schema.py +245 -0
app/infrastructure/email_service.py +92 -0
app/infrastructure/llm/__init__.py +1 -0
app/infrastructure/llm/lite_llm.py +463 -0
app/infrastructure/log_collector.py +64 -0
app/infrastructure/mock_storage.py +563 -0
app/infrastructure/pg_storage.py +656 -0
app/infrastructure/storage.py +117 -0
app/limiter.py +7 -0
app/main.py +141 -0
app/models/__init__.py +1 -0
app/models/schemas.py +204 -0
app/services/__init__.py +1 -0
app/services/encryption_service.py +88 -0
app/services/extract_service.py +817 -0
app/services/file_service.py +112 -0
app/services/llm_service.py +65 -0
app/services/ocr_service.py +183 -0
app/services/prompt_builder.py +257 -0
app/services/simulate_service.py +625 -0
app/services/statistics_service.py +123 -0
app/utils/__init__.py +1 -0
app/utils/auth_dep.py +42 -0
app/utils/crypto.py +63 -0
app/utils/exceptions.py +53 -0
bid_master_cli-1.0.0.dist-info/METADATA +30 -0
bid_master_cli-1.0.0.dist-info/RECORD +47 -0
bid_master_cli-1.0.0.dist-info/WHEEL +4 -0
bid_master_cli-1.0.0.dist-info/entry_points.txt +2 -0

app/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ # bid-master-backend

app/api/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ # API routers

app/api/api_keys.py ADDED Viewed

@@ -0,0 +1,60 @@
+"""
+API Key 管理路由 — 用户可存储自己的 LLM API Key，Fernet 加密存储。
+"""
+from fastapi import APIRouter, Depends, HTTPException
+from app.models.schemas import ApiKeySaveRequest
+from app.infrastructure.pg_storage import (
+    save_api_key,
+    get_api_key,
+    delete_api_key,
+    list_user_api_keys,
+)
+from app.services.encryption_service import get_encryption_service
+from app.utils.auth_dep import get_current_user
+router = APIRouter(prefix="/api-keys", tags=["api-keys"])
+def _mask_key(key: str) -> str:
+    """遮蔽 API Key，只显示前 5 位和后 4 位。"""
+    if len(key) <= 10:
+        return key[:2] + "****" + key[-2:]
+    return key[:5] + "****" + key[-4:]
+@router.get("")
+async def list_keys(user: dict = Depends(get_current_user)):
+    """列出当前用户已存储的 API Key（masked）。"""
+    records = await list_user_api_keys(user["id"])
+    enc_service = get_encryption_service()
+    keys = []
+    for r in records:
+        encrypted = await get_api_key(user["id"], r["provider"])
+        if encrypted:
+            try:
+                plaintext = enc_service.decrypt(encrypted.encode()).decode()
+                keys.append({"provider": r["provider"], "masked_key": _mask_key(plaintext)})
+            except Exception:
+                keys.append({"provider": r["provider"], "masked_key": None})
+    return {"success": True, "data": {"keys": keys}}
+@router.post("")
+async def save_key(request: ApiKeySaveRequest, user: dict = Depends(get_current_user)):
+    """保存或更新一个 API Key。明文传入，Fernet 加密后存储。"""
+    api_key = request.api_key.strip()
+    if not api_key:
+        raise HTTPException(status_code=400, detail="API Key 不能为空")
+    enc_service = get_encryption_service()
+    encrypted = enc_service.encrypt(api_key.encode()).decode()
+    await save_api_key(user["id"], request.provider, encrypted)
+    return {"success": True, "message": f"API Key for {request.provider} 已保存"}
+@router.delete("/{provider}")
+async def remove_key(provider: str, user: dict = Depends(get_current_user)):
+    """删除指定 provider 的 API Key。"""
+    deleted = await delete_api_key(user["id"], provider)
+    if not deleted:
+        raise HTTPException(status_code=404, detail="未找到该 provider 的 API Key")
+    return {"success": True, "message": f"API Key for {provider} 已删除"}

app/api/auth.py ADDED Viewed

@@ -0,0 +1,258 @@
+"""
+Authentication API routes: register, login, refresh, logout, me, send-code, forgot-password, reset-password.
+"""
+import os
+import random
+import uuid
+from datetime import datetime, timedelta, timezone
+from fastapi import APIRouter, HTTPException, Response, Request
+from app.models.schemas import (
+    RegisterRequest, LoginRequest, RefreshRequest,
+    SendCodeRequest, ForgotPasswordRequest, ResetPasswordRequest,
+)
+from app.infrastructure.pg_storage import (
+    add_user, get_user_by_username, get_user_by_email, get_user_by_id,
+    save_verification_code, verify_code, delete_verification_code,
+    save_reset_token, get_reset_token, delete_reset_token, update_user_password,
+)
+from app.infrastructure.email_service import send_verification_code as email_send_code, send_reset_link
+from app.utils.crypto import (
+    generate_salt, hash_password, verify_password,
+    create_access_token, create_refresh_token, decode_token,
+)
+from app.config import get_settings
+router = APIRouter(prefix="/auth", tags=["auth"])
+_IS_PRODUCTION = os.getenv("RAILWAY_ENVIRONMENT") or os.getenv("RENDER") or os.getenv("FLY_APP_NAME")
+@router.post("/send-code")
+async def send_code(request: SendCodeRequest):
+    """发送邮箱验证码（注册用）。"""
+    existing = await get_user_by_email(request.email)
+    if existing:
+        raise HTTPException(status_code=400, detail="该邮箱已被注册")
+    code = f"{random.randint(0, 999999):06d}"
+    expires_at = datetime.now(timezone.utc) + timedelta(minutes=5)
+    await save_verification_code(request.email, code, expires_at)
+    success, err_msg = await email_send_code(request.email, code)
+    if not success:
+        raise HTTPException(status_code=500, detail=f"验证码发送失败: {err_msg}")
+    return {"success": True, "message": "验证码已发送"}
+@router.post("/register")
+async def register(request: RegisterRequest, response: Response):
+    """注册新用户（需要邮箱验证码）。"""
+    if request.password != request.confirm_password:
+        raise HTTPException(status_code=400, detail="两次输入的密码不一致")
+    if not await verify_code(request.email, request.code):
+        raise HTTPException(status_code=400, detail="验证码错误或已过期")
+    existing = await get_user_by_email(request.email)
+    if existing:
+        raise HTTPException(status_code=400, detail="该邮箱已被注册")
+    # 自动生成用户名（如果未提供）
+    username = request.username
+    if not username:
+        base = request.email.split("@")[0].replace(".", "_")
+        username = base
+        suffix = 1
+        while await get_user_by_username(username):
+            username = f"{base}{suffix}"
+            suffix += 1
+    # 检查用户名是否已被占用
+    if await get_user_by_username(username):
+        raise HTTPException(status_code=400, detail="用户名已被使用")
+    salt = generate_salt()
+    password_hash = hash_password(request.password, salt)
+    user = await add_user({
+        "username": username,
+        "email": request.email,
+        "password_hash": password_hash,
+        "salt": salt.hex(),
+        "role": "user",
+        "is_active": True,
+    })
+    await delete_verification_code(request.email)
+    settings = get_settings()
+    access_token = create_access_token(
+        {"sub": user["id"], "username": user["username"], "email": user["email"], "role": user["role"]},
+        settings.jwt_secret,
+        settings.jwt_access_token_expire_minutes,
+    )
+    refresh_token = create_refresh_token(
+        {"sub": user["id"]},
+        settings.jwt_secret,
+        settings.jwt_refresh_token_expire_days,
+    )
+    # refresh_token 设为 httpOnly cookie（与登录一致）
+    response.set_cookie(
+        "refresh_token",
+        refresh_token,
+        max_age=settings.jwt_refresh_token_expire_days * 86400,
+        httponly=True,
+        secure=bool(_IS_PRODUCTION),
+        samesite="lax",
+    )
+    return {
+        "access_token": access_token,
+        "refresh_token": refresh_token,
+        "token_type": "bearer",
+        "user": {"id": user["id"], "username": user["username"], "email": user.get("email"), "role": user["role"]},
+    }
+@router.post("/login")
+async def login(request: LoginRequest, response: Response):
+    """邮箱登录。"""
+    user = await get_user_by_email(request.email)
+    if not user or not user.get("is_active"):
+        raise HTTPException(status_code=401, detail="邮箱或密码错误")
+    salt_bytes = bytes.fromhex(user["salt"])
+    if not verify_password(request.password, salt_bytes, user["password_hash"]):
+        raise HTTPException(status_code=401, detail="邮箱或密码错误")
+    settings = get_settings()
+    access_token = create_access_token(
+        {"sub": user["id"], "username": user["username"], "email": user.get("email"), "role": user["role"]},
+        settings.jwt_secret,
+        settings.jwt_access_token_expire_minutes,
+    )
+    refresh_token = create_refresh_token(
+        {"sub": user["id"]},
+        settings.jwt_secret,
+        settings.jwt_refresh_token_expire_days,
+    )
+    # refresh_token 设为 httpOnly cookie
+    response.set_cookie(
+        "refresh_token",
+        refresh_token,
+        max_age=settings.jwt_refresh_token_expire_days * 86400,
+        httponly=True,
+        secure=bool(_IS_PRODUCTION),
+        samesite="lax",
+    )
+    return {
+        "access_token": access_token,
+        "refresh_token": refresh_token,
+        "token_type": "bearer",
+        "user": {"id": user["id"], "username": user["username"], "email": user.get("email"), "role": user["role"]},
+    }
+@router.post("/refresh")
+async def refresh(request: Request):
+    """用 httpOnly cookie 中的 refresh_token 获取新的 access_token。"""
+    import logging
+    _log = logging.getLogger(__name__)
+    refresh_token = request.cookies.get("refresh_token")
+    if not refresh_token:
+        _log.warning("auth refresh 失败: cookie 中缺少 refresh_token (cookies=%s)", list(request.cookies.keys()))
+        raise HTTPException(status_code=401, detail="缺少 refresh token")
+    payload = decode_token(refresh_token, get_settings().jwt_secret)
+    if not payload:
+        _log.warning("auth refresh 失败: refresh_token 解码失败（可能已过期）")
+        raise HTTPException(status_code=401, detail="无效或已过期的 refresh token")
+    if payload.get("type") != "refresh":
+        _log.warning("auth refresh 失败: token 类型错误 (type=%s)", payload.get("type"))
+        raise HTTPException(status_code=401, detail="无效的 refresh token")
+    user_id = payload.get("sub")
+    user = await get_user_by_id(user_id)
+    if not user or not user.get("is_active"):
+        _log.warning("auth refresh 失败: 用户不存在或已禁用 (sub=%s)", user_id)
+        raise HTTPException(status_code=401, detail="用户不存在或已禁用")
+    settings = get_settings()
+    access_token = create_access_token(
+        {"sub": user["id"], "username": user["username"], "email": user.get("email"), "role": user["role"]},
+        settings.jwt_secret,
+        settings.jwt_access_token_expire_minutes,
+    )
+    return {"access_token": access_token, "token_type": "bearer"}
+@router.post("/logout")
+async def logout(response: Response):
+    """退出登录，清除 refresh_token cookie。"""
+    response.delete_cookie("refresh_token", secure=bool(_IS_PRODUCTION))
+    return {"success": True, "message": "已退出登录"}
+@router.get("/me")
+async def me(request: Request):
+    """获取当前用户信息。"""
+    auth_header = request.headers.get("Authorization", "")
+    if not auth_header.startswith("Bearer "):
+        raise HTTPException(status_code=401, detail="未认证")
+    token = auth_header[7:]
+    payload = decode_token(token, get_settings().jwt_secret)
+    if not payload or payload.get("type") != "access":
+        raise HTTPException(status_code=401, detail="无效或过期的 token")
+    user_id = payload.get("sub")
+    user = await get_user_by_id(user_id)
+    if not user:
+        raise HTTPException(status_code=401, detail="用户不存在")
+    return {
+        "id": user["id"],
+        "username": user["username"],
+        "email": user.get("email"),
+        "role": user["role"],
+    }
+@router.post("/forgot-password")
+async def forgot_password(request: ForgotPasswordRequest):
+    """发送密码重置链接到邮箱。"""
+    user = await get_user_by_email(request.email)
+    if not user:
+        return {"success": True, "message": "如果该邮箱已注册，重置链接已发送"}
+    token = str(uuid.uuid4())
+    expires_at = datetime.now(timezone.utc) + timedelta(minutes=30)
+    await save_reset_token(token, user["id"], expires_at)
+    success, err_msg = await send_reset_link(request.email, token)
+    if not success:
+        raise HTTPException(status_code=500, detail=f"邮件发送失败: {err_msg}")
+    return {"success": True, "message": "如果该邮箱已注册，重置链接已发送"}
+@router.post("/reset-password")
+async def reset_password(request: ResetPasswordRequest):
+    """通过 token 重置密码。"""
+    record = await get_reset_token(request.token)
+    if not record:
+        raise HTTPException(status_code=400, detail="重置链接无效或已过期")
+    salt = generate_salt()
+    password_hash = hash_password(request.new_password, salt)
+    await update_user_password(record["user_id"], password_hash, salt.hex())
+    await delete_reset_token(request.token)
+    return {"success": True, "message": "密码重置成功，请使用新密码登录"}

app/api/cli_auth.py ADDED Viewed

@@ -0,0 +1,165 @@
+from __future__ import annotations
+import secrets
+from datetime import datetime, timedelta, timezone
+from fastapi import APIRouter, Depends, HTTPException
+from pydantic import BaseModel
+from app.config import get_settings
+from app.infrastructure.database import get_database
+from app.infrastructure.pg_storage import get_user_by_id
+from app.utils.auth_dep import get_current_user
+from app.utils.crypto import create_access_token
+router = APIRouter(prefix="/cli-auth", tags=["cli-auth"])
+DEVICE_CODE_EXPIRE_MINUTES = 10
+CLI_TOKEN_EXPIRE_DAYS = 30
+class CliDeviceStartResponse(BaseModel):
+    device_code: str
+    user_code: str
+    verification_uri: str
+    expires_in: int
+    interval: int
+class CliAuthorizeRequest(BaseModel):
+    device_code: str
+class CliPollRequest(BaseModel):
+    device_code: str
+class CliTokenResponse(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+    expires_in: int
+    user: dict
+def _now() -> datetime:
+    return datetime.now(timezone.utc)
+def _new_device_code() -> str:
+    return secrets.token_urlsafe(32)
+def _new_user_code() -> str:
+    raw = secrets.token_hex(4).upper()
+    return f"{raw[:4]}-{raw[4:]}"
+@router.post("/start", response_model=CliDeviceStartResponse)
+async def start_cli_auth():
+    device_code = _new_device_code()
+    user_code = _new_user_code()
+    expires_at = _now() + timedelta(minutes=DEVICE_CODE_EXPIRE_MINUTES)
+    db = await get_database()
+    await db.execute(
+        """INSERT INTO cli_device_codes (device_code, user_code, status, expires_at, created_at)
+           VALUES ($1, $2, 'pending', $3, $4)""",
+        device_code,
+        user_code,
+        expires_at,
+        _now(),
+    )
+    frontend_url = get_settings().frontend_url.rstrip("/")
+    return CliDeviceStartResponse(
+        device_code=device_code,
+        user_code=user_code,
+        verification_uri=f"{frontend_url}/cli-auth?device_code={device_code}",
+        expires_in=DEVICE_CODE_EXPIRE_MINUTES * 60,
+        interval=2,
+    )
+@router.post("/authorize")
+async def authorize_cli_device(
+    request: CliAuthorizeRequest,
+    current_user: dict = Depends(get_current_user),
+):
+    db = await get_database()
+    record = await db.fetch_one(
+        "SELECT * FROM cli_device_codes WHERE device_code = $1",
+        request.device_code,
+    )
+    if not record:
+        raise HTTPException(status_code=404, detail="授权请求不存在")
+    if record["status"] != "pending":
+        raise HTTPException(status_code=400, detail="授权请求已处理")
+    if record["expires_at"] < _now():
+        await db.execute(
+            "UPDATE cli_device_codes SET status = 'expired' WHERE device_code = $1",
+            request.device_code,
+        )
+        raise HTTPException(status_code=400, detail="授权请求已过期")
+    await db.execute(
+        """UPDATE cli_device_codes
+           SET status = 'authorized', user_id = $1, authorized_at = $2
+           WHERE device_code = $3""",
+        current_user["id"],
+        _now(),
+        request.device_code,
+    )
+    return {"success": True}
+@router.post("/poll")
+async def poll_cli_auth(request: CliPollRequest):
+    db = await get_database()
+    record = await db.fetch_one(
+        "SELECT * FROM cli_device_codes WHERE device_code = $1",
+        request.device_code,
+    )
+    if not record:
+        raise HTTPException(status_code=404, detail="授权请求不存在")
+    if record["expires_at"] < _now() and record["status"] == "pending":
+        await db.execute(
+            "UPDATE cli_device_codes SET status = 'expired' WHERE device_code = $1",
+            request.device_code,
+        )
+        return {"status": "expired"}
+    if record["status"] == "pending":
+        return {"status": "pending"}
+    if record["status"] != "authorized" or not record.get("user_id"):
+        return {"status": record["status"]}
+    user = await get_user_by_id(record["user_id"])
+    if not user or not user.get("is_active"):
+        raise HTTPException(status_code=401, detail="用户不存在或已禁用")
+    settings = get_settings()
+    access_token = create_access_token(
+        {
+            "sub": user["id"],
+            "username": user["username"],
+            "email": user.get("email"),
+            "role": user["role"],
+            "scope": "cli",
+        },
+        settings.jwt_secret,
+        CLI_TOKEN_EXPIRE_DAYS * 24 * 60,
+    )
+    await db.execute(
+        "UPDATE cli_device_codes SET status = 'consumed' WHERE device_code = $1",
+        request.device_code,
+    )
+    return CliTokenResponse(
+        access_token=access_token,
+        expires_in=CLI_TOKEN_EXPIRE_DAYS * 86400,
+        user={"id": user["id"], "username": user["username"], "email": user.get("email"), "role": user["role"]},
+    )
+@router.get("/me")
+async def cli_me(current_user: dict = Depends(get_current_user)):
+    return {"user": current_user}