dashscope 1.23.6__py3-none-any.whl → 1.23.7__py3-none-any.whl

dashscope/api_entities/api_request_factory.py

@@ -1,5 +1,4 @@
 # Copyright (c) Alibaba, Inc. and its affiliates.
-
 from urllib.parse import urlencode
 
 import dashscope
@@ -10,8 +9,9 @@ from dashscope.common.constants import (REQUEST_TIMEOUT_KEYWORD,
                                         SERVICE_API_PATH, ApiProtocol,
                                         HTTPMethod)
 from dashscope.common.error import InputDataRequired, UnsupportedApiProtocol
+from dashscope.common.logging import logger
 from dashscope.protocol.websocket import WebsocketStreamingMode
-
+from dashscope.api_entities.encryption import Encryption
 
 def _get_protocol_params(kwargs):
     api_protocol = kwargs.pop('api_protocol', ApiProtocol.HTTPS)
@@ -49,6 +49,9 @@ def _build_api_request(model: str,
      base_address, flattened_output,
      extra_url_parameters) = _get_protocol_params(kwargs)
     task_id = kwargs.pop('task_id', None)
+    enable_encryption = kwargs.pop('enable_encryption', False)
+    encryption = None
+
     if api_protocol in [ApiProtocol.HTTP, ApiProtocol.HTTPS]:
         if base_address is None:
             base_address = dashscope.base_http_api_url
@@ -69,6 +72,12 @@ def _build_api_request(model: str,
         if extra_url_parameters is not None and extra_url_parameters:
             http_url += '?' + urlencode(extra_url_parameters)
 
+        if enable_encryption is True:
+            encryption = Encryption()
+            encryption.initialize()
+            if encryption.is_valid():
+                logger.debug('encryption enabled')
+
         request = HttpRequest(url=http_url,
                               api_key=api_key,
                               http_method=http_method,
@@ -77,7 +86,8 @@ def _build_api_request(model: str,
                               query=query,
                               timeout=request_timeout,
                               task_id=task_id,
-                              flattened_output=flattened_output)
+                              flattened_output=flattened_output,
+                              encryption=encryption)
     elif api_protocol == ApiProtocol.WEBSOCKET:
         if base_address is not None:
             websocket_url = base_address
@@ -103,6 +113,9 @@ def _build_api_request(model: str,
     if input is None and form is None:
         raise InputDataRequired('There is no input data and form data')
 
+    if encryption and encryption.is_valid():
+        input = encryption.encrypt(input)
+
     request_data = ApiRequestData(model,
                                   task_group=task_group,
                                   task=task,

dashscope/api_entities/encryption.py

@@ -0,0 +1,179 @@
+# Copyright (c) Alibaba, Inc. and its affiliates.
+import base64
+import json
+from dataclasses import dataclass
+import os
+from typing import Optional
+
+import requests
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.hazmat.backends import default_backend
+
+import dashscope
+from dashscope.common.constants import ENCRYPTION_AES_SECRET_KEY_BYTES, ENCRYPTION_AES_IV_LENGTH
+from dashscope.common.logging import logger
+
+
+class Encryption:
+    def __init__(self):
+        self.pub_key_id: str = ''
+        self.pub_key_str: str = ''
+        self.aes_key_bytes: bytes = b''
+        self.encrypted_aes_key_str: str = ''
+        self.iv_bytes: bytes = b''
+        self.base64_iv_str: str = ''
+        self.valid: bool = False
+
+    def initialize(self):
+        public_keys = self._get_public_keys()
+        if not public_keys:
+            return
+
+        public_key_str = public_keys.get('public_key')
+        public_key_id = public_keys.get('public_key_id')
+        if not public_key_str or not public_key_id:
+            logger.error("public keys data not valid")
+            return
+
+        aes_key_bytes = self._generate_aes_secret_key()
+        iv_bytes = self._generate_iv()
+
+        encrypted_aes_key_str = self._encrypt_aes_key_with_rsa(aes_key_bytes, public_key_str)
+        base64_iv_str = base64.b64encode(iv_bytes).decode('utf-8')
+
+        self.pub_key_id = public_key_id
+        self.pub_key_str = public_key_str
+        self.aes_key_bytes = aes_key_bytes
+        self.encrypted_aes_key_str = encrypted_aes_key_str
+        self.iv_bytes = iv_bytes
+        self.base64_iv_str = base64_iv_str
+
+        self.valid = True
+
+    def encrypt(self, dict_plaintext):
+        return self._encrypt_text_with_aes(json.dumps(dict_plaintext, ensure_ascii=False),
+                                           self.aes_key_bytes, self.iv_bytes)
+
+    def decrypt(self, base64_ciphertext):
+        return self._decrypt_text_with_aes(base64_ciphertext, self.aes_key_bytes, self.iv_bytes)
+
+    def is_valid(self):
+        return self.valid
+
+    def get_pub_key_id(self):
+        return self.pub_key_id
+
+    def get_encrypted_aes_key_str(self):
+        return self.encrypted_aes_key_str
+
+    def get_base64_iv_str(self):
+        return self.base64_iv_str
+
+    @staticmethod
+    def _get_public_keys():
+        url = dashscope.base_http_api_url + '/public-keys/latest'
+        headers = {
+            "Authorization": f"Bearer {dashscope.api_key}"
+        }
+
+        response = requests.get(url, headers=headers)
+        if response.status_code != 200:
+            logger.error("exceptional public key response: %s" % response)
+            return None
+
+        json_resp = response.json()
+        response_data = json_resp.get('data')
+
+        if not response_data:
+            logger.error("no valid data in public key response")
+            return None
+
+        return response_data
+
+    @staticmethod
+    def _generate_aes_secret_key():
+        return os.urandom(ENCRYPTION_AES_SECRET_KEY_BYTES)
+
+    @staticmethod
+    def _generate_iv():
+        return os.urandom(ENCRYPTION_AES_IV_LENGTH)
+
+    @staticmethod
+    def _encrypt_text_with_aes(plaintext, key, iv):
+        """使用AES-GCM加密数据"""
+
+        # 创建AES-GCM加密器
+        aes_gcm = Cipher(
+            algorithms.AES(key),
+            modes.GCM(iv, tag=None),
+            backend=default_backend()
+        ).encryptor()
+
+        # 关联数据设为空（根据需求可调整）
+        aes_gcm.authenticate_additional_data(b'')
+
+        # 加密数据
+        ciphertext = aes_gcm.update(plaintext.encode('utf-8')) + aes_gcm.finalize()
+
+        # 获取认证标签
+        tag = aes_gcm.tag
+
+        # 组合密文和标签
+        encrypted_data = ciphertext + tag
+
+        # 返回Base64编码结果
+        return base64.b64encode(encrypted_data).decode('utf-8')
+
+    @staticmethod
+    def _decrypt_text_with_aes(base64_ciphertext, aes_key, iv):
+        """使用AES-GCM解密响应"""
+
+        # 解码Base64数据
+        encrypted_data = base64.b64decode(base64_ciphertext)
+
+        # 分离密文和标签（标签长度16字节）
+        ciphertext = encrypted_data[:-16]
+        tag = encrypted_data[-16:]
+
+        # 创建AES-GCM解密器
+        aes_gcm = Cipher(
+            algorithms.AES(aes_key),
+            modes.GCM(iv, tag),
+            backend=default_backend()
+        ).decryptor()
+
+        # 验证关联数据（与加密时一致）
+        aes_gcm.authenticate_additional_data(b'')
+
+        # 解密数据
+        decrypted_bytes = aes_gcm.update(ciphertext) + aes_gcm.finalize()
+
+        # 明文
+        plaintext = decrypted_bytes.decode('utf-8')
+
+        return json.loads(plaintext)
+
+    @staticmethod
+    def _encrypt_aes_key_with_rsa(aes_key, public_key_str):
+        """使用RSA公钥加密AES密钥"""
+
+        # 解码Base64格式的公钥
+        public_key_bytes = base64.b64decode(public_key_str)
+
+        # 加载公钥
+        public_key = serialization.load_der_public_key(
+            public_key_bytes,
+            backend=default_backend()
+        )
+
+        base64_aes_key = base64.b64encode(aes_key).decode('utf-8')
+
+        # 使用RSA加密
+        encrypted_bytes = public_key.encrypt(
+            base64_aes_key.encode('utf-8'),
+            padding.PKCS1v15()
+        )
+
+        return base64.b64encode(encrypted_bytes).decode('utf-8')

dashscope/api_entities/http_request.py

@@ -2,6 +2,7 @@
 
 import json
 from http import HTTPStatus
+from typing import Optional
 
 import aiohttp
 import requests
@@ -16,6 +17,7 @@ from dashscope.common.utils import (_handle_aio_stream,
                                     _handle_aiohttp_failed_response,
                                     _handle_http_failed_response,
                                     _handle_stream)
+from dashscope.api_entities.encryption import Encryption
 
 
 class HttpRequest(AioBaseRequest):
@@ -28,7 +30,8 @@ class HttpRequest(AioBaseRequest):
                  query: bool = False,
                  timeout: int = DEFAULT_REQUEST_TIMEOUT_SECONDS,
                  task_id: str = None,
-                 flattened_output: bool = False) -> None:
+                 flattened_output: bool = False,
+                 encryption: Optional[Encryption] = None) -> None:
         """HttpSSERequest, processing http server sent event stream.
 
         Args:
@@ -44,11 +47,23 @@ class HttpRequest(AioBaseRequest):
         self.url = url
         self.flattened_output = flattened_output
         self.async_request = async_request
+        self.encryption = encryption
         self.headers = {
             'Accept': 'application/json',
             'Authorization': 'Bearer %s' % api_key,
             **self.headers,
         }
+
+        if encryption and encryption.is_valid():
+            self.headers = {
+                "X-DashScope-EncryptionKey": json.dumps({
+                    "public_key_id": encryption.get_pub_key_id(),
+                    "encrypt_key": encryption.get_encrypted_aes_key_str(),
+                    "iv": encryption.get_base64_iv_str()
+                }),
+                **self.headers,
+            }
+
         self.query = query
         if self.async_request and self.query is False:
             self.headers = {
@@ -168,6 +183,8 @@ class HttpRequest(AioBaseRequest):
                                                code=msg['code'],
                                                message=msg['message'])
                 else:
+                    if self.encryption and self.encryption.is_valid():
+                        output = self.encryption.decrypt(output)
                     yield DashScopeAPIResponse(request_id=request_id,
                                                status_code=HTTPStatus.OK,
                                                output=output,
@@ -183,6 +200,8 @@ class HttpRequest(AioBaseRequest):
                 output[part.name] = await part.read()
             if 'request_id' in output:
                 request_id = output['request_id']
+            if self.encryption and self.encryption.is_valid():
+                output = self.encryption.decrypt(output)
             yield DashScopeAPIResponse(request_id=request_id,
                                        status_code=HTTPStatus.OK,
                                        output=output)
@@ -196,6 +215,8 @@ class HttpRequest(AioBaseRequest):
                 usage = json_content['usage']
             if 'request_id' in json_content:
                 request_id = json_content['request_id']
+            if self.encryption and self.encryption.is_valid():
+                output = self.encryption.decrypt(output)
             yield DashScopeAPIResponse(request_id=request_id,
                                        status_code=HTTPStatus.OK,
                                        output=output,
@@ -243,6 +264,8 @@ class HttpRequest(AioBaseRequest):
                     if self.flattened_output:
                         yield msg
                     else:
+                        if self.encryption and self.encryption.is_valid():
+                            output = self.encryption.decrypt(output)
                         yield DashScopeAPIResponse(request_id=request_id,
                                                    status_code=HTTPStatus.OK,
                                                    output=output,
@@ -263,6 +286,8 @@ class HttpRequest(AioBaseRequest):
             if self.flattened_output:
                 yield json_content
             else:
+                if self.encryption and self.encryption.is_valid():
+                    output = self.encryption.decrypt(output)
                 yield DashScopeAPIResponse(request_id=request_id,
                                            status_code=HTTPStatus.OK,
                                            output=output,

dashscope/common/constants.py

@@ -37,6 +37,9 @@ REQUEST_CONTENT_IMAGE = 'image'
 REQUEST_CONTENT_AUDIO = 'audio'
 FILE_PATH_SCHEMA = 'file://'
 
+ENCRYPTION_AES_SECRET_KEY_BYTES = 32
+ENCRYPTION_AES_IV_LENGTH = 12
+
 REPEATABLE_STATUS = [
     HTTPStatus.SERVICE_UNAVAILABLE, HTTPStatus.GATEWAY_TIMEOUT
 ]

dashscope/version.py

@@ -1,3 +1,3 @@
 # Copyright (c) Alibaba, Inc. and its affiliates.
 
-__version__ = '1.23.6'
+__version__ = '1.23.7'

{dashscope-1.23.6.dist-info → dashscope-1.23.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dashscope
-Version: 1.23.6
+Version: 1.23.7
 Summary: dashscope client sdk library
 Home-page: https://dashscope.aliyun.com/
 Author: Alibaba Cloud
@@ -22,6 +22,7 @@ License-File: LICENSE
 Requires-Dist: aiohttp
 Requires-Dist: requests
 Requires-Dist: websocket-client
+Requires-Dist: cryptography
 Provides-Extra: tokenizer
 Requires-Dist: tiktoken; extra == "tokenizer"
 Dynamic: author

{dashscope-1.23.6.dist-info → dashscope-1.23.7.dist-info}/RECORD

@@ -3,7 +3,7 @@ dashscope/cli.py,sha256=amegoTkGOs6TlHMdoo4JVOqBePo3lGs745rc7leEyrE,24020
 dashscope/files.py,sha256=vRDQygm3lOqBZR73o7KNHs1iTBVuvLncuwJNxIYjzAU,3981
 dashscope/model.py,sha256=B5v_BtYLPqj6raClejBgdKg6WTGwhH_f-20pvsQqmsk,1491
 dashscope/models.py,sha256=dE4mzXkl85G343qVylSGpURPRdA5pZSqXlx6PcxqC_Q,1275
-dashscope/version.py,sha256=VtJV154d4VNke5BkkccDtVlsLdOM6gdSce36vOpcfbU,74
+dashscope/version.py,sha256=HwgMDxa-K4tdaSJnt84_qDc7qTyV4eqR_QjdjT4ulxc,74
 dashscope/aigc/__init__.py,sha256=AuRhu_vA1K0tbs_C6DgcZYhTvxMuzDgpwHJNHzEPIHg,442
 dashscope/aigc/chat_completion.py,sha256=ONlyyssIbfaKKcFo7cEKhHx5OCF2XX810HFzIExW1ho,14813
 dashscope/aigc/code_generation.py,sha256=p_mxDKJLQMW0IjFD46JRlZuEZCRESSVKEfLlAevBtqw,10936
@@ -15,11 +15,12 @@ dashscope/aigc/video_synthesis.py,sha256=XQ3-NKYFmj5cIbUbLTbI0-FyC_fQp8eds6QmD1Z
 dashscope/api_entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dashscope/api_entities/aiohttp_request.py,sha256=1L7XdIJ9L65cQmX8x9JCR4t5hNIMDrbiWADfKKp9yfo,10280
 dashscope/api_entities/api_request_data.py,sha256=04rpYPNK1HkT3iTPJmZpquH621xcBbe8R8EGrDJSLt0,5514
-dashscope/api_entities/api_request_factory.py,sha256=yRzRKlFeoEyTyiXwyw_1hTKbkf6Sb5SaKZJU--Gfm3w,5112
+dashscope/api_entities/api_request_factory.py,sha256=18A40aHL0t3s01VdbkIWRGNeVJyX0GXRHTZUxau7po4,5640
 dashscope/api_entities/base_request.py,sha256=W2SzrSAGFS6V8DErfSrayQtSL0T4iO7BrC8flr7nt1w,977
 dashscope/api_entities/chat_completion_types.py,sha256=1WMWPszhM3HaJBVz-ZXx-El4D8-RfVUL3ym65xsDRLk,11435
 dashscope/api_entities/dashscope_response.py,sha256=qNNB86h5Gb_4uHjBD_4lx6UckyQzSdaTgjze1prc12M,22073
-dashscope/api_entities/http_request.py,sha256=vgfykwSOdPom4bQVFOtXIEPYTuE_4QVNGtZ2EJ0t9lM,13310
+dashscope/api_entities/encryption.py,sha256=rUCZx3wwVvS5oyKXEeWgyWPxM8Y5d4AaVdgxLhizBqA,5517
+dashscope/api_entities/http_request.py,sha256=p2xfmq79evNON4ctCVXCcrJo8jnKABn0XzdTkTDgbLM,14540
 dashscope/api_entities/websocket_request.py,sha256=PS0FU854-HjTbKa68f4GHa7-noFRMzKySJGfPkrrBjw,16146
 dashscope/app/__init__.py,sha256=xvSvU8O7m5u7vgIvJXTJektJZxmjT2Rpt_YwePH88XE,113
 dashscope/app/application.py,sha256=Whf_ij4RHOaY12_xdS8uj8HVNCwkTp_MRdrFTryF1Kg,9472
@@ -47,7 +48,7 @@ dashscope/client/base_api.py,sha256=aWNy_xm02GXuLKVgWnYJht2nI4ZHSGfYIcr52SML15A,
 dashscope/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dashscope/common/api_key.py,sha256=yqFCAteq8CNQGnlLv6fxNFWsLqsQDbSzOpgAlUmDkaE,2037
 dashscope/common/base_type.py,sha256=2OQDqFlEH43wn54i-691cbarV_eKRLvRsPGfyb_GS0g,4670
-dashscope/common/constants.py,sha256=ULmR3ZENW1gIWRZLmUKKscRQ1vQvhw4EoTxvNbrgMmw,2378
+dashscope/common/constants.py,sha256=Ry3IBz2w9amRoRmfwC5L1dXHb7Iz2slj_I_wobmo-6Q,2446
 dashscope/common/env.py,sha256=9yWWdKqfYuHlTQSvbTBaQhGbASh5Lq6SbM9pPx8hB40,920
 dashscope/common/error.py,sha256=sXQqBGWCUBPyKa5rAI6DWc0sEidH01sR8zlIBfrTTDU,2690
 dashscope/common/logging.py,sha256=lX86X9ND1MC5mA_qKAktwaVXd_BufLgmSGPggUiEJZo,1035
@@ -92,9 +93,9 @@ dashscope/tokenizers/tokenizer.py,sha256=3FQVDvMNkCW9ccYeJdjrd_PIMMD3Xv7aNZkaYOE
 dashscope/tokenizers/tokenizer_base.py,sha256=5EJIFuizMWESEmLmbd38yJnfeHmPnzZPwsO4aOGjpl4,707
 dashscope/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dashscope/utils/oss_utils.py,sha256=L5LN3lN8etVxSL_jkZydstvEKpnTG9CY0zcvPGQ5LBo,7383
-dashscope-1.23.6.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-dashscope-1.23.6.dist-info/METADATA,sha256=l1m0KB4CgXdVltrY8r0NwntIgRE3-a5MKApSuhy8pks,7095
-dashscope-1.23.6.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-dashscope-1.23.6.dist-info/entry_points.txt,sha256=e9C3sOf9zDYL0O5ROEGX6FT8w-QK_kaGRWmPZDHAFys,49
-dashscope-1.23.6.dist-info/top_level.txt,sha256=woqavFJK9zas5xTqynmALqOtlafghjsk63Xk86powTU,10
-dashscope-1.23.6.dist-info/RECORD,,
+dashscope-1.23.7.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+dashscope-1.23.7.dist-info/METADATA,sha256=JxFpTi5zU9f1O1uLoTH1OoV6iV3K3aAqshhD1MTDtFY,7123
+dashscope-1.23.7.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+dashscope-1.23.7.dist-info/entry_points.txt,sha256=e9C3sOf9zDYL0O5ROEGX6FT8w-QK_kaGRWmPZDHAFys,49
+dashscope-1.23.7.dist-info/top_level.txt,sha256=woqavFJK9zas5xTqynmALqOtlafghjsk63Xk86powTU,10
+dashscope-1.23.7.dist-info/RECORD,,