huace-aigc-auth-client 1.1.21__py3-none-any.whl → 1.1.28__py3-none-any.whl

huace_aigc_auth_client/__init__.py

@@ -172,4 +172,4 @@ __all__ = [
     # 用户上下文
     "get_current_user",
 ]
-__version__ = "1.1.21"
+__version__ = "1.1.28"

huace_aigc_auth_client/api_stats_collector.py

@@ -18,8 +18,7 @@ class ApiStatsCollector:
         api_url: str,
         app_id: str,
         app_secret: str,
-        token: str,
-        batch_size: int = 10,
+        batch_size: int = 50,
         flush_interval: float = 5.0,
         enabled: bool = True
     ):
@@ -30,7 +29,6 @@ class ApiStatsCollector:
             api_url: 统计接口 URL（如：http://auth.example.com/api/sdk/stats/report/batch）
             app_id: 应用 ID
             app_secret: 应用密钥
-            token: 用户访问令牌
             batch_size: 批量提交大小
             flush_interval: 刷新间隔（秒）
             enabled: 是否启用
@@ -38,7 +36,6 @@ class ApiStatsCollector:
         self.api_url = api_url.rstrip('/')
         self.app_id = app_id
         self.app_secret = app_secret
-        self.token = token
         self.batch_size = batch_size
         self.flush_interval = flush_interval
         self.enabled = enabled
@@ -69,6 +66,7 @@ class ApiStatsCollector:
         api_method: str,
         status_code: int,
         response_time: float,
+        token: str,
         error_message: Optional[str] = None,
         request_params: Optional[Dict[str, Any]] = None
     ):
@@ -80,21 +78,26 @@ class ApiStatsCollector:
             api_method: 请求方法
             status_code: 状态码
             response_time: 响应时间（秒）
+            token: 用户访问令牌
             error_message: 错误信息
             request_params: 请求参数（包含 headers, query_params, view_params, request_body, form_params）
         """
         if not self.enabled:
             return
         
+        # 过滤重定向请求（3xx 状态码），这些通常是框架自动处理的，不应统计
+        if 300 <= status_code < 400:
+            return
+        
         try:
             stat_data = {
                 'api_path': api_path,
                 'api_method': api_method,
                 'status_code': status_code,
                 'response_time': response_time,
+                'token': token,
                 'error_message': error_message,
-                'request_params': request_params,
-                'timestamp': datetime.utcnow().isoformat()
+                'request_params': request_params
             }
             self.queue.put_nowait(stat_data)
         except queue.Full:
@@ -135,19 +138,50 @@ class ApiStatsCollector:
             self._flush_buffer(buffer)
     
     def _flush_buffer(self, buffer: List[Dict[str, Any]]):
-        """刷新缓冲区：批量提交统计数据"""
+        """刷新缓冲区：按token分组批量提交统计数据"""
         if not buffer:
             return
         
+        try:
+            # 按token分组
+            token_groups: Dict[str, List[Dict[str, Any]]] = {}
+            for stat in buffer:
+                token = stat.get('token')
+                if not token:
+                    continue
+                
+                if token not in token_groups:
+                    token_groups[token] = []
+                
+                # 移除token字段后添加到分组
+                stat_copy = stat.copy()
+                stat_copy.pop('token', None)
+                token_groups[token].append(stat_copy)
+            
+            # 对每个token分组分别提交
+            for token, stats in token_groups.items():
+                self._submit_stats(token, stats)
+                
+        except Exception:
+            pass  # 静默失败，不影响主流程
+    
+    def _submit_stats(self, token: str, stats: List[Dict[str, Any]]):
+        """
+        提交统计数据到服务端
+        
+        Args:
+            token: 用户访问令牌
+            stats: 统计数据列表（已移除token字段）
+        """
         try:
             headers = {
                 'X-App-Id': self.app_id,
                 'X-App-Secret': self.app_secret,
-                'Authorization': f'Bearer {self.token}',
+                'Authorization': f'Bearer {token}',
                 'Content-Type': 'application/json'
             }
             
-            payload = {'stats': buffer}
+            payload = {'stats': stats}
             
             response = requests.post(
                 f'{self.api_url}/stats/report/batch',
@@ -173,7 +207,6 @@ def init_api_stats_collector(
     api_url: str,
     app_id: str,
     app_secret: str,
-    token: str,
     batch_size: int = 10,
     flush_interval: float = 5.0,
     enabled: bool = True
@@ -185,7 +218,6 @@ def init_api_stats_collector(
         api_url: 统计接口 URL
         app_id: 应用 ID
         app_secret: 应用密钥
-        token: 用户访问令牌
         batch_size: 批量提交大小
         flush_interval: 刷新间隔（秒）
         enabled: 是否启用
@@ -198,7 +230,6 @@ def init_api_stats_collector(
         api_url=api_url,
         app_id=app_id,
         app_secret=app_secret,
-        token=token,
         batch_size=batch_size,
         flush_interval=flush_interval,
         enabled=enabled
@@ -224,6 +255,7 @@ def collect_api_stat(
     api_method: str,
     status_code: int,
     response_time: float,
+    token: str,
     error_message: Optional[str] = None,
     request_params: Optional[Dict[str, Any]] = None
 ):
@@ -231,7 +263,21 @@ def collect_api_stat(
     快捷方法：收集接口统计数据
     
     使用全局收集器实例
+    注意：会自动过滤 3xx 重定向状态码的请求
+    
+    Args:
+        api_path: 接口路径
+        api_method: 请求方法
+        status_code: 状态码
+        response_time: 响应时间（秒）
+        token: 用户访问令牌
+        error_message: 错误信息
+        request_params: 请求参数
     """
+    # 过滤重定向请求（3xx 状态码），这些通常是框架自动处理的，不应统计
+    if 300 <= status_code < 400:
+        return
+    
     collector = get_api_stats_collector()
     if collector:
         collector.collect(
@@ -239,6 +285,7 @@ def collect_api_stat(
             api_method=api_method,
             status_code=status_code,
             response_time=response_time,
+            token=token,
             error_message=error_message,
             request_params=request_params
         )

huace_aigc_auth_client/sdk.py

@@ -570,24 +570,28 @@ class AuthMiddleware:
         self.exclude_paths = exclude_paths or []
         self.exclude_prefixes = exclude_prefixes or []
         self.enable_stats = enable_stats
-        self.stats_collector = None
         
-        # 如果启用统计，设置统计接口 URL（默认使用 client 的 base_url）
+        # 如果启用统计，初始化全局统计收集器
         if self.enable_stats:
             self.stats_api_url = stats_api_url or f"{self.client.base_url}/sdk"
+            self._init_global_stats_collector()
     
-    def _init_stats_collector(self, token: str):
-        """初始化统计收集器（延迟初始化）"""
-        if not self.enable_stats or self.stats_collector is not None:
+    def _init_global_stats_collector(self):
+        """初始化全局统计收集器（只初始化一次）"""
+        if not self.enable_stats:
             return
         
         try:
-            from .api_stats_collector import init_api_stats_collector
-            self.stats_collector = init_api_stats_collector(
+            from .api_stats_collector import init_api_stats_collector, get_api_stats_collector
+            
+            # 检查是否已经初始化
+            if get_api_stats_collector() is not None:
+                return
+            
+            init_api_stats_collector(
                 api_url=self.stats_api_url,
                 app_id=self.client.app_id,
                 app_secret=self.client.app_secret,
-                token=token,
                 batch_size=10,
                 flush_interval=5.0,
                 enabled=True
@@ -615,21 +619,31 @@ class AuthMiddleware:
                 "form_params": None
             }
             
-            # 获取请求体（JSON 或文本）
+            # 获取 content-type
+            content_type = request.headers.get('Content-Type', '').lower()
+            
+            # 获取请求体（使用白名单方式，只处理已知安全的内容类型）
             if request.is_json:
                 try:
                     params["request_body"] = request.get_json(silent=True)
                 except Exception:
                     pass
-            elif request.data:
+            elif 'application/x-www-form-urlencoded' in content_type:
+                # 表单数据
+                if request.form:
+                    params["form_params"] = request.form.to_dict(flat=False)
+            elif 'multipart/form-data' in content_type:
+                # 文件上传请求，不读取 request.data，避免损坏文件流
+                # 只收集表单字段（非文件字段）
+                if request.form:
+                    params["form_params"] = request.form.to_dict(flat=False)
+            elif content_type.startswith('text/') and request.data and len(request.data) < 10240:
+                # 只读取文本类型的请求体，且限制大小避免内存问题
                 try:
                     params["request_body"] = request.data.decode('utf-8')
                 except Exception:
-                    params["request_body"] = str(request.data)
-            
-            # 获取表单数据
-            if request.form:
-                params["form_params"] = request.form.to_dict(flat=False)
+                    pass
+            # 其他类型（如 application/octet-stream 等二进制流）直接跳过，不读取
             
             return params
         except Exception as e:
@@ -656,28 +670,32 @@ class AuthMiddleware:
                 "form_params": None
             }
             
-            # 获取请求体
-            content_type = request.headers.get("content-type", "")
+            # 获取请求体（使用白名单方式，只处理已知安全的内容类型）
+            content_type = request.headers.get("content-type", "").lower()
+            # 读取请求体（需要特殊处理以避免消耗流）
+            body = b""
+            if request.method in ["POST", "PUT", "PATCH"]:
+                try:
+                    body = await request.body()
+                except:
+                    pass
+            params["request_body"] = body.decode('utf-8', errors='ignore')
             
             if "application/json" in content_type:
                 try:
                     params["request_body"] = await request.json()
                 except Exception:
                     pass
-            elif "application/x-www-form-urlencoded" in content_type or "multipart/form-data" in content_type:
+            elif "application/x-www-form-urlencoded" in content_type:
                 try:
                     form = await request.form()
                     params["form_params"] = {k: v for k, v in form.items()}
                 except Exception:
                     pass
-            else:
-                # 尝试读取原始body
-                try:
-                    body = await request.body()
-                    if body:
-                        params["request_body"] = body.decode('utf-8')
-                except Exception:
-                    pass
+            elif "multipart/form-data" in content_type:
+                # 文件上传请求，不读取 body，避免损坏文件流
+                params["form_params"] = {"skipped_multipart": True}
+            # 其他类型（如 application/octet-stream 等二进制流）直接跳过，不读取
             
             return params
         except Exception as e:
@@ -690,22 +708,27 @@ class AuthMiddleware:
         api_method: str,
         status_code: int,
         response_time: float,
+        token: str,
         error_message: Optional[str] = None,
         request_params: Optional[Dict[str, Any]] = None
     ):
         """收集接口统计"""
-        if not self.enable_stats or not self.stats_collector:
+        if not self.enable_stats:
             return
         
         try:
-            self.stats_collector.collect(
-                api_path=api_path,
-                api_method=api_method,
-                status_code=status_code,
-                response_time=response_time,
-                error_message=error_message,
-                request_params=request_params
-            )
+            from .api_stats_collector import get_api_stats_collector
+            collector = get_api_stats_collector()
+            if collector:
+                collector.collect(
+                    api_path=api_path,
+                    api_method=api_method,
+                    status_code=status_code,
+                    response_time=response_time,
+                    token=token,
+                    error_message=error_message,
+                    request_params=request_params
+                )
         except Exception:
             pass  # 静默失败
 
@@ -726,9 +749,83 @@ class AuthMiddleware:
             return None
         return authorization[7:]
 
+    def get_fastapi_middleware_class(self, user_info_callback: Callable = None):
+        """
+        获取 FastAPI 中间件类（推荐使用，避免请求体读取问题）
+        
+        使用方法:
+            from starlette.middleware.base import BaseHTTPMiddleware
+            app.add_middleware(auth_middleware.get_fastapi_middleware_class())
+        
+        Returns:
+            继承于 BaseHTTPMiddleware 的中间件类
+        """
+        from fastapi.responses import JSONResponse
+        from starlette.middleware.base import BaseHTTPMiddleware
+        
+        auth_middleware_instance = self
+        
+        class AuthHTTPMiddleware(BaseHTTPMiddleware):
+            async def dispatch(self, request, call_next):
+                path = request.url.path
+                start_time = time.time()
+                
+                # 收集请求参数
+                request_params = await auth_middleware_instance._collect_fastapi_request_params(request) if auth_middleware_instance.enable_stats else None
+
+                # 检查是否跳过
+                if auth_middleware_instance._should_skip(path):
+                    return await call_next(request)
+
+                # 获取 Authorization header
+                authorization = request.headers.get("Authorization")
+                token = auth_middleware_instance._extract_token(authorization)
+
+                if not token:
+                    logger.warning("AuthMiddleware未提供认证信息")
+                    response_time = time.time() - start_time
+                    auth_middleware_instance._collect_stats(path, request.method, 401, response_time, "", "未提供认证信息", request_params)
+                    return JSONResponse(
+                        status_code=401,
+                        content={"code": 401, "message": "未提供认证信息", "data": None}
+                    )
+
+                # 验证 token
+                try:
+                    user_info = auth_middleware_instance.client.get_user_info(token)
+                    # 将用户信息存储到 request.state
+                    request.state.user_info = user_info
+                    # 设置上下文
+                    set_current_user(dataclasses.asdict(user_info))
+                    if user_info_callback:
+                        await user_info_callback(request, user_info)
+                except AigcAuthError as e:
+                    logger.error(f"AuthMiddleware认证失败: {e.message}")
+                    response_time = time.time() - start_time
+                    auth_middleware_instance._collect_stats(path, request.method, 401, response_time, token, e.message, request_params)
+                    return JSONResponse(
+                        status_code=401,
+                        content={"code": e.code, "message": e.message, "data": None}
+                    )
+                
+                # 处理请求
+                try:
+                    response = await call_next(request)
+                    response_time = time.time() - start_time
+                    auth_middleware_instance._collect_stats(path, request.method, response.status_code, response_time, token, None, request_params)
+                    return response
+                except Exception as e:
+                    response_time = time.time() - start_time
+                    auth_middleware_instance._collect_stats(path, request.method, 500, response_time, token, str(e), request_params)
+                    raise
+                finally:
+                    clear_current_user()
+        
+        return AuthHTTPMiddleware
+
     async def fastapi_middleware(self, request, call_next, user_info_callback: Callable = None):
         """
-        FastAPI 中间件
+        FastAPI 中间件（旧方法，推荐使用 get_fastapi_middleware_class）
 
         使用方法:
             @app.middleware("http")
@@ -736,12 +833,14 @@ class AuthMiddleware:
                 return await auth_middleware.fastapi_middleware(request, call_next)
         """
         from fastapi.responses import JSONResponse
+        
+        # 处理代理头部，确保重定向（如果有）使用正确的协议
+        forwarded_proto = request.headers.get("x-forwarded-proto")
+        if forwarded_proto:
+            request.scope["scheme"] = forwarded_proto
 
         path = request.url.path
         start_time = time.time()
-        
-        # 收集请求参数
-        request_params = await self._collect_fastapi_request_params(request) if self.enable_stats else None
 
         # 检查是否跳过
         if self._should_skip(path):
@@ -754,7 +853,9 @@ class AuthMiddleware:
         if not token:
             logger.warning("AuthMiddleware未提供认证信息")
             response_time = time.time() - start_time
-            self._collect_stats(path, request.method, 401, response_time, "未提供认证信息", request_params)
+            # 收集请求参数
+            request_params = await self._collect_fastapi_request_params(request) if self.enable_stats else None
+            self._collect_stats(path, request.method, 401, response_time, "", "未提供认证信息", request_params)
             return JSONResponse(
                 status_code=401,
                 content={"code": 401, "message": "未提供认证信息", "data": None}
@@ -763,24 +864,18 @@ class AuthMiddleware:
         # 验证 token
         try:
             user_info = self.client.get_user_info(token)
-            # 初始化统计收集器（第一次有token时）
-            if self.enable_stats and self.stats_collector is None:
-                self._init_stats_collector(token)
             # 将用户信息存储到 request.state
             request.state.user_info = user_info
             # 设置上下文
             set_current_user(dataclasses.asdict(user_info))
-
-            # 处理代理头部，确保重定向（如果有）使用正确的协议
-            forwarded_proto = request.headers.get("x-forwarded-proto")
-            if forwarded_proto:
-                request.scope["scheme"] = forwarded_proto
             if user_info_callback:
                 await user_info_callback(request, user_info)
         except AigcAuthError as e:
             logger.error(f"AuthMiddleware认证失败: {e.message}")
             response_time = time.time() - start_time
-            self._collect_stats(path, request.method, 401, response_time, e.message, request_params)
+            # 收集请求参数
+            request_params = await self._collect_fastapi_request_params(request) if self.enable_stats else None
+            self._collect_stats(path, request.method, 401, response_time, token, e.message, request_params)
             return JSONResponse(
                 status_code=401,
                 content={"code": e.code, "message": e.message, "data": None}
@@ -790,11 +885,15 @@ class AuthMiddleware:
         try:
             response = await call_next(request)
             response_time = time.time() - start_time
-            self._collect_stats(path, request.method, response.status_code, response_time, None, request_params)
+            # 收集请求参数
+            request_params = await self._collect_fastapi_request_params(request) if self.enable_stats else None
+            self._collect_stats(path, request.method, response.status_code, response_time, token, None, request_params)
             return response
         except Exception as e:
+            # 收集请求参数
+            request_params = await self._collect_fastapi_request_params(request) if self.enable_stats else None
             response_time = time.time() - start_time
-            self._collect_stats(path, request.method, 500, response_time, str(e), request_params)
+            self._collect_stats(path, request.method, 500, response_time, token, str(e), request_params)
             raise
         finally:
             clear_current_user()
@@ -828,7 +927,7 @@ class AuthMiddleware:
         if not token:
             logger.warning("AuthMiddleware未提供认证信息")
             response_time = time.time() - g.start_time
-            self._collect_stats(path, request.method, 401, response_time, "未提供认证信息", g.request_params)
+            self._collect_stats(path, request.method, 401, response_time, "", "未提供认证信息", g.request_params)
             return jsonify({
                 "code": 401,
                 "message": "未提供认证信息",
@@ -838,9 +937,6 @@ class AuthMiddleware:
         # 验证 token
         try:
             user_info = self.client.get_user_info(token)
-            # 初始化统计收集器（第一次有token时）
-            if self.enable_stats and self.stats_collector is None:
-                self._init_stats_collector(token)
             # 将用户信息存储到 flask.g
             g.user_info = user_info
             # 设置上下文
@@ -850,7 +946,7 @@ class AuthMiddleware:
         except AigcAuthError as e:
             logger.error(f"AuthMiddleware认证失败: {e.message}")
             response_time = time.time() - g.start_time
-            self._collect_stats(path, request.method, 401, response_time, e.message, g.request_params)
+            self._collect_stats(path, request.method, 401, response_time, token, e.message, g.request_params)
             return jsonify({
                 "code": e.code,
                 "message": e.message,
@@ -876,11 +972,15 @@ class AuthMiddleware:
         if hasattr(g, 'start_time'):
             response_time = time.time() - g.start_time
             request_params = getattr(g, 'request_params', None)
+            # 从 request 的 Authorization header 获取 token
+            authorization = request.headers.get("Authorization")
+            token = self._extract_token(authorization) or ""
             self._collect_stats(
                 request.path,
                 request.method,
                 response.status_code,
                 response_time,
+                token,
                 None,
                 request_params
             )

{huace_aigc_auth_client-1.1.21.dist-info → huace_aigc_auth_client-1.1.28.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huace-aigc-auth-client
-Version: 1.1.21
+Version: 1.1.28
 Summary: 华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能
 Author-email: Huace <support@huace.com>
 License: MIT

{huace_aigc_auth_client-1.1.21.dist-info → huace_aigc_auth_client-1.1.28.dist-info}/RECORD

@@ -1,12 +1,12 @@
-huace_aigc_auth_client/__init__.py,sha256=E7sfAphd04F3WFwxnwnPvIUpIW7XQ36Anc4qvsuEo74,4630
-huace_aigc_auth_client/api_stats_collector.py,sha256=5qsxHjsx7rELsO4PSmrDYxXAWuJBfB0HrOI-PqTV52I,8698
+huace_aigc_auth_client/__init__.py,sha256=nCpT58WU83NkEpdyMiq35t4Zd261cdp45N_07NRoisY,4630
+huace_aigc_auth_client/api_stats_collector.py,sha256=UCUu2CHWsJyiAM58-XLQtfxWK0fjZ8TTdw90gv_Gx04,10347
 huace_aigc_auth_client/legacy_adapter.py,sha256=TVCBAKejE2z2HQFsEwDW8LMiaIkXNfz3Mxv6_E-UJFY,24102
-huace_aigc_auth_client/sdk.py,sha256=03OzVIhawoBXWNfq8AUfdUEPLlQMrBhfsNSYANOrnwg,31346
+huace_aigc_auth_client/sdk.py,sha256=49UrQnS96a_m-FM9KVSqmE8x4J-R4qpYsE4KgzasvFE,36742
 huace_aigc_auth_client/user_context.py,sha256=KzevYLsLv1hv8rlvRw83FT-HugeoBJSJ1Pi56iLWyTE,5592
 huace_aigc_auth_client/webhook.py,sha256=XQZYEbMoqIdqZWCGSTcedeDKJpDbUVSq5g08g-6Qucg,4124
 huace_aigc_auth_client/webhook_flask.py,sha256=Iosu4dBtRhQZM_ytn-bn82MpVsyOiV28FBnt7Tfh31U,7225
-huace_aigc_auth_client-1.1.21.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
-huace_aigc_auth_client-1.1.21.dist-info/METADATA,sha256=NNnIyfDXLdjYBv4Xr63AioZ8FSCv26RevMBA8VEUijg,23629
-huace_aigc_auth_client-1.1.21.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-huace_aigc_auth_client-1.1.21.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
-huace_aigc_auth_client-1.1.21.dist-info/RECORD,,
+huace_aigc_auth_client-1.1.28.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
+huace_aigc_auth_client-1.1.28.dist-info/METADATA,sha256=9TkNkzidAbMP7nb2drl1FfSOAumh6ngs7ueiik40mnE,23629
+huace_aigc_auth_client-1.1.28.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+huace_aigc_auth_client-1.1.28.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
+huace_aigc_auth_client-1.1.28.dist-info/RECORD,,