huace-aigc-auth-client 1.1.3__py3-none-any.whl → 1.1.5__py3-none-any.whl

huace_aigc_auth_client/__init__.py

@@ -68,6 +68,11 @@ from .legacy_adapter import (
     create_default_field_mappings,
 )
 
+from .webhook import (
+    register_webhook_router,
+    verify_webhook_signature,
+)
+
 __all__ = [
     # 核心类
     "AigcAuthClient",
@@ -89,5 +94,8 @@ __all__ = [
     "SyncResult",
     "create_sync_config",
     "create_default_field_mappings",
+    # Webhook 接收
+    "register_webhook_router",
+    "verify_webhook_signature",
 ]
-__version__ = "1.1.3"
+__version__ = "1.1.5"

huace_aigc_auth_client/sdk.py

@@ -577,7 +577,7 @@ class AuthMiddleware:
             return None
         return authorization[7:]
 
-    async def fastapi_middleware(self, request, call_next):
+    async def fastapi_middleware(self, request, call_next, user_info_callback: Callable = None):
         """
         FastAPI 中间件
 
@@ -613,22 +613,23 @@ class AuthMiddleware:
             forwarded_proto = request.headers.get("x-forwarded-proto")
             if forwarded_proto:
                 request.scope["scheme"] = forwarded_proto
+            if user_info_callback:
+                await user_info_callback(request, user_info)
         except AigcAuthError as e:
             return JSONResponse(
                 status_code=401,
                 content={"code": e.code, "message": e.message, "data": None}
             )
-
         return await call_next(request)
 
-    def flask_before_request(self):
+    def flask_before_request(self, user_info_callback: Callable = None):
         """
         Flask before_request 处理器
 
         使用方法:
             @app.before_request
             def before_request():
-                return auth_middleware.flask_before_request()
+                return auth_middleware.flask_before_request(user_info_callback=user_info_callback)
         """
         from flask import request, jsonify, g
 
@@ -654,6 +655,8 @@ class AuthMiddleware:
             user_info = self.client.get_user_info(token)
             # 将用户信息存储到 flask.g
             g.user_info = user_info
+            if user_info_callback:
+                user_info_callback(request, user_info)
         except AigcAuthError as e:
             return jsonify({
                 "code": e.code,

huace_aigc_auth_client/webhook.py

@@ -0,0 +1,128 @@
+# -*- coding: utf-8 -*-
+"""
+Webhook 接收模块
+
+提供通用的 webhook 接收功能，用于接收 aigc-auth 的用户变更通知
+"""
+
+import hmac
+import hashlib
+import os
+import logging
+from typing import Callable, Awaitable, Dict, Any, Optional
+from fastapi import APIRouter, Request, HTTPException
+
+logger = logging.getLogger(__name__)
+
+
+def verify_webhook_signature(payload: bytes, signature: str, secret: str) -> bool:
+    """
+    验证 webhook 签名
+    
+    Args:
+        payload: 请求体（bytes）
+        signature: 签名字符串
+        secret: 密钥
+        
+    Returns:
+        bool: 签名是否有效
+    """
+    if not secret or not signature:
+        return False  # 如果未配置密钥，则签名无效
+    
+    expected = hmac.new(
+        secret.encode('utf-8'),
+        payload,  # payload 已经是 bytes 类型
+        hashlib.sha256
+    ).hexdigest()
+    
+    return hmac.compare_digest(expected, signature)
+
+
+def register_webhook_router(
+    api_router: APIRouter,
+    handler: Callable[[Dict[str, Any]], Awaitable[Dict[str, Any]]],
+    prefix: str = "/webhook",
+    secret_env_key: str = "AIGC_AUTH_WEBHOOK_SECRET",
+    tags: Optional[list] = None
+) -> APIRouter:
+    """
+    注册 webhook 路由到现有的 API Router
+    
+    Args:
+        api_router: FastAPI APIRouter 实例
+        handler: 异步处理函数，接收 webhook 数据并返回结果
+                 函数签名: async def handler(data: Dict[str, Any]) -> Dict[str, Any]
+        prefix: webhook 路由前缀，默认 "/webhook"
+        secret_env_key: webhook 密钥的环境变量名，默认 "AIGC_AUTH_WEBHOOK_SECRET"
+        tags: OpenAPI 标签列表，默认 ["Webhook"]
+        
+    Returns:
+        APIRouter: 创建的 webhook router
+        
+    使用示例:
+        from fastapi import APIRouter
+        from huace_aigc_auth_client.webhook import register_webhook_router
+        
+        api_router = APIRouter()
+        
+        async def my_webhook_handler(data: dict) -> dict:
+            event = data.get("event")
+            if event == "user.created":
+                # 处理用户创建事件
+                pass
+            return {"status": "ok"}
+        
+        register_webhook_router(api_router, my_webhook_handler)
+    """
+    if tags is None:
+        tags = ["Webhook"]
+    
+    webhook_router = APIRouter()
+    
+    @webhook_router.post("/auth")
+    async def receive_auth_webhook(request: Request):
+        """
+        接收 aigc-auth 用户变更通知
+        
+        当 aigc-auth 中创建或更新用户时，会发送 webhook 通知到此端点，
+        本系统接收后会调用自定义的处理函数进行处理。
+        
+        支持的事件:
+        - user.created: 用户创建
+        - user.updated: 用户更新
+        """
+        # 获取请求体
+        body = await request.body()
+        
+        # 验证签名
+        signature = request.headers.get("X-Webhook-Signature", "")
+        secret = os.getenv(secret_env_key, "")
+        
+        if not verify_webhook_signature(body, signature, secret):
+            logger.warning("Webhook signature verification failed")
+            raise HTTPException(status_code=401, detail="Invalid signature")
+        
+        # 解析请求数据
+        try:
+            data = await request.json()
+        except Exception as e:
+            logger.error(f"Failed to parse webhook payload: {e}")
+            raise HTTPException(status_code=400, detail="Invalid JSON payload")
+        
+        # 记录日志
+        event = data.get("event", "unknown")
+        logger.info(f"Received webhook event: {event}")
+        
+        # 调用用户提供的处理函数
+        try:
+            result = await handler(data)
+            return result
+        except Exception as e:
+            logger.exception(f"Failed to handle webhook: {e}")
+            raise HTTPException(status_code=500, detail=str(e))
+    
+    # 将 webhook router 注册到主 router
+    api_router.include_router(webhook_router, prefix=prefix, tags=tags)
+    
+    return webhook_router

{huace_aigc_auth_client-1.1.3.dist-info → huace_aigc_auth_client-1.1.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huace-aigc-auth-client
-Version: 1.1.3
+Version: 1.1.5
 Summary: 华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能
 Author-email: Huace <support@huace.com>
 License: MIT

huace_aigc_auth_client-1.1.5.dist-info/RECORD

@@ -0,0 +1,9 @@
+huace_aigc_auth_client/__init__.py,sha256=IEHy6LKacmhQnnaUHIKg5YyUf2aNCYMj4_0p3NNOU90,2332
+huace_aigc_auth_client/legacy_adapter.py,sha256=lCxpwROHZd0RG0dVp6AidQQRpFv6H8DvVzjrYHRDZFg,21515
+huace_aigc_auth_client/sdk.py,sha256=4Azj2TPOCLWv6dTaAqw--_Uh-Gzpp0KhpxOEBGONG48,22749
+huace_aigc_auth_client/webhook.py,sha256=m-mjXNNqrUClrNpOHRBzty0XKFDBuZp4e_PgLd2t0aA,4070
+huace_aigc_auth_client-1.1.5.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
+huace_aigc_auth_client-1.1.5.dist-info/METADATA,sha256=d8z-VO8lkrZO7JYuSqHyfezrJzOxlYaYqwPfk9zijao,20084
+huace_aigc_auth_client-1.1.5.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+huace_aigc_auth_client-1.1.5.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
+huace_aigc_auth_client-1.1.5.dist-info/RECORD,,

huace_aigc_auth_client-1.1.3.dist-info/RECORD

@@ -1,8 +0,0 @@
-huace_aigc_auth_client/__init__.py,sha256=WwdgR8RP5SkueieSv6HCjIirIZdwTDpyGTaBzpENK5g,2163
-huace_aigc_auth_client/legacy_adapter.py,sha256=lCxpwROHZd0RG0dVp6AidQQRpFv6H8DvVzjrYHRDZFg,21515
-huace_aigc_auth_client/sdk.py,sha256=46kkNDmWcce4BkSAT9zn5n8XdURDns3YtXIIfe8TGDU,22453
-huace_aigc_auth_client-1.1.3.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
-huace_aigc_auth_client-1.1.3.dist-info/METADATA,sha256=nATeZZKa_zxe1vVU5KF6jNiASCWPwbDS3yWqpv7FtzE,20084
-huace_aigc_auth_client-1.1.3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-huace_aigc_auth_client-1.1.3.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
-huace_aigc_auth_client-1.1.3.dist-info/RECORD,,