huace-aigc-auth-client 1.1.4__py3-none-any.whl → 1.1.6__py3-none-any.whl

huace_aigc_auth_client/__init__.py

@@ -68,6 +68,11 @@ from .legacy_adapter import (
     create_default_field_mappings,
 )
 
+from .webhook import (
+    register_webhook_router,
+    verify_webhook_signature,
+)
+
 __all__ = [
     # 核心类
     "AigcAuthClient",
@@ -89,5 +94,8 @@ __all__ = [
     "SyncResult",
     "create_sync_config",
     "create_default_field_mappings",
+    # Webhook 接收
+    "register_webhook_router",
+    "verify_webhook_signature",
 ]
-__version__ = "1.1.4"
+__version__ = "1.1.6"

huace_aigc_auth_client/legacy_adapter.py

@@ -195,14 +195,14 @@ class LegacySystemAdapter(ABC):
         """
         raise NotImplementedError("Subclass must implement get_all_users_async method")
     
-    async def upsert_user_async(self, user_data: Dict[str, Any]) -> Dict[str, Any]:
+    async def upsert_user_async(self, user_data: Dict[str, Any], auth_data: Dict[str, Any] = None) -> Dict[str, Any]:
         """异步创建或更新用户（存在则更新，不存在则新增）
         
         这是一个默认实现，子类可以选择性覆盖以优化性能。
         
         Args:
             user_data: 用户数据字典（必须包含 username）
-            
+            auth_data: 鉴权系统用户数据字典（可选）
         Returns:
             Dict: 操作结果 {"created": bool, "user_id": Any}
         """
@@ -215,6 +215,9 @@ class LegacySystemAdapter(ABC):
         
         if existing:
             # 用户存在，执行更新
+            if not auth_data or auth_data.get("updatedFields") is None or len(auth_data.get("updatedFields")) == 0:
+                # 如果没有提供 auth_data 或 updatedFields，则不更新
+                return {"created": False, "user_id": existing.get("id")}
             await self._update_user_async(username, user_data)
             return {"created": False, "user_id": existing.get("id")}
         else:

huace_aigc_auth_client/webhook.py

@@ -0,0 +1,128 @@
+# -*- coding: utf-8 -*-
+"""
+Webhook 接收模块
+
+提供通用的 webhook 接收功能，用于接收 aigc-auth 的用户变更通知
+"""
+
+import hmac
+import hashlib
+import os
+import logging
+from typing import Callable, Awaitable, Dict, Any, Optional
+from fastapi import APIRouter, Request, HTTPException
+
+logger = logging.getLogger(__name__)
+
+
+def verify_webhook_signature(payload: bytes, signature: str, secret: str) -> bool:
+    """
+    验证 webhook 签名
+    
+    Args:
+        payload: 请求体（bytes）
+        signature: 签名字符串
+        secret: 密钥
+        
+    Returns:
+        bool: 签名是否有效
+    """
+    if not secret or not signature:
+        return False  # 如果未配置密钥，则签名无效
+    
+    expected = hmac.new(
+        secret.encode('utf-8'),
+        payload,  # payload 已经是 bytes 类型
+        hashlib.sha256
+    ).hexdigest()
+    
+    return hmac.compare_digest(expected, signature)
+
+
+def register_webhook_router(
+    api_router: APIRouter,
+    handler: Callable[[Dict[str, Any]], Awaitable[Dict[str, Any]]],
+    prefix: str = "/webhook",
+    secret_env_key: str = "AIGC_AUTH_WEBHOOK_SECRET",
+    tags: Optional[list] = None
+) -> APIRouter:
+    """
+    注册 webhook 路由到现有的 API Router
+    
+    Args:
+        api_router: FastAPI APIRouter 实例
+        handler: 异步处理函数，接收 webhook 数据并返回结果
+                 函数签名: async def handler(data: Dict[str, Any]) -> Dict[str, Any]
+        prefix: webhook 路由前缀，默认 "/webhook"
+        secret_env_key: webhook 密钥的环境变量名，默认 "AIGC_AUTH_WEBHOOK_SECRET"
+        tags: OpenAPI 标签列表，默认 ["Webhook"]
+        
+    Returns:
+        APIRouter: 创建的 webhook router
+        
+    使用示例:
+        from fastapi import APIRouter
+        from huace_aigc_auth_client.webhook import register_webhook_router
+        
+        api_router = APIRouter()
+        
+        async def my_webhook_handler(data: dict) -> dict:
+            event = data.get("event")
+            if event == "user.created":
+                # 处理用户创建事件
+                pass
+            return {"status": "ok"}
+        
+        register_webhook_router(api_router, my_webhook_handler)
+    """
+    if tags is None:
+        tags = ["Webhook"]
+    
+    webhook_router = APIRouter()
+    
+    @webhook_router.post("/auth")
+    async def receive_auth_webhook(request: Request):
+        """
+        接收 aigc-auth 用户变更通知
+        
+        当 aigc-auth 中创建或更新用户时，会发送 webhook 通知到此端点，
+        本系统接收后会调用自定义的处理函数进行处理。
+        
+        支持的事件:
+        - user.created: 用户创建
+        - user.updated: 用户更新
+        """
+        # 获取请求体
+        body = await request.body()
+        
+        # 验证签名
+        signature = request.headers.get("X-Webhook-Signature", "")
+        secret = os.getenv(secret_env_key, "")
+        
+        if not verify_webhook_signature(body, signature, secret):
+            logger.warning("Webhook signature verification failed")
+            raise HTTPException(status_code=401, detail="Invalid signature")
+        
+        # 解析请求数据
+        try:
+            data = await request.json()
+        except Exception as e:
+            logger.error(f"Failed to parse webhook payload: {e}")
+            raise HTTPException(status_code=400, detail="Invalid JSON payload")
+        
+        # 记录日志
+        event = data.get("event", "unknown")
+        logger.info(f"Received webhook event: {event}")
+        
+        # 调用用户提供的处理函数
+        try:
+            result = await handler(data)
+            return result
+        except Exception as e:
+            logger.exception(f"Failed to handle webhook: {e}")
+            raise HTTPException(status_code=500, detail=str(e))
+    
+    # 将 webhook router 注册到主 router
+    api_router.include_router(webhook_router, prefix=prefix, tags=tags)
+    
+    return webhook_router

{huace_aigc_auth_client-1.1.4.dist-info → huace_aigc_auth_client-1.1.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huace-aigc-auth-client
-Version: 1.1.4
+Version: 1.1.6
 Summary: 华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能
 Author-email: Huace <support@huace.com>
 License: MIT

huace_aigc_auth_client-1.1.6.dist-info/RECORD

@@ -0,0 +1,9 @@
+huace_aigc_auth_client/__init__.py,sha256=YVvtav7BwwubneYePnJQf4PM3jUZ1e9P6wH6vJJdTlI,2332
+huace_aigc_auth_client/legacy_adapter.py,sha256=eNoyaCtTMdeNfzDlB66Fu-6WAfGYGk3DioIBAAZOL6A,21871
+huace_aigc_auth_client/sdk.py,sha256=4Azj2TPOCLWv6dTaAqw--_Uh-Gzpp0KhpxOEBGONG48,22749
+huace_aigc_auth_client/webhook.py,sha256=m-mjXNNqrUClrNpOHRBzty0XKFDBuZp4e_PgLd2t0aA,4070
+huace_aigc_auth_client-1.1.6.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
+huace_aigc_auth_client-1.1.6.dist-info/METADATA,sha256=jX7_jDBTrRnLwqG06w_zRJm6CL-pxD0eFfUX6FiFMAQ,20084
+huace_aigc_auth_client-1.1.6.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+huace_aigc_auth_client-1.1.6.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
+huace_aigc_auth_client-1.1.6.dist-info/RECORD,,

huace_aigc_auth_client-1.1.4.dist-info/RECORD

@@ -1,8 +0,0 @@
-huace_aigc_auth_client/__init__.py,sha256=isMBleAvICiYwHXv0fm6qf-nrvdIMIePGZbrrG_rQws,2163
-huace_aigc_auth_client/legacy_adapter.py,sha256=lCxpwROHZd0RG0dVp6AidQQRpFv6H8DvVzjrYHRDZFg,21515
-huace_aigc_auth_client/sdk.py,sha256=4Azj2TPOCLWv6dTaAqw--_Uh-Gzpp0KhpxOEBGONG48,22749
-huace_aigc_auth_client-1.1.4.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
-huace_aigc_auth_client-1.1.4.dist-info/METADATA,sha256=ly5bJH-amh0jsbg_ArABrq8mvqOfCQ0nYz1UtdD0Ka4,20084
-huace_aigc_auth_client-1.1.4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-huace_aigc_auth_client-1.1.4.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
-huace_aigc_auth_client-1.1.4.dist-info/RECORD,,