huace-aigc-auth-client 1.1.7__py3-none-any.whl → 1.1.13__py3-none-any.whl

huace_aigc_auth_client/__init__.py

@@ -67,11 +67,76 @@ from .legacy_adapter import (
     create_sync_config,
     create_default_field_mappings,
 )
+# fastapi 相关功能是可选的，如果未安装 fastapi 则跳过
+try:
+    from .webhook import (
+        register_webhook_router,
+        verify_webhook_signature,
+    )
+    _fastapi_available = True
+except ImportError:
+    _fastapi_available = False
+    # 提供占位符，避免 __all__ 导出时出错
+    register_webhook_router = None
+    verify_webhook_signature = None
+
+# Flask 相关功能是可选的，如果未安装 flask 则跳过
+try:
+    from .webhook_flask import (
+        create_flask_webhook_blueprint,
+        register_flask_webhook_routes,
+    )
+    _flask_available = True
+except ImportError:
+    _flask_available = False
+    # 提供占位符，避免 __all__ 导出时出错
+    create_flask_webhook_blueprint = None
+    register_flask_webhook_routes = None
+
+def setLogger(log):
+    """
+    统一设置所有模块的 logger
+    
+    Args:
+        log: logging.Logger 实例
+        
+    使用示例:
+        import logging
+        from huace_aigc_auth_client import setLogger
+        
+        logger = logging.getLogger("my_app")
+        logger.setLevel(logging.INFO)
+        
+        # 设置 SDK 所有模块使用该 logger
+        setLogger(logger)
+    """
+    try:
+        from .sdk import setLogger as sdk_setLogger
+        sdk_setLogger(log)
+    except Exception as e:
+        print(f"Failed to set logger for sdk module: {e}")
+    
+    try:
+        from .legacy_adapter import setLogger as legacy_setLogger
+        legacy_setLogger(log)
+    except Exception as e:
+        print(f"Failed to set logger for legacy_adapter module: {e}")
+    
+    if _fastapi_available:
+        try:
+            from .webhook import setLogger as webhook_setLogger
+            webhook_setLogger(log)
+        except Exception as e:
+            print(f"Failed to set logger for webhook module: {e}")
+    
+    # 只在 flask 可用时设置 flask 模块的 logger
+    if _flask_available:
+        try:
+            from .webhook_flask import setLogger as webhook_flask_setLogger
+            webhook_flask_setLogger(log)
+        except Exception as e:
+            print(f"Failed to set logger for webhook_flask module: {e}")
 
-from .webhook import (
-    register_webhook_router,
-    verify_webhook_signature,
-)
 
 __all__ = [
     # 核心类
@@ -94,8 +159,13 @@ __all__ = [
     "SyncResult",
     "create_sync_config",
     "create_default_field_mappings",
-    # Webhook 接收
+    # Webhook 接收 (FastAPI)
     "register_webhook_router",
     "verify_webhook_signature",
+    # Webhook 接收 (Flask)
+    "create_flask_webhook_blueprint",
+    "register_flask_webhook_routes",
+    # Logger 设置
+    "setLogger",
 ]
-__version__ = "1.1.7"
+__version__ = "1.1.13"

huace_aigc_auth_client/legacy_adapter.py

@@ -20,7 +20,9 @@ from enum import Enum
 from abc import ABC, abstractmethod
 
 logger = logging.getLogger(__name__)
-
+def setLogger(log):
+    global logger
+    logger = log
 
 class PasswordMode(Enum):
     """密码处理模式"""
@@ -101,11 +103,11 @@ class LegacySystemAdapter(ABC):
     旧系统适配器抽象基类
     
     接入系统需要继承此类并实现以下方法：
-    - get_user_by_unique_field: 通过唯一字段获取用户
-    - create_user: 创建用户
-    - update_user: 更新用户（可选）
-    - get_all_users: 获取所有用户（用于初始化同步）
-    - handle_webhook: 处理 webhook 通知（可选，异步方法）
+    - get_user_by_username_async
+    - _create_user_async
+    - _update_user_async
+    - _delete_user_async
+    - get_all_users_async
     """
     
     def __init__(self, sync_config: SyncConfig, auth_client=None):
@@ -119,24 +121,6 @@ class LegacySystemAdapter(ABC):
         self.config = sync_config
         self.auth_client = auth_client
     
-    @abstractmethod
-    def get_user_by_unique_field(self, value: Any) -> Optional[LegacyUserData]:
-        """通过唯一字段获取旧系统用户"""
-        pass
-    
-    @abstractmethod
-    def create_user(self, user_data: Dict[str, Any]) -> Optional[Any]:
-        """在旧系统创建用户，返回用户ID"""
-        pass
-    
-    def update_user(self, unique_value: Any, user_data: Dict[str, Any]) -> bool:
-        """更新旧系统用户（可选实现）"""
-        return False
-    
-    def get_all_users(self) -> List[LegacyUserData]:
-        """获取所有旧系统用户（用于初始化同步）"""
-        return []
-    
     @abstractmethod
     async def get_user_by_username_async(self, username: str) -> Optional[LegacyUserData]:
         """异步获取用户（子类必须实现）
@@ -147,6 +131,7 @@ class LegacySystemAdapter(ABC):
         Returns:
             Optional[LegacyUserData]: 用户数据，不存在返回 None
         """
+        logger.info(f"Fetching user by username asynchronously: {username}")
         raise NotImplementedError("Subclass must implement get_user_by_username_async method")
     
     @abstractmethod
@@ -159,6 +144,7 @@ class LegacySystemAdapter(ABC):
         Returns:
             Optional[Any]: 创建的用户 ID 或其他标识
         """
+        logger.info(f"Creating user with data: {user_data}")
         raise NotImplementedError("Subclass must implement _create_user_async method")
     
     @abstractmethod
@@ -172,6 +158,7 @@ class LegacySystemAdapter(ABC):
         Returns:
             bool: 更新成功返回 True
         """
+        logger.info(f"Updating user: {username} with data: {user_data}")
         raise NotImplementedError("Subclass must implement _update_user_async method")
     
     @abstractmethod
@@ -184,6 +171,7 @@ class LegacySystemAdapter(ABC):
         Returns:
             bool: 删除成功返回 True
         """
+        logger.info(f"Deleting user: {username}")
         raise NotImplementedError("Subclass must implement _delete_user_async method")
     
     @abstractmethod
@@ -193,6 +181,7 @@ class LegacySystemAdapter(ABC):
         Returns:
             List[LegacyUserData]: 所有用户数据列表
         """
+        logger.info("Fetching all users from legacy system asynchronously")
         raise NotImplementedError("Subclass must implement get_all_users_async method")
     
     async def upsert_user_async(self, user_data: Dict[str, Any], auth_data: Dict[str, Any] = None) -> Dict[str, Any]:
@@ -208,6 +197,7 @@ class LegacySystemAdapter(ABC):
         """
         username = user_data.get("username")
         if not username:
+            logger.error("username is required for upsert operation")
             raise ValueError("username is required for upsert operation")
         
         # 检查用户是否存在
@@ -216,6 +206,7 @@ class LegacySystemAdapter(ABC):
         if existing:
             # 用户存在，执行更新
             if not auth_data or auth_data.get("updatedFields") is None or len(auth_data.get("updatedFields")) == 0:
+                logger.info(f"No updatedFields provided for user: {username}, skipping update")
                 # 如果没有提供 auth_data 或 updatedFields，则不更新
                 return {"created": False, "user_id": existing.get("id")}
             await self._update_user_async(username, user_data)
@@ -225,6 +216,41 @@ class LegacySystemAdapter(ABC):
             user_id = await self._create_user_async(user_data)
             return {"created": True, "user_id": user_id}
     
+    async def sync_user_to_auth(self, legacy_user: LegacyUserData) -> Dict[str, Any]:
+        """同步单个旧系统用户到 aigc-auth（默认实现）
+        
+        子类可以选择性覆盖此方法以自定义同步逻辑。
+        
+        Args:
+            legacy_user: 旧系统用户数据
+        Returns:
+            Dict: 同步结果
+        """
+        if not self.auth_client:
+            logger.error("auth_client is required for sync_user_to_auth")
+            raise ValueError("auth_client is required for sync_user_to_auth. Please provide it in constructor.")
+        
+        logger.info(f"Syncing legacy user to auth: {legacy_user.to_dict()}")
+        auth_data = self.transform_legacy_to_auth(legacy_user)
+        
+        # 获取密码（支持新的元组返回格式）
+        password_result = self.get_password_for_sync(legacy_user)
+        if isinstance(password_result, tuple):
+            password, is_hashed = password_result
+        else:
+            password, is_hashed = password_result, False
+        
+        # 根据是否已加密选择不同的字段
+        if is_hashed:
+            auth_data["password_hashed"] = password
+        else:
+            auth_data["password"] = password
+        
+        result = await self.auth_client.sync_user_to_auth(auth_data)
+        logger.info(f"Sync result for user {legacy_user.get('username')}: {result}")
+        
+        return result
+    
     async def batch_sync_to_auth(self) -> Dict[str, Any]:
         """批量同步旧系统用户到 aigc-auth（默认实现）
         
@@ -234,8 +260,10 @@ class LegacySystemAdapter(ABC):
             Dict: 同步结果统计
         """
         if not self.auth_client:
+            logger.error("auth_client is required for batch_sync_to_auth")
             raise ValueError("auth_client is required for batch_sync_to_auth. Please provide it in constructor.")
         
+        logger.info("Starting batch sync from legacy system to aigc-auth")
         users = await self.get_all_users_async()
         
         results = {
@@ -248,22 +276,8 @@ class LegacySystemAdapter(ABC):
         
         for user in users:
             try:
-                auth_data = self.transform_legacy_to_auth(user)
-                
-                # 获取密码（支持新的元组返回格式）
-                password_result = self.get_password_for_sync(user)
-                if isinstance(password_result, tuple):
-                    password, is_hashed = password_result
-                else:
-                    password, is_hashed = password_result, False
-                
-                # 根据是否已加密选择不同的字段
-                if is_hashed:
-                    auth_data["password_hashed"] = password
-                else:
-                    auth_data["password"] = password
-                
-                result = self.auth_client.sync_user_to_auth(auth_data)
+                result = await self.sync_user_to_auth(user)
+                logger.info(f"Sync result for user {user.get('username')}: {result}")
                 
                 if result.get("success"):
                     if result.get("created"):
@@ -277,6 +291,7 @@ class LegacySystemAdapter(ABC):
                         "error": result.get("message")
                     })
             except Exception as e:
+                logger.error(f"Error syncing user {user.get('username')}: {e}")
                 results["failed"] += 1
                 results["errors"].append({
                     "user": user.get("username"),
@@ -298,19 +313,24 @@ class LegacySystemAdapter(ABC):
         Returns:
             Dict: 处理结果
         """
+        logger.info(f"Handling webhook event: {event} with data: {data}")
         if event == "user.created" or event == "user.updated" or event == "user.login":
             # 转换数据格式
             legacy_data = self.transform_auth_to_legacy(data)
             
             # 获取密码
-            password_result = self.get_password_for_sync()
+            password_result = self.get_password_for_sync(legacy_data)
             if isinstance(password_result, tuple):
                 password, is_hashed = password_result
             else:
                 password, is_hashed = password_result, False
-            legacy_data["password"] = password
+            if is_hashed:
+                legacy_data["password_hashed"] = password
+            else:
+                legacy_data["password"] = password
             
             # 创建或更新用户
+            logger.info(f"Handling {event} event for user: {legacy_data}")
             result = await self.upsert_user_async(legacy_data)
             
             return {
@@ -321,18 +341,23 @@ class LegacySystemAdapter(ABC):
             }
         
         elif event == "user.deleted":
+            logger.info("Handling user.deleted event")
             # 禁用用户而不是删除
             username = data.get("username")
             if not username:
+                logger.error("username is required for user.deleted event")
                 logger.error("username is required for user.deleted event")
                 return {"success": False, "message": "username is required for user.deleted event"}
+            logger.info(f"Disabling user: {username}")
             await self._delete_user_async(username)
             
             return {"success": True, "message": "User disabled"}
         
         elif event == "user.init_sync_auth":
+            logger.info("Handling user.init_sync_auth event")
             # 初始化同步：批量同步旧系统用户到 aigc-auth
             if not self.auth_client:
+                logger.error("auth_client is required for init_sync_auth event")
                 return {"success": False, "message": "auth_client is required for init_sync_auth event. Please provide it in constructor."}
             
             results = await self.batch_sync_to_auth()
@@ -362,7 +387,7 @@ class LegacySystemAdapter(ABC):
             
             if auth_value is not None:
                 result[mapping.legacy_field] = auth_value
-        
+        logger.info(f"Transformed auth user({auth_user}) to legacy format: {result}")
         return result
     
     def transform_legacy_to_auth(self, legacy_user: LegacyUserData) -> Dict[str, Any]:
@@ -382,7 +407,7 @@ class LegacySystemAdapter(ABC):
             
             if legacy_value is not None:
                 result[mapping.auth_field] = legacy_value
-        
+        logger.info(f"Transformed legacy user({legacy_user}) to auth format: {result}")
         return result
     
     def get_password_for_sync(self, legacy_user: Optional[LegacyUserData] = None) -> tuple:
@@ -397,7 +422,14 @@ class LegacySystemAdapter(ABC):
             return (self.config.unified_password, False)
         elif self.config.password_mode == PasswordMode.CUSTOM_MAPPING:
             if self.config.password_mapper and legacy_user:
-                password = self.config.password_mapper(legacy_user.data)
+                # 兼容 dict 和 LegacyUserData 两种类型
+                if isinstance(legacy_user, dict):
+                    user_data = legacy_user
+                elif isinstance(legacy_user, LegacyUserData):
+                    user_data = legacy_user.data
+                else:
+                    user_data = legacy_user
+                password = self.config.password_mapper(user_data)
                 return (password, self.config.password_is_hashed)
             return (self.config.unified_password, False)
         return (self.config.unified_password, False)

huace_aigc_auth_client/sdk.py

@@ -19,6 +19,9 @@ from typing import Optional, List, Dict, Any, Callable, Tuple
 from dataclasses import dataclass
 
 logger = logging.getLogger(__name__)
+def setLogger(log):
+    global logger
+    logger = log
 
 # 尝试加载 .env 文件
 try:

huace_aigc_auth_client/webhook.py

@@ -13,7 +13,9 @@ from typing import Callable, Awaitable, Dict, Any, Optional
 from fastapi import APIRouter, Request, HTTPException
 
 logger = logging.getLogger(__name__)
-
+def setLogger(log):
+    global logger
+    logger = log
 
 def verify_webhook_signature(payload: bytes, signature: str, secret: str) -> bool:
     """

huace_aigc_auth_client/webhook_flask.py

@@ -0,0 +1,220 @@
+# -*- coding: utf-8 -*-
+"""
+Flask Webhook 接口
+
+提供 Flask 版本的 webhook 接收功能，用于接收 aigc-auth 的用户变更通知。
+适用于使用 Flask 框架的项目。
+"""
+
+import os
+import hmac
+import hashlib
+import logging
+from typing import Callable, Dict, Any, Optional
+from flask import Blueprint, request, jsonify
+
+logger = logging.getLogger(__name__)
+def setLogger(log):
+    global logger
+    logger = log
+
+def verify_webhook_signature(payload: bytes, signature: str, secret: str) -> bool:
+    """
+    验证 webhook 签名
+    
+    Args:
+        payload: 请求体（bytes）
+        signature: 签名字符串
+        secret: 密钥
+        
+    Returns:
+        bool: 签名是否有效
+    """
+    if not secret:
+        # 如果未配置密钥，跳过验证（开发环境）
+        logger.warning("Webhook secret not configured, skipping signature verification")
+        return True
+    
+    if not signature:
+        return False
+    
+    expected = hmac.new(
+        secret.encode('utf-8'),
+        payload,
+        hashlib.sha256
+    ).hexdigest()
+    
+    return hmac.compare_digest(expected, signature)
+
+
+def create_flask_webhook_blueprint(
+    handler: Callable[[Dict[str, Any]], Dict[str, Any]],
+    secret_env_key: str = "AIGC_AUTH_WEBHOOK_SECRET",
+    url_prefix: str = "/api/webhook",
+    blueprint_name: str = "aigc_auth_webhook"
+) -> Blueprint:
+    """
+    创建 Flask Webhook Blueprint
+    
+    Args:
+        handler: 处理函数，接收 webhook 数据并返回结果
+                 函数签名: def handler(data: Dict[str, Any]) -> Dict[str, Any]
+                 - 如果是同步函数，直接调用
+                 - 如果是异步函数，会使用 asyncio.run 包装
+        secret_env_key: webhook 密钥的环境变量名
+        url_prefix: URL 前缀，默认为 "/api/webhook"
+        blueprint_name: Blueprint 名称，默认为 "aigc_auth_webhook"
+        
+    Returns:
+        Blueprint: Flask Blueprint 实例
+        
+    使用示例:
+        from huace_aigc_auth_client.webhook_flask import create_flask_webhook_blueprint
+        
+        # 方式1：使用适配器的 handle_webhook 方法
+        from your_app.adapters import YourAdapter
+        
+        sync_config = create_sync_config(...)
+        auth_client = AigcAuthClient(...)
+        adapter = YourAdapter(sync_config, auth_client)
+        
+        async def webhook_handler(data: dict) -> dict:
+            event = data.get("event")
+            event_data = data.get("data", {})
+            return await adapter.handle_webhook(event, event_data)
+        
+        webhook_bp = create_flask_webhook_blueprint(
+            handler=webhook_handler,
+            url_prefix="/api/webhook"
+        )
+        
+        # 方式2：自定义处理逻辑
+        def custom_handler(data: dict) -> dict:
+            event = data.get("event")
+            if event == "user.created":
+                # 自定义处理逻辑
+                user_data = data.get("data", {})
+                # ... 处理用户创建事件
+                return {"status": "success", "created": True}
+            return {"status": "ok"}
+        
+        webhook_bp = create_flask_webhook_blueprint(handler=custom_handler)
+        
+        # 注册到 Flask app
+        app.register_blueprint(webhook_bp)
+        
+        # Webhook 端点: POST /api/webhook/auth
+    """
+    webhook_bp = Blueprint(blueprint_name, __name__, url_prefix=url_prefix)
+    
+    @webhook_bp.route('/auth', methods=['POST'])
+    def receive_auth_webhook():
+        """
+        接收 aigc-auth 用户变更通知
+        
+        当 aigc-auth 中创建或更新用户时，会发送 webhook 通知到此端点。
+        
+        支持的事件:
+        - user.created: 用户创建
+        - user.updated: 用户更新
+        - user.deleted: 用户删除
+        - user.login: 用户登录
+        - user.init_sync_auth: 初始化同步请求
+        """
+        # 获取请求体
+        body = request.get_data()
+        
+        # 验证签名
+        signature = request.headers.get("X-Webhook-Signature", "")
+        secret = os.getenv(secret_env_key, "")
+        
+        if not verify_webhook_signature(body, signature, secret):
+            logger.warning("Webhook 签名验证失败")
+            return jsonify({"code": 401, "message": "Invalid signature"}), 401
+        
+        # 解析请求数据
+        try:
+            data = request.get_json()
+        except Exception as e:
+            logger.error(f"解析 webhook 数据失败: {e}")
+            return jsonify({"code": 400, "message": "Invalid JSON payload"}), 400
+        
+        # 记录日志
+        event = data.get("event", "unknown")
+        logger.info(f"收到 webhook 事件: {event}")
+        
+        # 调用用户提供的处理函数
+        try:
+            import asyncio
+            import inspect
+            
+            # 检查 handler 是否为协程函数
+            if inspect.iscoroutinefunction(handler):
+                result = asyncio.run(handler(data))
+            else:
+                result = handler(data)
+            
+            return jsonify({"code": 0, "message": "success", "data": result})
+            
+        except Exception as e:
+            logger.exception(f"处理 webhook 失败: {e}")
+            return jsonify({"code": 500, "message": str(e)}), 500
+    
+    return webhook_bp
+
+
+def register_flask_webhook_routes(
+    app,
+    handler: Callable[[Dict[str, Any]], Dict[str, Any]],
+    secret_env_key: str = "AIGC_AUTH_WEBHOOK_SECRET",
+    url_prefix: str = "/api/webhook",
+    blueprint_name: str = "aigc_auth_webhook"
+):
+    """
+    注册 webhook 路由到 Flask 应用
+    
+    这是一个便捷函数，封装了创建 blueprint 和注册的过程。
+    
+    Args:
+        app: Flask 应用实例
+        handler: 处理函数，接收 webhook 数据并返回结果
+        secret_env_key: webhook 密钥的环境变量名
+        url_prefix: URL 前缀，默认为 "/api/webhook"
+        blueprint_name: Blueprint 名称
+        
+    使用示例:
+        from huace_aigc_auth_client.webhook_flask import register_flask_webhook_routes
+        
+        app = Flask(__name__)
+        
+        # 创建适配器
+        adapter = YourAdapter(sync_config, auth_client)
+        
+        # 定义处理函数
+        async def webhook_handler(data: dict) -> dict:
+            event = data.get("event")
+            event_data = data.get("data", {})
+            return await adapter.handle_webhook(event, event_data)
+        
+        # 注册 webhook 路由
+        register_flask_webhook_routes(
+            app,
+            handler=webhook_handler,
+            url_prefix="/custom/webhook"  # 自定义前缀
+        )
+        
+        # Webhook 端点: POST /custom/webhook/auth
+    """
+    webhook_bp = create_flask_webhook_blueprint(
+        handler=handler,
+        secret_env_key=secret_env_key,
+        url_prefix=url_prefix,
+        blueprint_name=blueprint_name
+    )
+    app.register_blueprint(webhook_bp)
+    logger.info(f"Webhook 路由已注册: {url_prefix}/auth")
+
+
+# 向后兼容的别名
+create_webhook_blueprint = create_flask_webhook_blueprint
+register_webhook_routes = register_flask_webhook_routes

{huace_aigc_auth_client-1.1.7.dist-info → huace_aigc_auth_client-1.1.13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huace-aigc-auth-client
-Version: 1.1.7
+Version: 1.1.13
 Summary: 华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能
 Author-email: Huace <support@huace.com>
 License: MIT
@@ -44,8 +44,7 @@ pip install huace-aigc-auth-client
 # 必填：应用 ID 和密钥（在鉴权中心创建应用后获取）
 AIGC_AUTH_APP_ID=your_app_id
 AIGC_AUTH_APP_SECRET=your_app_secret
-
-# 可选：鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：https://auth-test.aigc.huacemedia.com/aigc-auth/api/v1
+# 鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth.aigc-test.huacemedia.com/aigc-auth/api/v1
 AIGC_AUTH_BASE_URL=https://aigc-auth.huacemedia.com/aigc-auth/api/v1
 ```
 
@@ -420,8 +419,8 @@ from huace_aigc_auth_client import LegacySystemAdapter, LegacyUserData
 class MyLegacyAdapter(LegacySystemAdapter):
     """实现与旧系统用户表的交互"""
     
-    def __init__(self, db, sync_config):
-        super().__init__(sync_config)
+    def __init__(self, db, sync_config, auth_client=None):
+        super().__init__(sync_config, auth_client)
         self.db = db
     
     def get_user_by_unique_field(self, username: str):
@@ -435,8 +434,23 @@ class MyLegacyAdapter(LegacySystemAdapter):
             "email": user.email,
             # ... 其他字段
         })
+
+    async def get_user_by_username_async(self, username: str) -> Optional[LegacyUserData]:
+        """异步通过用户名获取旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if not user:
+            return None
+        return LegacyUserData({
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            # ... 其他字段
+        })
     
-    def create_user(self, user_data: dict):
+    async def _create_user_async(self, user_data: Dict[str, Any]) -> Optional[Any]:
         """在旧系统创建用户"""
         user = User(
             username=user_data["username"],
@@ -445,20 +459,39 @@ class MyLegacyAdapter(LegacySystemAdapter):
             # ... 其他字段
         )
         self.db.add(user)
-        self.db.commit()
+        await self.db.commit()
         return user.id
     
-    def update_user(self, username: str, user_data: dict):
-        """更新旧系统用户"""
-        user = self.db.query(User).filter(User.username == username).first()
+    async def _update_user_async(self, username: str, user_data: Dict[str, Any]) -> bool:
+        """异步更新旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
         if user:
             for key, value in user_data.items():
                 setattr(user, key, value)
-            self.db.commit()
+            await self.db.commit()
+            return True
+        return False
+
+    async def _delete_user_async(self, username: str) -> bool:
+        """异步删除旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if user:
+            await self.db.delete(user) 
+            # 或者软删除：user.is_active = False
+            await self.db.commit()
+            return True
+        return False
     
-    def get_all_users(self):
-        """获取所有用户（用于初始化同步）"""
-        users = self.db.query(User).all()
+    async def get_all_users_async(self) -> List[LegacyUserData]:
+        """异步获取所有用户（用于初始化同步）"""
+        result = await self.db.execute(select(User))
+        users = result.scalars().all()
         return [LegacyUserData({"username": u.username, ...}) for u in users]
 ```
 
@@ -468,7 +501,7 @@ class MyLegacyAdapter(LegacySystemAdapter):
 from huace_aigc_auth_client import AigcAuthClient, UserSyncService
 
 client = AigcAuthClient()
-adapter = MyLegacyAdapter(db, sync_config)
+adapter = MyLegacyAdapter(db, sync_config, client)
 sync_service = UserSyncService(client, adapter)
 
 # 在获取用户信息后调用同步
@@ -479,7 +512,7 @@ async def auth_middleware(request, call_next):
     # 登录成功后，同步用户到旧系统
     if hasattr(request.state, "user_info"):
         user_info = request.state.user_info
-        sync_service.sync_on_login(user_info)
+        await sync_service.sync_on_login_async(user_info)
     
     return response
 ```
@@ -493,47 +526,35 @@ from fastapi import APIRouter
 from huace_aigc_auth_client import register_webhook_router
 
 api_router = APIRouter()
+client = AigcAuthClient()
+adapter = MyLegacyAdapter(db, sync_config, client)
 
 # 定义 webhook 处理函数
-async def handle_webhook(data: dict) -> dict:
+async def handle_auth_webhook(request_data: Dict[str, Any]) -> Dict[str, Any]:
     """
-    处理来自 aigc-auth 的 webhook 通知
+    独立的 webhook 处理函数（用于 SDK 集成）
     
-    Args:
-        data: webhook 数据，包含 event 和 data 字段
-        
-    Returns:
-        dict: 处理结果
+    这个函数不需要 db 参数，会在内部创建数据库会话。
+    适用于通过 SDK 的 register_webhook_router 注册。
     """
-    from your_app.db import get_db_session
+    from app.db.session import get_db
     
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    # 创建数据库会话
-    async with get_db_session() as db:
-        adapter = MyLegacyAdapter(db, sync_config)
-        
-        if event == "user.created":
-            # 处理用户创建事件
-            if not adapter.get_user_by_unique_field(user_data["username"]):
-                legacy_data = adapter.transform_auth_to_legacy(user_data)
-                legacy_data["password"] = sync_config.unified_password
-                adapter.create_user(legacy_data)
-                await db.commit()
-        
-        elif event == "user.updated":
-            # 处理用户更新事件
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            adapter.update_user(user_data["username"], legacy_data)
-            await db.commit()
-    
-    return {"status": "ok", "event": event}
+    async for db in get_db():
+        try:
+            event = request_data.get("event")
+            data = request_data.get("data", {})
+            logger.info(f"Received webhook event: {event} with data: {data}")
+            
+            # 调用适配器的 handle_webhook 方法
+            return await adapter.handle_webhook(event, data)
+        except Exception as e:
+            logger.exception(f"Failed to handle webhook: {e}")
+            raise
 
 # 注册 webhook 路由（自动处理签名验证）
 register_webhook_router(
     api_router,
-    handler=handle_webhook,
+    handler=handle_auth_webhook,
     prefix="/webhook",  # 可选，默认 "/webhook"
     secret_env_key="aigc-auth-webhook-secret",  # 可选，在 auth 后台配置
     tags=["Webhook"]  # 可选，默认 ["Webhook"]
@@ -542,55 +563,6 @@ register_webhook_router(
 # webhook 端点将自动创建在: /webhook/auth
 ```
 
-**传统方式：手动实现 Webhook 端点**
-
-```python
-import hmac
-import hashlib
-import os
-
-@app.post("/api/v1/webhook/auth")
-async def receive_auth_webhook(request: Request, db: Session = Depends(get_db)):
-    """接收 aigc-auth 的用户变更通知"""
-    # 获取原始请求体
-    body = await request.body()
-    
-    # 验证签名
-    signature = request.headers.get("X-Webhook-Signature", "")
-    secret = os.getenv("AIGC_AUTH_WEBHOOK_SECRET", "")
-    
-    if secret:
-        expected = hmac.new(
-            secret.encode('utf-8'),
-            body,
-            hashlib.sha256
-        ).hexdigest()
-        
-        if not hmac.compare_digest(expected, signature):
-            raise HTTPException(status_code=401, detail="Invalid signature")
-    
-    # 解析数据
-    data = await request.json()
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    if event == "user.created":
-        adapter = MyLegacyAdapter(db, sync_config)
-        if not adapter.get_user_by_unique_field(user_data["username"]):
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            legacy_data["password"] = sync_config.unified_password
-            adapter.create_user(legacy_data)
-            db.commit()
-    
-    elif event == "user.updated":
-        adapter = MyLegacyAdapter(db, sync_config)
-        legacy_data = adapter.transform_auth_to_legacy(user_data)
-        adapter.update_user(user_data["username"], legacy_data)
-        db.commit()
-    
-    return {"success": True}
-```
-
 **Webhook 签名验证说明**
 
 SDK 的 `register_webhook_router` 会自动处理签名验证：
@@ -604,7 +576,7 @@ SDK 的 `register_webhook_router` 会自动处理签名验证：
 ```python
 # 一次性脚本：将旧系统用户同步到 aigc-auth
 async def init_sync():
-    adapter = MyLegacyAdapter(db, sync_config)
+    adapter = MyLegacyAdapter(db, sync_config, client)
     users = adapter.get_all_users()
     
     for user in users:

huace_aigc_auth_client-1.1.13.dist-info/RECORD

@@ -0,0 +1,10 @@
+huace_aigc_auth_client/__init__.py,sha256=Pjau66hZz0MeL7WWf-G4nGWkjw-4UazjSy2f8n5jdGM,4540
+huace_aigc_auth_client/legacy_adapter.py,sha256=t-1QekRecn0B_gQ5r-ksX0hhuqUTBB2lvIUiNT4SowI,23781
+huace_aigc_auth_client/sdk.py,sha256=ypClZfQm4Ux4db8XDP51I5Cuk1Uc9F2VPgECpXXphkQ,23272
+huace_aigc_auth_client/webhook.py,sha256=XQZYEbMoqIdqZWCGSTcedeDKJpDbUVSq5g08g-6Qucg,4124
+huace_aigc_auth_client/webhook_flask.py,sha256=Iosu4dBtRhQZM_ytn-bn82MpVsyOiV28FBnt7Tfh31U,7225
+huace_aigc_auth_client-1.1.13.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
+huace_aigc_auth_client-1.1.13.dist-info/METADATA,sha256=XspgJA5ZklRRqN7zRy37eXffkcWINrLMT31mmVtEzmo,22971
+huace_aigc_auth_client-1.1.13.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+huace_aigc_auth_client-1.1.13.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
+huace_aigc_auth_client-1.1.13.dist-info/RECORD,,

huace_aigc_auth_client-1.1.7.dist-info/RECORD

@@ -1,9 +0,0 @@
-huace_aigc_auth_client/__init__.py,sha256=WIRO-YlPbw_hXU7WxmyEI2Be_BvatQijtlKTSlSrr4k,2332
-huace_aigc_auth_client/legacy_adapter.py,sha256=eNoyaCtTMdeNfzDlB66Fu-6WAfGYGk3DioIBAAZOL6A,21871
-huace_aigc_auth_client/sdk.py,sha256=ha1e_MSzLCsIMrdgcKSh-V5hTVR1rqqrIMWcDmtVMKs,23217
-huace_aigc_auth_client/webhook.py,sha256=m-mjXNNqrUClrNpOHRBzty0XKFDBuZp4e_PgLd2t0aA,4070
-huace_aigc_auth_client-1.1.7.dist-info/licenses/LICENSE,sha256=z7dgC7KljhBLNvKjN15391nMj3aLt0gbud8-Yf1F8EQ,1063
-huace_aigc_auth_client-1.1.7.dist-info/METADATA,sha256=UPpY9MyNjsxOSd4XWbGT89VMBGwGG8EOgrvBourbLlk,23486
-huace_aigc_auth_client-1.1.7.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-huace_aigc_auth_client-1.1.7.dist-info/top_level.txt,sha256=kbv0nQ6PQ0JVneWPH7O2AbtlJnP7AjvFJ6JjM6ZEBxo,23
-huace_aigc_auth_client-1.1.7.dist-info/RECORD,,