huace-aigc-auth-client 1.1.8__tar.gz → 1.1.9__tar.gz

{huace_aigc_auth_client-1.1.8/huace_aigc_auth_client.egg-info → huace_aigc_auth_client-1.1.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huace-aigc-auth-client
-Version: 1.1.8
+Version: 1.1.9
 Summary: 华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能
 Author-email: Huace <support@huace.com>
 License: MIT
@@ -44,8 +44,7 @@ pip install huace-aigc-auth-client
 # 必填：应用 ID 和密钥（在鉴权中心创建应用后获取）
 AIGC_AUTH_APP_ID=your_app_id
 AIGC_AUTH_APP_SECRET=your_app_secret
-
-# 可选：鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth-test.aigc.huacemedia.com/aigc-auth/api/v1
+# 鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth.aigc-test.huacemedia.com/aigc-auth/api/v1
 AIGC_AUTH_BASE_URL=https://aigc-auth.huacemedia.com/aigc-auth/api/v1
 ```
 
@@ -420,8 +419,8 @@ from huace_aigc_auth_client import LegacySystemAdapter, LegacyUserData
 class MyLegacyAdapter(LegacySystemAdapter):
     """实现与旧系统用户表的交互"""
     
-    def __init__(self, db, sync_config):
-        super().__init__(sync_config)
+    def __init__(self, db, sync_config, auth_client=None):
+        super().__init__(sync_config, auth_client)
         self.db = db
     
     def get_user_by_unique_field(self, username: str):
@@ -435,8 +434,23 @@ class MyLegacyAdapter(LegacySystemAdapter):
             "email": user.email,
             # ... 其他字段
         })
+
+    async def get_user_by_username_async(self, username: str) -> Optional[LegacyUserData]:
+        """异步通过用户名获取旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if not user:
+            return None
+        return LegacyUserData({
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            # ... 其他字段
+        })
     
-    def create_user(self, user_data: dict):
+    async def _create_user_async(self, user_data: Dict[str, Any]) -> Optional[Any]:
         """在旧系统创建用户"""
         user = User(
             username=user_data["username"],
@@ -445,20 +459,39 @@ class MyLegacyAdapter(LegacySystemAdapter):
             # ... 其他字段
         )
         self.db.add(user)
-        self.db.commit()
+        await self.db.commit()
         return user.id
     
-    def update_user(self, username: str, user_data: dict):
-        """更新旧系统用户"""
-        user = self.db.query(User).filter(User.username == username).first()
+    async def _update_user_async(self, username: str, user_data: Dict[str, Any]) -> bool:
+        """异步更新旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
         if user:
             for key, value in user_data.items():
                 setattr(user, key, value)
-            self.db.commit()
+            await self.db.commit()
+            return True
+        return False
+
+    async def _delete_user_async(self, username: str) -> bool:
+        """异步删除旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if user:
+            await self.db.delete(user) 
+            # 或者软删除：user.is_active = False
+            await self.db.commit()
+            return True
+        return False
     
-    def get_all_users(self):
-        """获取所有用户（用于初始化同步）"""
-        users = self.db.query(User).all()
+    async def get_all_users_async(self) -> List[LegacyUserData]:
+        """异步获取所有用户（用于初始化同步）"""
+        result = await self.db.execute(select(User))
+        users = result.scalars().all()
         return [LegacyUserData({"username": u.username, ...}) for u in users]
 ```
 
@@ -468,7 +501,7 @@ class MyLegacyAdapter(LegacySystemAdapter):
 from huace_aigc_auth_client import AigcAuthClient, UserSyncService
 
 client = AigcAuthClient()
-adapter = MyLegacyAdapter(db, sync_config)
+adapter = MyLegacyAdapter(db, sync_config, client)
 sync_service = UserSyncService(client, adapter)
 
 # 在获取用户信息后调用同步
@@ -479,7 +512,7 @@ async def auth_middleware(request, call_next):
     # 登录成功后，同步用户到旧系统
     if hasattr(request.state, "user_info"):
         user_info = request.state.user_info
-        sync_service.sync_on_login(user_info)
+        await sync_service.sync_on_login_async(user_info)
     
     return response
 ```
@@ -493,47 +526,35 @@ from fastapi import APIRouter
 from huace_aigc_auth_client import register_webhook_router
 
 api_router = APIRouter()
+client = AigcAuthClient()
+adapter = MyLegacyAdapter(db, sync_config, client)
 
 # 定义 webhook 处理函数
-async def handle_webhook(data: dict) -> dict:
+async def handle_auth_webhook(request_data: Dict[str, Any]) -> Dict[str, Any]:
     """
-    处理来自 aigc-auth 的 webhook 通知
+    独立的 webhook 处理函数（用于 SDK 集成）
     
-    Args:
-        data: webhook 数据，包含 event 和 data 字段
-        
-    Returns:
-        dict: 处理结果
+    这个函数不需要 db 参数，会在内部创建数据库会话。
+    适用于通过 SDK 的 register_webhook_router 注册。
     """
-    from your_app.db import get_db_session
+    from app.db.session import get_db
     
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    # 创建数据库会话
-    async with get_db_session() as db:
-        adapter = MyLegacyAdapter(db, sync_config)
-        
-        if event == "user.created":
-            # 处理用户创建事件
-            if not adapter.get_user_by_unique_field(user_data["username"]):
-                legacy_data = adapter.transform_auth_to_legacy(user_data)
-                legacy_data["password"] = sync_config.unified_password
-                adapter.create_user(legacy_data)
-                await db.commit()
-        
-        elif event == "user.updated":
-            # 处理用户更新事件
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            adapter.update_user(user_data["username"], legacy_data)
-            await db.commit()
-    
-    return {"status": "ok", "event": event}
+    async for db in get_db():
+        try:
+            event = request_data.get("event")
+            data = request_data.get("data", {})
+            logger.info(f"Received webhook event: {event} with data: {data}")
+            
+            # 调用适配器的 handle_webhook 方法
+            return await adapter.handle_webhook(event, data)
+        except Exception as e:
+            logger.exception(f"Failed to handle webhook: {e}")
+            raise
 
 # 注册 webhook 路由（自动处理签名验证）
 register_webhook_router(
     api_router,
-    handler=handle_webhook,
+    handler=handle_auth_webhook,
     prefix="/webhook",  # 可选，默认 "/webhook"
     secret_env_key="aigc-auth-webhook-secret",  # 可选，在 auth 后台配置
     tags=["Webhook"]  # 可选，默认 ["Webhook"]
@@ -542,55 +563,6 @@ register_webhook_router(
 # webhook 端点将自动创建在: /webhook/auth
 ```
 
-**传统方式：手动实现 Webhook 端点**
-
-```python
-import hmac
-import hashlib
-import os
-
-@app.post("/api/v1/webhook/auth")
-async def receive_auth_webhook(request: Request, db: Session = Depends(get_db)):
-    """接收 aigc-auth 的用户变更通知"""
-    # 获取原始请求体
-    body = await request.body()
-    
-    # 验证签名
-    signature = request.headers.get("X-Webhook-Signature", "")
-    secret = os.getenv("AIGC_AUTH_WEBHOOK_SECRET", "")
-    
-    if secret:
-        expected = hmac.new(
-            secret.encode('utf-8'),
-            body,
-            hashlib.sha256
-        ).hexdigest()
-        
-        if not hmac.compare_digest(expected, signature):
-            raise HTTPException(status_code=401, detail="Invalid signature")
-    
-    # 解析数据
-    data = await request.json()
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    if event == "user.created":
-        adapter = MyLegacyAdapter(db, sync_config)
-        if not adapter.get_user_by_unique_field(user_data["username"]):
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            legacy_data["password"] = sync_config.unified_password
-            adapter.create_user(legacy_data)
-            db.commit()
-    
-    elif event == "user.updated":
-        adapter = MyLegacyAdapter(db, sync_config)
-        legacy_data = adapter.transform_auth_to_legacy(user_data)
-        adapter.update_user(user_data["username"], legacy_data)
-        db.commit()
-    
-    return {"success": True}
-```
-
 **Webhook 签名验证说明**
 
 SDK 的 `register_webhook_router` 会自动处理签名验证：
@@ -604,7 +576,7 @@ SDK 的 `register_webhook_router` 会自动处理签名验证：
 ```python
 # 一次性脚本：将旧系统用户同步到 aigc-auth
 async def init_sync():
-    adapter = MyLegacyAdapter(db, sync_config)
+    adapter = MyLegacyAdapter(db, sync_config, client)
     users = adapter.get_all_users()
     
     for user in users:

{huace_aigc_auth_client-1.1.8 → huace_aigc_auth_client-1.1.9}/README.md

@@ -19,8 +19,7 @@ pip install huace-aigc-auth-client
 # 必填：应用 ID 和密钥（在鉴权中心创建应用后获取）
 AIGC_AUTH_APP_ID=your_app_id
 AIGC_AUTH_APP_SECRET=your_app_secret
-
-# 可选：鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth-test.aigc.huacemedia.com/aigc-auth/api/v1
+# 鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth.aigc-test.huacemedia.com/aigc-auth/api/v1
 AIGC_AUTH_BASE_URL=https://aigc-auth.huacemedia.com/aigc-auth/api/v1
 ```
 
@@ -395,8 +394,8 @@ from huace_aigc_auth_client import LegacySystemAdapter, LegacyUserData
 class MyLegacyAdapter(LegacySystemAdapter):
     """实现与旧系统用户表的交互"""
     
-    def __init__(self, db, sync_config):
-        super().__init__(sync_config)
+    def __init__(self, db, sync_config, auth_client=None):
+        super().__init__(sync_config, auth_client)
         self.db = db
     
     def get_user_by_unique_field(self, username: str):
@@ -410,8 +409,23 @@ class MyLegacyAdapter(LegacySystemAdapter):
             "email": user.email,
             # ... 其他字段
         })
+
+    async def get_user_by_username_async(self, username: str) -> Optional[LegacyUserData]:
+        """异步通过用户名获取旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if not user:
+            return None
+        return LegacyUserData({
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            # ... 其他字段
+        })
     
-    def create_user(self, user_data: dict):
+    async def _create_user_async(self, user_data: Dict[str, Any]) -> Optional[Any]:
         """在旧系统创建用户"""
         user = User(
             username=user_data["username"],
@@ -420,20 +434,39 @@ class MyLegacyAdapter(LegacySystemAdapter):
             # ... 其他字段
         )
         self.db.add(user)
-        self.db.commit()
+        await self.db.commit()
         return user.id
     
-    def update_user(self, username: str, user_data: dict):
-        """更新旧系统用户"""
-        user = self.db.query(User).filter(User.username == username).first()
+    async def _update_user_async(self, username: str, user_data: Dict[str, Any]) -> bool:
+        """异步更新旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
         if user:
             for key, value in user_data.items():
                 setattr(user, key, value)
-            self.db.commit()
+            await self.db.commit()
+            return True
+        return False
+
+    async def _delete_user_async(self, username: str) -> bool:
+        """异步删除旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if user:
+            await self.db.delete(user) 
+            # 或者软删除：user.is_active = False
+            await self.db.commit()
+            return True
+        return False
     
-    def get_all_users(self):
-        """获取所有用户（用于初始化同步）"""
-        users = self.db.query(User).all()
+    async def get_all_users_async(self) -> List[LegacyUserData]:
+        """异步获取所有用户（用于初始化同步）"""
+        result = await self.db.execute(select(User))
+        users = result.scalars().all()
         return [LegacyUserData({"username": u.username, ...}) for u in users]
 ```
 
@@ -443,7 +476,7 @@ class MyLegacyAdapter(LegacySystemAdapter):
 from huace_aigc_auth_client import AigcAuthClient, UserSyncService
 
 client = AigcAuthClient()
-adapter = MyLegacyAdapter(db, sync_config)
+adapter = MyLegacyAdapter(db, sync_config, client)
 sync_service = UserSyncService(client, adapter)
 
 # 在获取用户信息后调用同步
@@ -454,7 +487,7 @@ async def auth_middleware(request, call_next):
     # 登录成功后，同步用户到旧系统
     if hasattr(request.state, "user_info"):
         user_info = request.state.user_info
-        sync_service.sync_on_login(user_info)
+        await sync_service.sync_on_login_async(user_info)
     
     return response
 ```
@@ -468,47 +501,35 @@ from fastapi import APIRouter
 from huace_aigc_auth_client import register_webhook_router
 
 api_router = APIRouter()
+client = AigcAuthClient()
+adapter = MyLegacyAdapter(db, sync_config, client)
 
 # 定义 webhook 处理函数
-async def handle_webhook(data: dict) -> dict:
+async def handle_auth_webhook(request_data: Dict[str, Any]) -> Dict[str, Any]:
     """
-    处理来自 aigc-auth 的 webhook 通知
+    独立的 webhook 处理函数（用于 SDK 集成）
     
-    Args:
-        data: webhook 数据，包含 event 和 data 字段
-        
-    Returns:
-        dict: 处理结果
+    这个函数不需要 db 参数，会在内部创建数据库会话。
+    适用于通过 SDK 的 register_webhook_router 注册。
     """
-    from your_app.db import get_db_session
+    from app.db.session import get_db
     
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    # 创建数据库会话
-    async with get_db_session() as db:
-        adapter = MyLegacyAdapter(db, sync_config)
-        
-        if event == "user.created":
-            # 处理用户创建事件
-            if not adapter.get_user_by_unique_field(user_data["username"]):
-                legacy_data = adapter.transform_auth_to_legacy(user_data)
-                legacy_data["password"] = sync_config.unified_password
-                adapter.create_user(legacy_data)
-                await db.commit()
-        
-        elif event == "user.updated":
-            # 处理用户更新事件
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            adapter.update_user(user_data["username"], legacy_data)
-            await db.commit()
-    
-    return {"status": "ok", "event": event}
+    async for db in get_db():
+        try:
+            event = request_data.get("event")
+            data = request_data.get("data", {})
+            logger.info(f"Received webhook event: {event} with data: {data}")
+            
+            # 调用适配器的 handle_webhook 方法
+            return await adapter.handle_webhook(event, data)
+        except Exception as e:
+            logger.exception(f"Failed to handle webhook: {e}")
+            raise
 
 # 注册 webhook 路由（自动处理签名验证）
 register_webhook_router(
     api_router,
-    handler=handle_webhook,
+    handler=handle_auth_webhook,
     prefix="/webhook",  # 可选，默认 "/webhook"
     secret_env_key="aigc-auth-webhook-secret",  # 可选，在 auth 后台配置
     tags=["Webhook"]  # 可选，默认 ["Webhook"]
@@ -517,55 +538,6 @@ register_webhook_router(
 # webhook 端点将自动创建在: /webhook/auth
 ```
 
-**传统方式：手动实现 Webhook 端点**
-
-```python
-import hmac
-import hashlib
-import os
-
-@app.post("/api/v1/webhook/auth")
-async def receive_auth_webhook(request: Request, db: Session = Depends(get_db)):
-    """接收 aigc-auth 的用户变更通知"""
-    # 获取原始请求体
-    body = await request.body()
-    
-    # 验证签名
-    signature = request.headers.get("X-Webhook-Signature", "")
-    secret = os.getenv("AIGC_AUTH_WEBHOOK_SECRET", "")
-    
-    if secret:
-        expected = hmac.new(
-            secret.encode('utf-8'),
-            body,
-            hashlib.sha256
-        ).hexdigest()
-        
-        if not hmac.compare_digest(expected, signature):
-            raise HTTPException(status_code=401, detail="Invalid signature")
-    
-    # 解析数据
-    data = await request.json()
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    if event == "user.created":
-        adapter = MyLegacyAdapter(db, sync_config)
-        if not adapter.get_user_by_unique_field(user_data["username"]):
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            legacy_data["password"] = sync_config.unified_password
-            adapter.create_user(legacy_data)
-            db.commit()
-    
-    elif event == "user.updated":
-        adapter = MyLegacyAdapter(db, sync_config)
-        legacy_data = adapter.transform_auth_to_legacy(user_data)
-        adapter.update_user(user_data["username"], legacy_data)
-        db.commit()
-    
-    return {"success": True}
-```
-
 **Webhook 签名验证说明**
 
 SDK 的 `register_webhook_router` 会自动处理签名验证：
@@ -579,7 +551,7 @@ SDK 的 `register_webhook_router` 会自动处理签名验证：
 ```python
 # 一次性脚本：将旧系统用户同步到 aigc-auth
 async def init_sync():
-    adapter = MyLegacyAdapter(db, sync_config)
+    adapter = MyLegacyAdapter(db, sync_config, client)
     users = adapter.get_all_users()
     
     for user in users:

{huace_aigc_auth_client-1.1.8 → huace_aigc_auth_client-1.1.9}/huace_aigc_auth_client/__init__.py

@@ -73,6 +73,11 @@ from .webhook import (
     verify_webhook_signature,
 )
 
+from .webhook_flask import (
+    create_flask_webhook_blueprint,
+    register_flask_webhook_routes,
+)
+
 __all__ = [
     # 核心类
     "AigcAuthClient",
@@ -94,8 +99,11 @@ __all__ = [
     "SyncResult",
     "create_sync_config",
     "create_default_field_mappings",
-    # Webhook 接收
+    # Webhook 接收 (FastAPI)
     "register_webhook_router",
     "verify_webhook_signature",
+    # Webhook 接收 (Flask)
+    "create_flask_webhook_blueprint",
+    "register_flask_webhook_routes",
 ]
-__version__ = "1.1.8"
+__version__ = "1.1.9"

{huace_aigc_auth_client-1.1.8 → huace_aigc_auth_client-1.1.9}/huace_aigc_auth_client/legacy_adapter.py

@@ -101,11 +101,11 @@ class LegacySystemAdapter(ABC):
     旧系统适配器抽象基类
     
     接入系统需要继承此类并实现以下方法：
-    - get_user_by_unique_field: 通过唯一字段获取用户
-    - create_user: 创建用户
-    - update_user: 更新用户（可选）
-    - get_all_users: 获取所有用户（用于初始化同步）
-    - handle_webhook: 处理 webhook 通知（可选，异步方法）
+    - get_user_by_username_async
+    - _create_user_async
+    - _update_user_async
+    - _delete_user_async
+    - get_all_users_async
     """
     
     def __init__(self, sync_config: SyncConfig, auth_client=None):
@@ -119,24 +119,6 @@ class LegacySystemAdapter(ABC):
         self.config = sync_config
         self.auth_client = auth_client
     
-    @abstractmethod
-    def get_user_by_unique_field(self, value: Any) -> Optional[LegacyUserData]:
-        """通过唯一字段获取旧系统用户"""
-        pass
-    
-    @abstractmethod
-    def create_user(self, user_data: Dict[str, Any]) -> Optional[Any]:
-        """在旧系统创建用户，返回用户ID"""
-        pass
-    
-    def update_user(self, unique_value: Any, user_data: Dict[str, Any]) -> bool:
-        """更新旧系统用户（可选实现）"""
-        return False
-    
-    def get_all_users(self) -> List[LegacyUserData]:
-        """获取所有旧系统用户（用于初始化同步）"""
-        return []
-    
     @abstractmethod
     async def get_user_by_username_async(self, username: str) -> Optional[LegacyUserData]:
         """异步获取用户（子类必须实现）
@@ -309,6 +291,7 @@ class LegacySystemAdapter(ABC):
         Returns:
             Dict: 处理结果
         """
+        logger.info(f"Handling webhook event: {event} with data: {data}")
         if event == "user.created" or event == "user.updated" or event == "user.login":
             # 转换数据格式
             legacy_data = self.transform_auth_to_legacy(data)

huace_aigc_auth_client-1.1.9/huace_aigc_auth_client/webhook_flask.py

@@ -0,0 +1,218 @@
+# -*- coding: utf-8 -*-
+"""
+Flask Webhook 接口
+
+提供 Flask 版本的 webhook 接收功能，用于接收 aigc-auth 的用户变更通知。
+适用于使用 Flask 框架的项目。
+"""
+
+import os
+import hmac
+import hashlib
+import logging
+from typing import Callable, Dict, Any, Optional
+from flask import Blueprint, request, jsonify
+
+logger = logging.getLogger(__name__)
+
+
+def verify_webhook_signature(payload: bytes, signature: str, secret: str) -> bool:
+    """
+    验证 webhook 签名
+    
+    Args:
+        payload: 请求体（bytes）
+        signature: 签名字符串
+        secret: 密钥
+        
+    Returns:
+        bool: 签名是否有效
+    """
+    if not secret:
+        # 如果未配置密钥，跳过验证（开发环境）
+        logger.warning("Webhook secret not configured, skipping signature verification")
+        return True
+    
+    if not signature:
+        return False
+    
+    expected = hmac.new(
+        secret.encode('utf-8'),
+        payload,
+        hashlib.sha256
+    ).hexdigest()
+    
+    return hmac.compare_digest(expected, signature)
+
+
+def create_flask_webhook_blueprint(
+    handler: Callable[[Dict[str, Any]], Dict[str, Any]],
+    secret_env_key: str = "AIGC_AUTH_WEBHOOK_SECRET",
+    url_prefix: str = "/api/webhook",
+    blueprint_name: str = "aigc_auth_webhook"
+) -> Blueprint:
+    """
+    创建 Flask Webhook Blueprint
+    
+    Args:
+        handler: 处理函数，接收 webhook 数据并返回结果
+                 函数签名: def handler(data: Dict[str, Any]) -> Dict[str, Any]
+                 - 如果是同步函数，直接调用
+                 - 如果是异步函数，会使用 asyncio.run 包装
+        secret_env_key: webhook 密钥的环境变量名
+        url_prefix: URL 前缀，默认为 "/api/webhook"
+        blueprint_name: Blueprint 名称，默认为 "aigc_auth_webhook"
+        
+    Returns:
+        Blueprint: Flask Blueprint 实例
+        
+    使用示例:
+        from huace_aigc_auth_client.webhook_flask import create_flask_webhook_blueprint
+        
+        # 方式1：使用适配器的 handle_webhook 方法
+        from your_app.adapters import YourAdapter
+        
+        sync_config = create_sync_config(...)
+        auth_client = AigcAuthClient(...)
+        adapter = YourAdapter(sync_config, auth_client)
+        
+        async def webhook_handler(data: dict) -> dict:
+            event = data.get("event")
+            event_data = data.get("data", {})
+            return await adapter.handle_webhook(event, event_data)
+        
+        webhook_bp = create_flask_webhook_blueprint(
+            handler=webhook_handler,
+            url_prefix="/api/webhook"
+        )
+        
+        # 方式2：自定义处理逻辑
+        def custom_handler(data: dict) -> dict:
+            event = data.get("event")
+            if event == "user.created":
+                # 自定义处理逻辑
+                user_data = data.get("data", {})
+                # ... 处理用户创建事件
+                return {"status": "success", "created": True}
+            return {"status": "ok"}
+        
+        webhook_bp = create_flask_webhook_blueprint(handler=custom_handler)
+        
+        # 注册到 Flask app
+        app.register_blueprint(webhook_bp)
+        
+        # Webhook 端点: POST /api/webhook/auth
+    """
+    webhook_bp = Blueprint(blueprint_name, __name__, url_prefix=url_prefix)
+    
+    @webhook_bp.route('/auth', methods=['POST'])
+    def receive_auth_webhook():
+        """
+        接收 aigc-auth 用户变更通知
+        
+        当 aigc-auth 中创建或更新用户时，会发送 webhook 通知到此端点。
+        
+        支持的事件:
+        - user.created: 用户创建
+        - user.updated: 用户更新
+        - user.deleted: 用户删除
+        - user.login: 用户登录
+        - user.init_sync_auth: 初始化同步请求
+        """
+        # 获取请求体
+        body = request.get_data()
+        
+        # 验证签名
+        signature = request.headers.get("X-Webhook-Signature", "")
+        secret = os.getenv(secret_env_key, "")
+        
+        if not verify_webhook_signature(body, signature, secret):
+            logger.warning("Webhook 签名验证失败")
+            return jsonify({"code": 401, "message": "Invalid signature"}), 401
+        
+        # 解析请求数据
+        try:
+            data = request.get_json()
+        except Exception as e:
+            logger.error(f"解析 webhook 数据失败: {e}")
+            return jsonify({"code": 400, "message": "Invalid JSON payload"}), 400
+        
+        # 记录日志
+        event = data.get("event", "unknown")
+        logger.info(f"收到 webhook 事件: {event}")
+        
+        # 调用用户提供的处理函数
+        try:
+            import asyncio
+            import inspect
+            
+            # 检查 handler 是否为协程函数
+            if inspect.iscoroutinefunction(handler):
+                result = asyncio.run(handler(data))
+            else:
+                result = handler(data)
+            
+            return jsonify({"code": 0, "message": "success", "data": result})
+            
+        except Exception as e:
+            logger.exception(f"处理 webhook 失败: {e}")
+            return jsonify({"code": 500, "message": str(e)}), 500
+    
+    return webhook_bp
+
+
+def register_flask_webhook_routes(
+    app,
+    handler: Callable[[Dict[str, Any]], Dict[str, Any]],
+    secret_env_key: str = "AIGC_AUTH_WEBHOOK_SECRET",
+    url_prefix: str = "/api/webhook",
+    blueprint_name: str = "aigc_auth_webhook"
+):
+    """
+    注册 webhook 路由到 Flask 应用
+    
+    这是一个便捷函数，封装了创建 blueprint 和注册的过程。
+    
+    Args:
+        app: Flask 应用实例
+        handler: 处理函数，接收 webhook 数据并返回结果
+        secret_env_key: webhook 密钥的环境变量名
+        url_prefix: URL 前缀，默认为 "/api/webhook"
+        blueprint_name: Blueprint 名称
+        
+    使用示例:
+        from huace_aigc_auth_client.webhook_flask import register_flask_webhook_routes
+        
+        app = Flask(__name__)
+        
+        # 创建适配器
+        adapter = YourAdapter(sync_config, auth_client)
+        
+        # 定义处理函数
+        async def webhook_handler(data: dict) -> dict:
+            event = data.get("event")
+            event_data = data.get("data", {})
+            return await adapter.handle_webhook(event, event_data)
+        
+        # 注册 webhook 路由
+        register_flask_webhook_routes(
+            app,
+            handler=webhook_handler,
+            url_prefix="/custom/webhook"  # 自定义前缀
+        )
+        
+        # Webhook 端点: POST /custom/webhook/auth
+    """
+    webhook_bp = create_flask_webhook_blueprint(
+        handler=handler,
+        secret_env_key=secret_env_key,
+        url_prefix=url_prefix,
+        blueprint_name=blueprint_name
+    )
+    app.register_blueprint(webhook_bp)
+    logger.info(f"Webhook 路由已注册: {url_prefix}/auth")
+
+
+# 向后兼容的别名
+create_webhook_blueprint = create_flask_webhook_blueprint
+register_webhook_routes = register_flask_webhook_routes

{huace_aigc_auth_client-1.1.8 → huace_aigc_auth_client-1.1.9/huace_aigc_auth_client.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huace-aigc-auth-client
-Version: 1.1.8
+Version: 1.1.9
 Summary: 华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能
 Author-email: Huace <support@huace.com>
 License: MIT
@@ -44,8 +44,7 @@ pip install huace-aigc-auth-client
 # 必填：应用 ID 和密钥（在鉴权中心创建应用后获取）
 AIGC_AUTH_APP_ID=your_app_id
 AIGC_AUTH_APP_SECRET=your_app_secret
-
-# 可选：鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth-test.aigc.huacemedia.com/aigc-auth/api/v1
+# 鉴权服务地址（默认为生产环境）- 测试环境鉴权地址：http://auth.aigc-test.huacemedia.com/aigc-auth/api/v1
 AIGC_AUTH_BASE_URL=https://aigc-auth.huacemedia.com/aigc-auth/api/v1
 ```
 
@@ -420,8 +419,8 @@ from huace_aigc_auth_client import LegacySystemAdapter, LegacyUserData
 class MyLegacyAdapter(LegacySystemAdapter):
     """实现与旧系统用户表的交互"""
     
-    def __init__(self, db, sync_config):
-        super().__init__(sync_config)
+    def __init__(self, db, sync_config, auth_client=None):
+        super().__init__(sync_config, auth_client)
         self.db = db
     
     def get_user_by_unique_field(self, username: str):
@@ -435,8 +434,23 @@ class MyLegacyAdapter(LegacySystemAdapter):
             "email": user.email,
             # ... 其他字段
         })
+
+    async def get_user_by_username_async(self, username: str) -> Optional[LegacyUserData]:
+        """异步通过用户名获取旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if not user:
+            return None
+        return LegacyUserData({
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            # ... 其他字段
+        })
     
-    def create_user(self, user_data: dict):
+    async def _create_user_async(self, user_data: Dict[str, Any]) -> Optional[Any]:
         """在旧系统创建用户"""
         user = User(
             username=user_data["username"],
@@ -445,20 +459,39 @@ class MyLegacyAdapter(LegacySystemAdapter):
             # ... 其他字段
         )
         self.db.add(user)
-        self.db.commit()
+        await self.db.commit()
         return user.id
     
-    def update_user(self, username: str, user_data: dict):
-        """更新旧系统用户"""
-        user = self.db.query(User).filter(User.username == username).first()
+    async def _update_user_async(self, username: str, user_data: Dict[str, Any]) -> bool:
+        """异步更新旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
         if user:
             for key, value in user_data.items():
                 setattr(user, key, value)
-            self.db.commit()
+            await self.db.commit()
+            return True
+        return False
+
+    async def _delete_user_async(self, username: str) -> bool:
+        """异步删除旧系统用户"""
+        user = await self.db.execute(
+            select(User).where(User.username == username)
+        )
+        user = user.scalars().first()
+        if user:
+            await self.db.delete(user) 
+            # 或者软删除：user.is_active = False
+            await self.db.commit()
+            return True
+        return False
     
-    def get_all_users(self):
-        """获取所有用户（用于初始化同步）"""
-        users = self.db.query(User).all()
+    async def get_all_users_async(self) -> List[LegacyUserData]:
+        """异步获取所有用户（用于初始化同步）"""
+        result = await self.db.execute(select(User))
+        users = result.scalars().all()
         return [LegacyUserData({"username": u.username, ...}) for u in users]
 ```
 
@@ -468,7 +501,7 @@ class MyLegacyAdapter(LegacySystemAdapter):
 from huace_aigc_auth_client import AigcAuthClient, UserSyncService
 
 client = AigcAuthClient()
-adapter = MyLegacyAdapter(db, sync_config)
+adapter = MyLegacyAdapter(db, sync_config, client)
 sync_service = UserSyncService(client, adapter)
 
 # 在获取用户信息后调用同步
@@ -479,7 +512,7 @@ async def auth_middleware(request, call_next):
     # 登录成功后，同步用户到旧系统
     if hasattr(request.state, "user_info"):
         user_info = request.state.user_info
-        sync_service.sync_on_login(user_info)
+        await sync_service.sync_on_login_async(user_info)
     
     return response
 ```
@@ -493,47 +526,35 @@ from fastapi import APIRouter
 from huace_aigc_auth_client import register_webhook_router
 
 api_router = APIRouter()
+client = AigcAuthClient()
+adapter = MyLegacyAdapter(db, sync_config, client)
 
 # 定义 webhook 处理函数
-async def handle_webhook(data: dict) -> dict:
+async def handle_auth_webhook(request_data: Dict[str, Any]) -> Dict[str, Any]:
     """
-    处理来自 aigc-auth 的 webhook 通知
+    独立的 webhook 处理函数（用于 SDK 集成）
     
-    Args:
-        data: webhook 数据，包含 event 和 data 字段
-        
-    Returns:
-        dict: 处理结果
+    这个函数不需要 db 参数，会在内部创建数据库会话。
+    适用于通过 SDK 的 register_webhook_router 注册。
     """
-    from your_app.db import get_db_session
+    from app.db.session import get_db
     
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    # 创建数据库会话
-    async with get_db_session() as db:
-        adapter = MyLegacyAdapter(db, sync_config)
-        
-        if event == "user.created":
-            # 处理用户创建事件
-            if not adapter.get_user_by_unique_field(user_data["username"]):
-                legacy_data = adapter.transform_auth_to_legacy(user_data)
-                legacy_data["password"] = sync_config.unified_password
-                adapter.create_user(legacy_data)
-                await db.commit()
-        
-        elif event == "user.updated":
-            # 处理用户更新事件
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            adapter.update_user(user_data["username"], legacy_data)
-            await db.commit()
-    
-    return {"status": "ok", "event": event}
+    async for db in get_db():
+        try:
+            event = request_data.get("event")
+            data = request_data.get("data", {})
+            logger.info(f"Received webhook event: {event} with data: {data}")
+            
+            # 调用适配器的 handle_webhook 方法
+            return await adapter.handle_webhook(event, data)
+        except Exception as e:
+            logger.exception(f"Failed to handle webhook: {e}")
+            raise
 
 # 注册 webhook 路由（自动处理签名验证）
 register_webhook_router(
     api_router,
-    handler=handle_webhook,
+    handler=handle_auth_webhook,
     prefix="/webhook",  # 可选，默认 "/webhook"
     secret_env_key="aigc-auth-webhook-secret",  # 可选，在 auth 后台配置
     tags=["Webhook"]  # 可选，默认 ["Webhook"]
@@ -542,55 +563,6 @@ register_webhook_router(
 # webhook 端点将自动创建在: /webhook/auth
 ```
 
-**传统方式：手动实现 Webhook 端点**
-
-```python
-import hmac
-import hashlib
-import os
-
-@app.post("/api/v1/webhook/auth")
-async def receive_auth_webhook(request: Request, db: Session = Depends(get_db)):
-    """接收 aigc-auth 的用户变更通知"""
-    # 获取原始请求体
-    body = await request.body()
-    
-    # 验证签名
-    signature = request.headers.get("X-Webhook-Signature", "")
-    secret = os.getenv("AIGC_AUTH_WEBHOOK_SECRET", "")
-    
-    if secret:
-        expected = hmac.new(
-            secret.encode('utf-8'),
-            body,
-            hashlib.sha256
-        ).hexdigest()
-        
-        if not hmac.compare_digest(expected, signature):
-            raise HTTPException(status_code=401, detail="Invalid signature")
-    
-    # 解析数据
-    data = await request.json()
-    event = data.get("event")
-    user_data = data.get("data", {})
-    
-    if event == "user.created":
-        adapter = MyLegacyAdapter(db, sync_config)
-        if not adapter.get_user_by_unique_field(user_data["username"]):
-            legacy_data = adapter.transform_auth_to_legacy(user_data)
-            legacy_data["password"] = sync_config.unified_password
-            adapter.create_user(legacy_data)
-            db.commit()
-    
-    elif event == "user.updated":
-        adapter = MyLegacyAdapter(db, sync_config)
-        legacy_data = adapter.transform_auth_to_legacy(user_data)
-        adapter.update_user(user_data["username"], legacy_data)
-        db.commit()
-    
-    return {"success": True}
-```
-
 **Webhook 签名验证说明**
 
 SDK 的 `register_webhook_router` 会自动处理签名验证：
@@ -604,7 +576,7 @@ SDK 的 `register_webhook_router` 会自动处理签名验证：
 ```python
 # 一次性脚本：将旧系统用户同步到 aigc-auth
 async def init_sync():
-    adapter = MyLegacyAdapter(db, sync_config)
+    adapter = MyLegacyAdapter(db, sync_config, client)
     users = adapter.get_all_users()
     
     for user in users:

{huace_aigc_auth_client-1.1.8 → huace_aigc_auth_client-1.1.9}/huace_aigc_auth_client.egg-info/SOURCES.txt

@@ -7,6 +7,7 @@ huace_aigc_auth_client/__init__.py
 huace_aigc_auth_client/legacy_adapter.py
 huace_aigc_auth_client/sdk.py
 huace_aigc_auth_client/webhook.py
+huace_aigc_auth_client/webhook_flask.py
 huace_aigc_auth_client.egg-info/PKG-INFO
 huace_aigc_auth_client.egg-info/SOURCES.txt
 huace_aigc_auth_client.egg-info/dependency_links.txt

{huace_aigc_auth_client-1.1.8 → huace_aigc_auth_client-1.1.9}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "huace-aigc-auth-client"
-version = "1.1.8"
+version = "1.1.9"
 description = "华策AIGC Auth Client - 提供 Token 验证、用户信息获取、权限检查、旧系统接入等功能"
 readme = "README.md"
 requires-python = ">=3.7"