PyPI - lesscode-flask - Versions diffs - 0.2.102__tar.gz → 0.2.105__tar.gz - Mend

lesscode-flask 0.2.102tar.gz → 0.2.105tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lesscode-flask
-Version: 0.2.102
+Version: 0.2.105
 Summary: lesscode-flask 是基于flask的web开发脚手架项目，该项目初衷为简化开发过程，让研发人员更加关注业务。
 Home-page: https://lesscode-flask
 Author: Chao.yy

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/lesscode_flask/__init__.py RENAMED Viewed

@@ -1,4 +1,4 @@
-__version__ = "0.2.102"
+__version__ = "0.2.105"
 import functools
 import logging

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/lesscode_flask/utils/decorator/cache.py RENAMED Viewed

@@ -133,7 +133,8 @@ def format_insert_key(signature, func_name, args, params):
         if k != "self":
             _args.append(f"{k}={json.dumps(params[k])}")
     str_insert_key = "&".join([str(x) for x in _args])
-    headers = {key: value for key, value in request.headers if key in ["App-Key", "Data-Source-Id"]}
+    headers = {key: value for key, value in request.headers if
+               key in ["App-Key", "Data-Source-Id", "Industry-Owner-Sign"]}
     for h in headers:
         str_insert_key = str_insert_key + "&" + str(headers[h])
     str_insert_key = app_config.get("ROUTE_PREFIX") + "#" + func_name + "#" + str_insert_key

lesscode_flask-0.2.105/lesscode_flask/utils/sign/body_canonical.py ADDED Viewed

@@ -0,0 +1,25 @@
+import json
+def _is_json_content_type(content_type: str) -> bool:
+    normalized = (content_type or "").split(";", 1)[0].strip().lower()
+    return normalized == "application/json" or normalized.endswith("+json")
+def canonicalize_body_bytes(body_bytes: bytes, content_type: str = "") -> bytes:
+    """
+    JSON 请求体统一规范化后再参与签名，避免不同链路重排字段顺序导致 hash 不一致。
+    非 JSON 请求体保持原始 bytes，不影响文件上传、表单和纯文本请求。
+    """
+    if not body_bytes or not _is_json_content_type(content_type):
+        return body_bytes or b""
+    try:
+        payload = json.loads(body_bytes)
+    except (TypeError, ValueError):
+        return body_bytes
+    return json.dumps(
+        payload,
+        ensure_ascii=False,
+        separators=(",", ":"),
+        sort_keys=True,
+    ).encode("utf-8")

lesscode_flask-0.2.105/lesscode_flask/utils/sign/sign_main.py ADDED Viewed

@@ -0,0 +1,95 @@
+import hashlib
+import hmac
+import time
+import uuid
+from urllib.parse import urlparse
+def body_sha256(body_bytes: bytes) -> str:
+    """对请求体原始 bytes 做 SHA256，保持与服务端 request.get_data() 一致。"""
+    return hashlib.sha256(body_bytes).hexdigest()
+def build_sign_content(method: str, path: str, query_string: str, body_bytes: bytes, timestamp: str, nonce: str) -> str:
+    """
+    生成规范签名串：
+    METHOD \n PATH \n QUERY_STRING \n BODY_SHA256 \n TIMESTAMP \n NONCE
+    """
+    return (
+        f"{method.upper()}\n"
+        f"{path}\n"
+        f"{query_string}\n"
+        f"{body_sha256(body_bytes)}\n"
+        f"{timestamp}\n"
+        f"{nonce}"
+    )
+def generate_signature(secret: str, sign_content: str) -> str:
+    """用 HMAC-SHA256 生成十六进制签名。"""
+    return hmac.new(secret.encode("utf-8"), sign_content.encode("utf-8"), hashlib.sha256).hexdigest()
+def parse_path_and_query(url: str) -> tuple[str, str]:
+    """从完整 URL 提取 path 和 query_string。"""
+    parsed = urlparse(url)
+    path = parsed.path or "/"
+    query_string = parsed.query or ""
+    return path, query_string
+def main():
+    # ===== 在这里粘贴你的请求信息（开始）=====
+    request_url = "http://localhost:8968/ike2b/navigation/cluster/test_sign"
+    request_method = "POST"
+    request_body = '{"type":1}'
+    sign_secret = "test_sign_secret"
+    # 可选：不填则自动生成
+    request_timestamp = ""
+    request_nonce = ""
+    # 可选：你的发送工具若会在 body 末尾补换行，改成 True
+    append_newline_to_body = False
+    # ===== 在这里粘贴你的请求信息（结束）=====
+    method = request_method.upper()
+    path, query_string = parse_path_and_query(request_url)
+    timestamp = request_timestamp or str(int(time.time()))
+    nonce = request_nonce or uuid.uuid4().hex
+    body = request_body or ""
+    body_bytes = body.encode("utf-8")
+    if append_newline_to_body:
+        body_bytes += b"\n"
+    sign_content = build_sign_content(
+        method=method,
+        path=path,
+        query_string=query_string,
+        body_bytes=body_bytes,
+        timestamp=timestamp,
+        nonce=nonce,
+    )
+    signature = generate_signature(sign_secret, sign_content)
+    body_hash = body_sha256(body_bytes)
+    print("=== 签名结果 ===")
+    print(f"Timestamp: {timestamp}")
+    print(f"Nonce: {nonce}")
+    print(f"Signature: {signature}")
+    print(f"Body-SHA256: {body_hash}")
+    print(f"Body-Bytes-Len: {len(body_bytes)}")
+    print()
+    print("=== 可直接追加到 curl 的请求头 ===")
+    print(f"--header 'Timestamp: {timestamp}' \\")
+    print(f"--header 'Nonce: {nonce}' \\")
+    print(f"--header 'Signature: {signature}'")
+    print()
+    print("=== 调试信息（参与签名的 body bytes）===")
+    print(repr(body_bytes))
+    print()
+    print("=== 调试信息（服务端签名原文）===")
+    print(sign_content)
+if __name__ == "__main__":
+    main()

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/lesscode_flask/utils/sign/signature.py RENAMED Viewed

@@ -8,6 +8,7 @@ from flask import request
 from lesscode_flask.model.response_result import ResponseResult
 from lesscode_flask.utils.redis.redis_helper import RedisHelper
+from lesscode_flask.utils.sign.body_canonical import canonicalize_body_bytes
 SIGN_ERROR_MESSAGE = "未知错误"
 SIGN_ERROR_CODE_MAP = {
@@ -37,12 +38,16 @@ def _fail_sign(error_key: str):
 def _body_sha256() -> str:
-    # 对原始请求体做哈希，保证不同 content-type 下签名输入一致。
+    # JSON 请求先做规范化再哈希，避免中间链路重排字段顺序后签名失配。
     body_bytes = request.get_data(cache=True) or b""
+    canonical_body_bytes = canonicalize_body_bytes(body_bytes, request.content_type or "")
     logging.info("body_bytes开始")
     logging.info("body_bytes: %s", body_bytes)
     logging.info("body_bytes结束")
-    return hashlib.sha256(body_bytes).hexdigest()
+    logging.info("canonical_body_bytes开始")
+    logging.info("canonical_body_bytes: %s", canonical_body_bytes)
+    logging.info("canonical_body_bytes结束")
+    return hashlib.sha256(canonical_body_bytes).hexdigest()
 def _is_upload_request() -> bool:

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/lesscode_flask.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lesscode-flask
-Version: 0.2.102
+Version: 0.2.105
 Summary: lesscode-flask 是基于flask的web开发脚手架项目，该项目初衷为简化开发过程，让研发人员更加关注业务。
 Home-page: https://lesscode-flask
 Author: Chao.yy

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/lesscode_flask.egg-info/SOURCES.txt RENAMED Viewed

@@ -54,6 +54,8 @@ lesscode_flask/utils/oss/minio_oss.py
 lesscode_flask/utils/redis/redis_helper.py
 lesscode_flask/utils/request/request.py
 lesscode_flask/utils/sign/__init__.py
+lesscode_flask/utils/sign/body_canonical.py
+lesscode_flask/utils/sign/sign_main.py
 lesscode_flask/utils/sign/signature.py
 lesscode_flask/utils/swagger/swagger_template.py
 lesscode_flask/utils/swagger/swagger_util.py

{lesscode_flask-0.2.102 → lesscode_flask-0.2.105}/redash/query_runner/dameng.py RENAMED Viewed

@@ -12,6 +12,11 @@ except ImportError:
     logging.error("dmPython is not installed, run: pip install dmPython")
     dmPython = None
     enabled = False
+    try:
+        import nspydm as dmPython
+        enabled = True
+    except ImportError as e:
+        logging.error("ns-pydm is not installed, run: pip install ns-pydm")
 logger = logging.getLogger(__name__)