lesscode-flask 0.2.63__tar.gz → 0.2.91__tar.gz

{lesscode_flask-0.2.63 → lesscode_flask-0.2.91}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lesscode-flask
-Version: 0.2.63
+Version: 0.2.91
 Summary: lesscode-flask 是基于flask的web开发脚手架项目，该项目初衷为简化开发过程，让研发人员更加关注业务。
 Home-page: https://lesscode-flask
 Author: Chao.yy
@@ -11,7 +11,7 @@ Classifier: Operating System :: OS Independent
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 Requires-Dist: Flask==3.0.3
-Requires-Dist: lesscode-utils==0.0.91
+Requires-Dist: lesscode-utils==0.0.94
 Requires-Dist: Flask-Login==0.6.3
 Requires-Dist: redis==5.1.1
 Requires-Dist: flask-swagger-ui==4.11.1

{lesscode_flask-0.2.63 → lesscode_flask-0.2.91}/lesscode_flask/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "0.2.63"
+__version__ = "0.2.91"
 
 import functools
 import logging
@@ -16,6 +16,20 @@ class SQ_Blueprint(Blueprint):
         if not kwargs.get("import_name"):
             kwargs["import_name"] = __name__
         super().__init__(name=name, url_prefix=url_prefix, **kwargs)
+        # 记录蓝图内显式注册的“路径 + 方法”，供初始化阶段做冲突过滤。
+        self._route_method_keys = set()
+
+    def add_url_rule(self, rule, endpoint=None, view_func=None, provide_automatic_options=None, **options):
+        methods = options.get("methods")
+        if methods is None:
+            methods = ["GET"]
+        elif isinstance(methods, str):
+            methods = [methods]
+        methods = [str(item).upper() for item in methods if item]
+        for method in methods:
+            self._route_method_keys.add(f"{rule}|{method}")
+        return super().add_url_rule(rule, endpoint=endpoint, view_func=view_func,
+                                    provide_automatic_options=provide_automatic_options, **options)
 
     def decorator_handler(
             self,

{lesscode_flask-0.2.63 → lesscode_flask-0.2.91}/lesscode_flask/app.py

@@ -18,7 +18,7 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 from lesscode_flask.model.response_result import ResponseResult
 from lesscode_flask.setup import setup_blueprint, setup_logging, setup_query_runner, setup_swagger, setup_sql_alchemy, \
     setup_redis, setup_login_manager, setup_resource_register, setup_data_download, setup_scheduler, \
-    setup_common_resource, setup_task
+    setup_common_resource, setup_task, setup_api_blueprint, prepare_api_blueprint_routes
 from lesscode_flask.signals import app_runed
 from lesscode_flask.utils.decorator.sql_injection import contains_sql_injection
 from lesscode_flask.utils.helpers import inject_args, generate_uuid, app_config
@@ -31,6 +31,7 @@ from lesscode_flask.utils.limit.req.rate_limiter_handler import RateLimitHandler
 from lesscode_flask.utils.limit.req_count.count_limiter_handler import CountLimitHandler
 from lesscode_flask.utils.limit.req_count.redis_count_limiter import RedisCountLimiter
 from lesscode_flask.utils.redis.redis_helper import RedisHelper
+from lesscode_flask.utils.sign import verify_request_signature
 from lesscode_flask.utils.swagger.swagger_util import generate_openapi_spec
 
 # import collections.abc as cabc
@@ -74,6 +75,7 @@ class Lesscoder(Flask):
             self.consecutiveAccessLimiter = RedisConsecutiveAccessLimiter(self.config.get("REDIS_LIMIT_KEY", "redis"))
 
     def preprocess_request(self) -> ft.ResponseReturnValue | None:
+        verify_request_signature(self)
         v = super(Lesscoder, self).preprocess_request()
         user_limit_policy = None
         if  hasattr(self, 'countLimiter') and self.countLimiter:
@@ -164,7 +166,9 @@ class Lesscoder(Flask):
         params_dict.update(view_args)
         SQL_INJECTION_ENABLE = self.config.get("SQL_INJECTION_ENABLE", False)
         if SQL_INJECTION_ENABLE:
-            if contains_sql_injection(params_dict):
+            sql_injection_white_list = self.config.get("SQL_INJECTION_WHITE_LIST", []) or []
+            is_sql_injection_white_path = any(req.path.startswith(path) for path in sql_injection_white_list)
+            if not is_sql_injection_white_path and contains_sql_injection(params_dict):
                 ResponseResult.fail("参数包含非法字符，请调整后重试！", status_code="403", http_code="403")
         # 调用处理函数执行请求处理
         result = self.ensure_sync(func)(**params_dict)
@@ -183,15 +187,80 @@ class Lesscoder(Flask):
             return result
 
     def setup(self):
+        def _collect_blueprint_route_method_keys(blueprint_map):
+            # 从项目内已定义的蓝图中提取“完整路径 + 方法”，用于后续排除同名自动接口。
+            route_method_keys = set()
+            for blueprint in blueprint_map.values():
+                prefix = (getattr(blueprint, "url_prefix", "") or "").rstrip("/")
+                # 优先使用 SQ_Blueprint 记录的路由元数据，避免依赖 Flask 闭包结构。
+                blueprint_keys = getattr(blueprint, "_route_method_keys", None)
+                if isinstance(blueprint_keys, set) and blueprint_keys:
+                    for key in blueprint_keys:
+                        if "|" not in key:
+                            continue
+                        route, method = key.rsplit("|", 1)
+                        full_route = f"{prefix}{route}" if prefix else route
+                        if not full_route.startswith("/"):
+                            full_route = f"/{full_route}"
+                        full_route = full_route.replace("//", "/")
+                        route_method_keys.add(f"{full_route}|{str(method).upper()}")
+                    continue
+
+                # 兜底方案：兼容普通 Blueprint 或未记录元数据的蓝图。
+                deferred_functions = getattr(blueprint, "deferred_functions", []) or []
+                for deferred in deferred_functions:
+                    closure = getattr(deferred, "__closure__", None) or []
+                    route = None
+                    methods = None
+                    for cell in closure:
+                        value = cell.cell_contents
+                        if isinstance(value, str) and value.startswith("/"):
+                            route = value
+                        elif isinstance(value, dict) and isinstance(value.get("methods"), (list, tuple, set)):
+                            methods = [str(item).upper() for item in value.get("methods") if item]
+                    if not route:
+                        continue
+                    full_route = f"{prefix}{route}" if prefix else route
+                    if not full_route.startswith("/"):
+                        full_route = f"/{full_route}"
+                    full_route = full_route.replace("//", "/")
+                    methods = methods or ["GET"]
+                    for method in methods:
+                        route_method_keys.add(f"{full_route}|{method}")
+            return route_method_keys
+
         setup_logging(self)
+        # 1) 先从能力平台准备自动蓝图路由计划（仅组织数据，不立即注册）。
+        api_capability_server, api_route_prefix, api_route_list = prepare_api_blueprint_routes(self)
+        # 1) 先收集项目代码中的蓝图定义。
         blueprint_map = setup_blueprint(self)
+        # 2) 用项目接口签名作为排除条件，确保同路径同方法时由项目接口覆盖自动接口。
+        project_route_method_keys = _collect_blueprint_route_method_keys(blueprint_map)
+        auto_blueprints = setup_api_blueprint(
+            self,
+            exclude_route_method_keys=project_route_method_keys,
+            existing_blueprint_names=set(blueprint_map.keys()),
+            route_list=api_route_list,
+            capability_server=api_capability_server,
+            route_prefix=api_route_prefix
+        )
         setup_query_runner()
         setup_swagger(self)
         setup_sql_alchemy(self)
         setup_redis(self)
         setup_login_manager(self)
+        # 3) 先注册自动蓝图，再注册项目蓝图；同时自动蓝图已做冲突过滤，保证项目实现优先。
+        if auto_blueprints:
+            for auto_blueprint in auto_blueprints:
+                self.register_blueprint(
+                    auto_blueprint,
+                    name=getattr(auto_blueprint, "_registration_name", auto_blueprint.name)
+                )
         for blueprint_name, blueprint in blueprint_map.items():
-            self.register_blueprint(blueprint)
+            self.register_blueprint(
+                blueprint,
+                name=getattr(blueprint, "_registration_name", blueprint_name)
+            )
         setup_common_resource(self)
         setup_resource_register(self)
         setup_data_download(self)

{lesscode_flask-0.2.63 → lesscode_flask-0.2.91}/lesscode_flask/log/access_log_handler.py

@@ -45,6 +45,12 @@ class AccessLogHandler(Handler):
         app_key = request.headers.get("App-Key")
         url = request.path
         url_info_key = f"upms:url_info:{url}"
+        # 签名
+        signature = request.headers.get("signature") or request.headers.get('Signature')
+        # 随机数
+        nonce = request.headers.get("nonce") or request.headers.get('Nonce')
+        # 时间戳
+        timestamp = request.headers.get("timestamp") or request.headers.get('Timestamp')
 
         resource_id = "-"
         resource_label = url
@@ -66,7 +72,8 @@ class AccessLogHandler(Handler):
                                obj_id=current_user.id, type=current_user.type, client_id=client_id,
                                resource_id=resource_id, location=location, sub=current_user.sub,
                                resource_label=resource_label, url=url, referrer=referrer, client_ip=client_ip,
-                               user_agent=user_agent_string, token=token, app_key=app_key, start_time=start_time,
+                               user_agent=user_agent_string, token=token, app_key=app_key, signature=signature,
+                               nonce=nonce, timestamp=timestamp, start_time=start_time,
                                end_time=end_time, duration=end_time - start_time, status_code=status_code,
                                params=params)
 

{lesscode_flask-0.2.63 → lesscode_flask-0.2.91}/lesscode_flask/model/access_log.py

@@ -24,6 +24,9 @@ class AccessLog(BaseModel):
     user_agent = Column(String(512), comment='客户端')
     token = Column(String(64), comment='token')
     app_key = Column(String(64), comment='请求的app_key')
+    signature = Column(String(64), comment='签名')
+    nonce = Column(String(64), comment='签名随机数')
+    timestamp = Column(String(64), comment='签名时间戳')
     params = Column(JSONEncodedDict)
     start_time = Column(DOUBLE, comment='开始时间')
     end_time = Column(DOUBLE, comment='结束时间')

{lesscode_flask-0.2.63 → lesscode_flask-0.2.91}/lesscode_flask/setting/__init__.py

@@ -90,6 +90,22 @@ class BaseConfig:
     AUTH_DEFAULT_ACCESS = 0
     # 启用生成刷新token
     OAUTH2_REFRESH_TOKEN_GENERATOR = True
+    # 请求签名校验开关（在token校验前执行）
+    SIGN_ENABLE: bool = False
+    # 固定签名密钥，建议在业务配置中覆盖
+    SIGN_SECRET: str = ""
+    # 签名有效时间窗口（秒）
+    SIGN_WINDOW_SEC: int = 300
+    # 防重放校验开关
+    SIGN_NONCE_ENABLE: bool = True
+    # nonce缓存时长（秒）
+    SIGN_NONCE_TTL_SEC: int = 300
+    # 签名白名单路径前缀
+    SIGN_WHITE_LIST: list = [SWAGGER_URL, SWAGGER_API_URL, f"{ROUTE_PREFIX}/oauth/token", f"{ROUTE_PREFIX}/oauth/captcha"]
+    # 签名IP白名单（支持单IP或CIDR，命中后跳过签名校验）
+    SIGN_IP_WHITE_LIST: list = []
+    # 忽略签名校验的方法
+    SIGN_IGNORE_METHODS: list = ["OPTIONS"]
     # 是否启用限流频率验证
     RATE_LIMIT_ENABLE: bool = False
 
@@ -132,6 +148,8 @@ class BaseConfig:
     FS_OAM_SERVICE_URL = "https://oa.shangqi.com.cn"
     # sql 注入验证器开关
     SQL_INJECTION_ENABLE = False
+    # sql 注入检测白名单，命中路径前缀时跳过检测
+    SQL_INJECTION_WHITE_LIST: list = []
     #
     #
     # # 外网地址
@@ -141,6 +159,9 @@ class BaseConfig:
     #
     # 数据服务
     CAPABILITY_PLATFORM_SERVER: str = "http://127.0.0.1:8976"
+    # 转调能力平台时附加的自定义请求头（key/value 由业务配置覆盖）
+    DATA_SOURCE_KEY: str = "Data-Source-Id"
+    DATA_SOURCE_VALUE: str = ""
     # # 权限服务地址
     # OAUTH_SERVER: str = ""
     # # 后端管理地址
@@ -165,6 +186,9 @@ class BaseConfig:
     REGISTER_ENABLE = False
     REGISTER_SERVER = "http://127.0.0.1:8976"
 
+    # 通过固定 API 拉取地址并自动注册蓝图（默认关闭）
+    AUTO_BLUEPRINT_ENABLE = False
+
     # 本地环境
     ENV = "local"
     # 是否代理能力平台的公共接口