PyPI - mdbq - Versions diffs - 4.0.101__py3-none-any.whl → 4.0.103__py3-none-any.whl - Mend

mdbq 4.0.101py3-none-any.whl → 4.0.103py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mdbq might be problematic. Click here for more details.

Files changed (7) hide show

mdbq/__version__.py +1 -1
mdbq/auth/auth_backend.py +192 -7
mdbq/auth/rate_limiter.py +173 -67
{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/METADATA +1 -1
{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/RECORD +7 -7
{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/WHEEL +0 -0
{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/top_level.txt +0 -0

mdbq/__version__.py CHANGED Viewed

	@@ -1 +1 @@
1	- VERSION = '4.0.~~101~~'
1	+ VERSION = '4.0.103'

mdbq/auth/auth_backend.py CHANGED Viewed

@@ -1427,15 +1427,200 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
-    def logout_device(self, user_id, device_id):
-        """登出指定设备"""
+    def logout_device(self, user_id, device_id=None, ip_address=None, user_agent=None, device_info=None, login_domain=''):
+        """
+        登出设备（支持两种识别方式）
+        Args:
+            user_id: 用户ID
+            device_id: 设备ID（用于指定设备登出）
+            ip_address: IP地址（用于当前设备登出）
+            user_agent: 用户代理（用于当前设备登出）
+            device_info: 设备信息（用于当前设备登出）
+            login_domain: 登录域名（用于当前设备登出）
+        Returns:
+            dict: 登出结果
+        """
         conn = self.pool.connection()
         cursor = conn.cursor()
         try:
             current_time_utc = datetime.now(timezone.utc)
-            # 查找设备
+            if device_id:
+                # 方式1：通过device_id查找设备（用于设备管理界面）
+                cursor.execute('''
+                    SELECT id, device_name FROM device_sessions
+                    WHERE user_id = %s AND device_id = %s AND is_active = 1
+                ''', (user_id, device_id))
+                device = cursor.fetchone()
+                logout_reason = 'single_device_logout'
+                if not device:
+                    return {'success': False, 'message': '设备不存在或已登出'}
+            else:
+                # 方式2：通过设备指纹查找当前设备（用于当前设备登出）
+                if not user_agent:
+                    return {'success': False, 'message': '缺少设备识别信息'}
+                # 解析用户代理获取基本信息
+                parsed_ua = self._parse_user_agent(user_agent)
+                # 合并设备信息
+                full_device_info = {
+                    'user_agent': user_agent,
+                    'platform': parsed_ua.get('platform'),
+                    **parsed_ua,
+                    **(device_info or {})
+                }
+                # 生成包含域名的设备指纹来识别当前设备
+                device_fingerprint = self._generate_device_fingerprint(full_device_info, login_domain)
+                # 查找当前活跃的设备会话
+                cursor.execute('''
+                    SELECT ds.id, ds.device_name
+                    FROM device_sessions ds
+                    WHERE ds.user_id = %s AND ds.device_fingerprint = %s AND ds.login_domain = %s
+                      AND ds.is_active = 1
+                    ORDER BY ds.session_version DESC
+                    LIMIT 1
+                ''', (user_id, device_fingerprint, login_domain))
+                device = cursor.fetchone()
+                logout_reason = 'current_device_logout'
+                if not device:
+                    return {'success': False, 'message': '当前设备会话不存在或已失效'}
+            device_session_id = device['id']
+            device_name = device['device_name']
+            # 撤销该设备的刷新令牌
+            cursor.execute('''
+                UPDATE refresh_tokens
+                SET is_revoked = 1, revoked_at = %s, revoked_reason = %s
+                WHERE device_session_id = %s AND is_revoked = 0
+            ''', (current_time_utc, logout_reason, device_session_id))
+            # 停用设备会话
+            cursor.execute('''
+                UPDATE device_sessions
+                SET is_active = 0
+                WHERE id = %s
+            ''', (device_session_id,))
+            message = f'设备 "{device_name}" 已成功登出' if device_id else f'已成功登出当前设备 "{device_name}"'
+            return {'success': True, 'message': message}
+        except Exception as e:
+            return {'success': False, 'message': f'登出设备失败: {str(e)}'}
+        finally:
+            cursor.close()
+            conn.close()
+    def logout_current_device(self, user_id, access_token=None):
+        """
+        退出当前设备（通过token识别）
+        Args:
+            user_id: 用户ID
+            access_token: 当前的访问令牌（用于识别设备会话）
+        Returns:
+            dict: 登出结果
+        """
+        conn = self.pool.connection()
+        cursor = conn.cursor()
+        try:
+            current_time_utc = datetime.now(timezone.utc)
+            if access_token:
+                # 方式1：通过access_token解析出设备会话信息
+                try:
+                    payload = self.verify_access_token(access_token)
+                    if not payload:
+                        return {'success': False, 'message': '无效的访问令牌'}
+                    # 查找该用户最近活跃的设备（作为当前设备的近似）
+                    cursor.execute('''
+                        SELECT ds.id, ds.device_name, rt.id as token_id
+                        FROM device_sessions ds
+                        LEFT JOIN refresh_tokens rt ON ds.id = rt.device_session_id AND rt.is_revoked = 0
+                        WHERE ds.user_id = %s AND ds.is_active = 1
+                        ORDER BY ds.last_activity DESC
+                        LIMIT 1
+                    ''', (user_id,))
+                except Exception:
+                    # token解析失败，使用备用方案
+                    cursor.execute('''
+                        SELECT id, device_name FROM device_sessions
+                        WHERE user_id = %s AND is_active = 1
+                        ORDER BY last_activity DESC
+                        LIMIT 1
+                    ''', (user_id,))
+            else:
+                # 方式2：没有token时，登出最新活跃的设备
+                cursor.execute('''
+                    SELECT id, device_name FROM device_sessions
+                    WHERE user_id = %s AND is_active = 1
+                    ORDER BY last_activity DESC
+                    LIMIT 1
+                ''', (user_id,))
+            device = cursor.fetchone()
+            if not device:
+                return {'success': False, 'message': '没有找到活跃的设备会话'}
+            device_session_id = device['id']
+            device_name = device['device_name']
+            # 撤销该设备的刷新令牌
+            cursor.execute('''
+                UPDATE refresh_tokens
+                SET is_revoked = 1, revoked_at = %s, revoked_reason = 'current_device_logout'
+                WHERE device_session_id = %s AND is_revoked = 0
+            ''', (current_time_utc, device_session_id))
+            # 停用设备会话
+            cursor.execute('''
+                UPDATE device_sessions
+                SET is_active = 0
+                WHERE id = %s
+            ''', (device_session_id,))
+            return {'success': True, 'message': f'已成功退出当前设备 "{device_name}"'}
+        except Exception as e:
+            return {'success': False, 'message': f'退出当前设备失败: {str(e)}'}
+        finally:
+            cursor.close()
+            conn.close()
+    def logout_specific_device(self, user_id, device_id):
+        """
+        退出指定设备（通过device_id）
+        Args:
+            user_id: 用户ID
+            device_id: 要退出的设备ID
+        Returns:
+            dict: 登出结果
+        """
+        conn = self.pool.connection()
+        cursor = conn.cursor()
+        try:
+            current_time_utc = datetime.now(timezone.utc)
+            # 通过device_id查找设备，确保属于该用户
             cursor.execute('''
                 SELECT id, device_name FROM device_sessions
                 WHERE user_id = %s AND device_id = %s AND is_active = 1
@@ -1444,7 +1629,7 @@ class StandaloneAuthManager:
             device = cursor.fetchone()
             if not device:
-                return {'success': False, 'message': '设备不存在或已登出'}
+                return {'success': False, 'message': '设备不存在或已退出'}
             device_session_id = device['id']
             device_name = device['device_name']
@@ -1452,7 +1637,7 @@ class StandaloneAuthManager:
             # 撤销该设备的刷新令牌
             cursor.execute('''
                 UPDATE refresh_tokens
-                SET is_revoked = 1, revoked_at = %s, revoked_reason = 'single_device_logout'
+                SET is_revoked = 1, revoked_at = %s, revoked_reason = 'specific_device_logout'
                 WHERE device_session_id = %s AND is_revoked = 0
             ''', (current_time_utc, device_session_id))
@@ -1463,10 +1648,10 @@ class StandaloneAuthManager:
                 WHERE id = %s
             ''', (device_session_id,))
-            return {'success': True, 'message': f'设备 "{device_name}" 已成功登出'}
+            return {'success': True, 'message': f'已成功退出设备 "{device_name}"'}
         except Exception as e:
-            return {'success': False, 'message': f'登出设备失败: {str(e)}'}
+            return {'success': False, 'message': f'退出指定设备失败: {str(e)}'}
         finally:
             cursor.close()
             conn.close()

mdbq/auth/rate_limiter.py CHANGED Viewed

@@ -255,30 +255,60 @@ class AdvancedRateLimiter:
     def check_sliding_window_log(self, key: str, rule: RateLimitRule) -> Tuple[bool, int]:
         """滑动窗口日志算法"""
-        with self.locks[key]:
-            current_time = time.time()
-            window_start = current_time - rule.window
-            if key not in self.storage:
-                self.storage[key] = {'requests': deque(), 'last_access': current_time}
-            # 更新最后访问时间
-            self.storage[key]['last_access'] = current_time
-            requests = self.storage[key]['requests']
-            # 清理过期请求
-            while requests and requests[0] < window_start:
-                requests.popleft()
-            # 检查是否超过限制
-            if len(requests) >= rule.requests:
-                return False, 0
-            # 记录当前请求
-            requests.append(current_time)
-            remaining = rule.requests - len(requests)
+        try:
+            if self.logger:
+                self.logger.debug(f"滑动窗口检查: key={key}, rule.requests={rule.requests}, rule.window={rule.window}")
-            return True, remaining
+            with self.locks[key]:
+                current_time = time.time()
+                window_start = current_time - rule.window
+                if key not in self.storage:
+                    if self.logger:
+                        self.logger.debug(f"创建新的存储条目: key={key}")
+                    self.storage[key] = {'requests': deque(), 'last_access': current_time}
+                # 更新最后访问时间
+                self.storage[key]['last_access'] = current_time
+                # 确保存储结构正确（可能被其他算法创建了不同结构）
+                if 'requests' not in self.storage[key]:
+                    if self.logger:
+                        self.logger.debug(f"修复存储结构: key={key}, 当前结构={list(self.storage[key].keys())}")
+                    # 重新初始化为滑动窗口结构
+                    self.storage[key] = {'requests': deque(), 'last_access': current_time}
+                requests = self.storage[key]['requests']
+                if self.logger:
+                    self.logger.debug(f"当前请求队列长度: {len(requests)}")
+                # 清理过期请求
+                while requests and requests[0] < window_start:
+                    requests.popleft()
+                # 检查是否超过限制
+                if len(requests) >= rule.requests:
+                    if self.logger:
+                        self.logger.debug(f"请求超限: {len(requests)} >= {rule.requests}")
+                    return False, 0
+                # 记录当前请求
+                requests.append(current_time)
+                remaining = rule.requests - len(requests)
+                if self.logger:
+                    self.logger.debug(f"请求允许: remaining={remaining}")
+                return True, remaining
+        except Exception as e:
+            if self.logger:
+                import traceback
+                self.logger.error(f"滑动窗口算法异常: {str(e)}")
+                self.logger.error(f"Key: {key}, Rule: {rule}")
+                self.logger.error(f"异常详情: {traceback.format_exc()}")
+            # 异常时允许通过
+            return True, 100
     def check_token_bucket(self, key: str, rule: RateLimitRule) -> Tuple[bool, int]:
         """令牌桶算法"""
@@ -313,59 +343,122 @@ class AdvancedRateLimiter:
     def check_fixed_window(self, key: str, rule: RateLimitRule) -> Tuple[bool, int]:
         """固定窗口算法"""
-        current_time = time.time()
-        window_start = int(current_time // rule.window) * rule.window
-        with self.locks[key]:
-            if key not in self.storage:
-                self.storage[key] = {'count': 0, 'window_start': window_start, 'last_access': current_time}
-            # 更新最后访问时间
-            self.storage[key]['last_access'] = current_time
-            data = self.storage[key]
-            # 检查是否是新窗口
-            if data['window_start'] != window_start:
-                data['count'] = 0
-                data['window_start'] = window_start
+        try:
+            if self.logger:
+                self.logger.debug(f"固定窗口检查: key={key}, rule.requests={rule.requests}, rule.window={rule.window}")
-            # 检查是否超过限制
-            if data['count'] >= rule.requests:
-                return False, 0
+            current_time = time.time()
+            window_start = int(current_time // rule.window) * rule.window
-            data['count'] += 1
-            remaining = rule.requests - data['count']
+            with self.locks[key]:
+                if key not in self.storage:
+                    if self.logger:
+                        self.logger.debug(f"创建新的固定窗口存储: key={key}")
+                    self.storage[key] = {'count': 0, 'window_start': window_start, 'last_access': current_time}
+                # 更新最后访问时间
+                self.storage[key]['last_access'] = current_time
+                # 确保存储结构正确（可能被滑动窗口算法创建了不同结构）
+                if 'count' not in self.storage[key] or 'window_start' not in self.storage[key]:
+                    if self.logger:
+                        self.logger.debug(f"修复固定窗口存储结构: key={key}, 当前结构={list(self.storage[key].keys())}")
+                    # 重新初始化为固定窗口结构
+                    self.storage[key] = {'count': 0, 'window_start': window_start, 'last_access': current_time}
+                data = self.storage[key]
-            return True, remaining
+                # 检查是否是新窗口
+                if data['window_start'] != window_start:
+                    if self.logger:
+                        self.logger.debug(f"新窗口开始: {window_start}")
+                    data['count'] = 0
+                    data['window_start'] = window_start
+                # 检查是否超过限制
+                if data['count'] >= rule.requests:
+                    if self.logger:
+                        self.logger.debug(f"固定窗口请求超限: {data['count']} >= {rule.requests}")
+                    return False, 0
+                data['count'] += 1
+                remaining = rule.requests - data['count']
+                if self.logger:
+                    self.logger.debug(f"固定窗口请求允许: count={data['count']}, remaining={remaining}")
+                return True, remaining
+        except Exception as e:
+            if self.logger:
+                import traceback
+                self.logger.error(f"固定窗口算法异常: {str(e)}")
+                self.logger.error(f"Key: {key}, Rule: {rule}")
+                self.logger.error(f"异常详情: {traceback.format_exc()}")
+            # 异常时允许通过
+            return True, 100
     def check_rate_limit(self, api_type: str, key: str, level: RateLimitLevel,
                         strategy: RateLimitStrategy = None) -> Tuple[bool, int, dict]:
         """核心限流检查"""
-        # 检查是否被阻断
-        is_blocked, block_remaining = self.is_blocked(key)
-        if is_blocked:
-            return False, 0, {
-                'error': 'blocked',
-                'retry_after': block_remaining,
-                'reason': 'IP temporarily blocked due to excessive requests'
-            }
-        # 获取限流规则
-        if api_type not in self.rules or level not in self.rules[api_type]:
-            rule = RateLimitRule(100, 60)  # 默认规则
-        else:
-            rule = self.rules[api_type][level]
+        try:
+            if self.logger:
+                self.logger.debug(f"check_rate_limit: api_type={api_type}, key={key}, level={level}")
+            # 检查是否被阻断
+            is_blocked, block_remaining = self.is_blocked(key)
+            if is_blocked:
+                if self.logger:
+                    self.logger.debug(f"Key {key} is blocked, remaining: {block_remaining}")
+                return False, 0, {
+                    'error': 'blocked',
+                    'retry_after': block_remaining,
+                    'reason': 'IP temporarily blocked due to excessive requests'
+                }
+            # 获取限流规则
+            if api_type not in self.rules or level not in self.rules[api_type]:
+                if self.logger:
+                    self.logger.debug(f"Using default rule for api_type={api_type}, level={level}")
+                rule = RateLimitRule(100, 60)  # 默认规则
+            else:
+                rule = self.rules[api_type][level]
+                if self.logger:
+                    self.logger.debug(f"Using rule: requests={rule.requests}, window={rule.window}")
+        except Exception as e:
+            if self.logger:
+                import traceback
+                self.logger.error(f"check_rate_limit异常: {str(e)}")
+                self.logger.error(f"异常详情: {traceback.format_exc()}")
+            # 异常时返回允许通过
+            return True, 100, {}
         # 选择限流策略
-        strategy = strategy or rule.strategy
-        if strategy == RateLimitStrategy.SLIDING_WINDOW_LOG:
-            allowed, remaining = self.check_sliding_window_log(key, rule)
-        elif strategy == RateLimitStrategy.TOKEN_BUCKET:
-            allowed, remaining = self.check_token_bucket(key, rule)
-        else:
-            # 默认固定窗口
-            allowed, remaining = self.check_fixed_window(key, rule)
+        try:
+            strategy = strategy or rule.strategy
+            if self.logger:
+                self.logger.debug(f"Using strategy: {strategy}")
+            if strategy == RateLimitStrategy.SLIDING_WINDOW_LOG:
+                allowed, remaining = self.check_sliding_window_log(key, rule)
+            elif strategy == RateLimitStrategy.TOKEN_BUCKET:
+                allowed, remaining = self.check_token_bucket(key, rule)
+            else:
+                # 默认固定窗口
+                allowed, remaining = self.check_fixed_window(key, rule)
+            if self.logger:
+                self.logger.debug(f"Strategy result: allowed={allowed}, remaining={remaining}")
+        except Exception as e:
+            if self.logger:
+                import traceback
+                self.logger.error(f"限流策略执行异常: {str(e)}")
+                self.logger.error(f"策略: {strategy}, Key: {key}")
+                self.logger.error(f"异常详情: {traceback.format_exc()}")
+            # 策略执行异常时，允许通过
+            return True, 100, {}
         # 如果超过限制，考虑是否阻断
         if not allowed:
@@ -459,13 +552,22 @@ class RateLimitDecorators:
             def decorated_function(*args, **kwargs):
                 try:
                     # 获取客户端信息
+                    if self.limiter.logger:
+                        self.limiter.logger.debug(f"限流检查开始: api_type={api_type}")
                     client_ip, user_level, rate_limit_key = self.limiter.get_client_info()
+                    if self.limiter.logger:
+                        self.limiter.logger.debug(f"客户端信息: ip={client_ip}, level={user_level}, key={rate_limit_key}")
                     # 执行限流检查
                     allowed, remaining, error_info = self.limiter.check_rate_limit(
                         api_type, rate_limit_key, user_level, strategy
                     )
+                    if self.limiter.logger:
+                        self.limiter.logger.debug(f"限流检查结果: allowed={allowed}, remaining={remaining}")
                     if not allowed:
                         # 记录限流事件
                         if self.limiter.logger:
@@ -510,7 +612,11 @@ class RateLimitDecorators:
                 except Exception as e:
                     if self.limiter.logger:
+                        import traceback
                         self.limiter.logger.error(f"限流系统异常: {str(e)}")
+                        self.limiter.logger.error(f"异常类型: {type(e).__name__}")
+                        self.limiter.logger.error(f"异常详情: {traceback.format_exc()}")
+                        self.limiter.logger.error(f"API类型: {api_type}, 策略: {strategy}")
                     # 限流系统故障时，允许请求通过
                     return f(*args, **kwargs)

{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mdbq
-Version: 4.0.101
+Version: 4.0.103
 Home-page: https://pypi.org/project/mdbq
 Author: xigua,
 Author-email: 2587125111@qq.com

{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/RECORD RENAMED Viewed

@@ -1,8 +1,8 @@
 mdbq/__init__.py,sha256=Il5Q9ATdX8yXqVxtP_nYqUhExzxPC_qk_WXQ_4h0exg,16
-mdbq/__version__.py,sha256=rfICcxlmzUQJ5Hzr7UgjXor-iFyT_ckRGGFJPHSOmSM,19
+mdbq/__version__.py,sha256=qTcnY2bvQn-NzVBlZcbrJG8Y5EPJqPqlZRvmmiZhj_k,19
 mdbq/auth/__init__.py,sha256=pnPMAt63sh1B6kEvmutUuro46zVf2v2YDAG7q-jV_To,24
-mdbq/auth/auth_backend.py,sha256=cUL9oWzzFSuJgvqeo4ognl8NiMvaIWNgJMaG7ZCLvnA,79391
-mdbq/auth/rate_limiter.py,sha256=TAMayHQxDPCEc4eGcsMnCCCYQ6LWxkoCcUd7XsTGu9I,26960
+mdbq/auth/auth_backend.py,sha256=9hYqpILqlpOJ89qi6N0h35QS7No2QNT8qCu78tajwIs,86999
+mdbq/auth/rate_limiter.py,sha256=1m_Paxp8pDNpmyoFGRpFMVOJpbmeIvfVcfiQ2oH72qM,32850
 mdbq/js/__init__.py,sha256=hpMi3_ZKwIWkzc0LnKL-SY9AS-7PYFHq0izYTgEvxjc,30
 mdbq/js/jc.py,sha256=FOc6HOOTJwnoZLZmgmaE1SQo9rUnVhXmefhKMD2MlDA,13229
 mdbq/log/__init__.py,sha256=Mpbrav0s0ifLL7lVDAuePEi1hJKiSHhxcv1byBKDl5E,15
@@ -33,7 +33,7 @@ mdbq/route/routes.py,sha256=QVGfTvDgu0CpcKCvk1ra74H8uojgqTLUav1fnVAqLEA,29433
 mdbq/selenium/__init__.py,sha256=AKzeEceqZyvqn2dEDoJSzDQnbuENkJSHAlbHAD0u0ZI,10
 mdbq/selenium/get_driver.py,sha256=1NTlVUE6QsyjTrVVVqTO2LOnYf578ccFWlWnvIXGtic,20903
 mdbq/spider/__init__.py,sha256=RBMFXGy_jd1HXZhngB2T2XTvJqki8P_Fr-pBcwijnew,18
-mdbq-4.0.101.dist-info/METADATA,sha256=TOyDrSssNPs9yZd59NXESLL6pXYOVHQGmFzJ1HtT8hw,365
-mdbq-4.0.101.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mdbq-4.0.101.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
-mdbq-4.0.101.dist-info/RECORD,,
+mdbq-4.0.103.dist-info/METADATA,sha256=PdQ5SB6ffus_bjg8DWRonFLHRF_JYD_BMtuqbv238g8,365
+mdbq-4.0.103.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mdbq-4.0.103.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
+mdbq-4.0.103.dist-info/RECORD,,

{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/WHEEL RENAMED Viewed

File without changes

{mdbq-4.0.101.dist-info → mdbq-4.0.103.dist-info}/top_level.txt RENAMED Viewed

File without changes

mdbq 4.0.101__py3-none-any.whl → 4.0.103__py3-none-any.whl

Potentially problematic release.

mdbq 4.0.101py3-none-any.whl → 4.0.103py3-none-any.whl