mdbq 4.0.127__py3-none-any.whl → 4.0.129__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of mdbq might be problematic. Click here for more details.
- mdbq/__version__.py +1 -1
- mdbq/auth/auth_backend.py +71 -2
- mdbq/auth/crypto.py +58 -16
- {mdbq-4.0.127.dist-info → mdbq-4.0.129.dist-info}/METADATA +1 -1
- {mdbq-4.0.127.dist-info → mdbq-4.0.129.dist-info}/RECORD +7 -7
- {mdbq-4.0.127.dist-info → mdbq-4.0.129.dist-info}/WHEEL +0 -0
- {mdbq-4.0.127.dist-info → mdbq-4.0.129.dist-info}/top_level.txt +0 -0
mdbq/__version__.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
VERSION = '4.0.
|
|
1
|
+
VERSION = '4.0.129'
|
mdbq/auth/auth_backend.py
CHANGED
|
@@ -37,6 +37,75 @@ except ImportError:
|
|
|
37
37
|
request = None
|
|
38
38
|
|
|
39
39
|
|
|
40
|
+
# 角色权限配置
|
|
41
|
+
ROLE_PERMISSIONS = {
|
|
42
|
+
"super_admin": [
|
|
43
|
+
# 所有权限
|
|
44
|
+
"read", "write", "delete", "admin", "database",
|
|
45
|
+
"execute", "import", "export", "backup", "restore",
|
|
46
|
+
"create", "update", "publish", "moderate",
|
|
47
|
+
"configure", "settings", "maintenance",
|
|
48
|
+
"user_management", "role_management", "permission_management",
|
|
49
|
+
"view_logs", "view_analytics", "audit", "monitor",
|
|
50
|
+
"security_audit", "access_control",
|
|
51
|
+
"api_read", "api_write", "webhook", "integration",
|
|
52
|
+
"file_upload", "file_download", "file_manage",
|
|
53
|
+
"resource_quota", "storage_manage"
|
|
54
|
+
],
|
|
55
|
+
|
|
56
|
+
"admin": [
|
|
57
|
+
# 管理员权限(除了系统级配置)
|
|
58
|
+
"read", "write", "delete", "database",
|
|
59
|
+
"execute", "import", "export", "backup",
|
|
60
|
+
"create", "update", "publish", "moderate",
|
|
61
|
+
"user_management", "view_logs", "view_analytics",
|
|
62
|
+
"audit", "monitor", "api_read", "api_write",
|
|
63
|
+
"file_upload", "file_download", "file_manage"
|
|
64
|
+
],
|
|
65
|
+
|
|
66
|
+
"manager": [
|
|
67
|
+
# 经理权限
|
|
68
|
+
"read", "write", "database",
|
|
69
|
+
"create", "update", "publish", "moderate",
|
|
70
|
+
"import", "export", "view_analytics",
|
|
71
|
+
"api_read", "file_upload", "file_download"
|
|
72
|
+
],
|
|
73
|
+
|
|
74
|
+
"editor": [
|
|
75
|
+
# 编辑权限
|
|
76
|
+
"read", "write", "create", "update",
|
|
77
|
+
"file_upload", "file_download", "api_read"
|
|
78
|
+
],
|
|
79
|
+
|
|
80
|
+
"user": [
|
|
81
|
+
# 普通用户权限
|
|
82
|
+
"read", "write", "create", "update", "database",
|
|
83
|
+
"file_upload", "file_download", "api_read"
|
|
84
|
+
],
|
|
85
|
+
|
|
86
|
+
"vi_user": [
|
|
87
|
+
# 降级的用户权限
|
|
88
|
+
"read", "database",
|
|
89
|
+
"file_upload", "file_download", "api_read"
|
|
90
|
+
],
|
|
91
|
+
|
|
92
|
+
"viewer": [
|
|
93
|
+
# 只读权限
|
|
94
|
+
"read", "view_analytics", "file_download"
|
|
95
|
+
],
|
|
96
|
+
|
|
97
|
+
"api_user": [
|
|
98
|
+
# API专用用户
|
|
99
|
+
"api_read", "api_write", "read", "write"
|
|
100
|
+
],
|
|
101
|
+
|
|
102
|
+
"auditor": [
|
|
103
|
+
# 审计员权限
|
|
104
|
+
"read", "view_logs", "view_analytics", "audit", "monitor"
|
|
105
|
+
]
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
|
|
40
109
|
class StandaloneAuthManager:
|
|
41
110
|
"""独立的身份验证管理器"""
|
|
42
111
|
|
|
@@ -155,7 +224,7 @@ class StandaloneAuthManager:
|
|
|
155
224
|
password_hash VARCHAR(128) NOT NULL,
|
|
156
225
|
password_plain TEXT NOT NULL,
|
|
157
226
|
salt VARCHAR(64) NOT NULL,
|
|
158
|
-
role ENUM('admin', 'user', '
|
|
227
|
+
role ENUM('super_admin', 'admin', 'manager', 'editor', 'user', 'viewer', 'api_user', 'auditor') NOT NULL DEFAULT 'user',
|
|
159
228
|
permissions JSON DEFAULT (JSON_ARRAY()),
|
|
160
229
|
is_active TINYINT(1) NOT NULL DEFAULT 1,
|
|
161
230
|
created_at TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
|
|
@@ -429,7 +498,7 @@ class StandaloneAuthManager:
|
|
|
429
498
|
|
|
430
499
|
# 设置默认权限
|
|
431
500
|
if permissions is None:
|
|
432
|
-
permissions =
|
|
501
|
+
permissions = ROLE_PERMISSIONS.get(role, ['read'])
|
|
433
502
|
permissions_json = json.dumps(permissions)
|
|
434
503
|
|
|
435
504
|
# 创建新用户
|
mdbq/auth/crypto.py
CHANGED
|
@@ -118,7 +118,7 @@ class KeyManager:
|
|
|
118
118
|
return public_key_pem
|
|
119
119
|
|
|
120
120
|
except Exception as e:
|
|
121
|
-
self.logger.error(
|
|
121
|
+
self.logger.error("读取公钥失败", {'error': str(e)})
|
|
122
122
|
return None
|
|
123
123
|
|
|
124
124
|
def get_private_key(self) -> Optional[Any]:
|
|
@@ -154,7 +154,7 @@ class KeyManager:
|
|
|
154
154
|
return private_key
|
|
155
155
|
|
|
156
156
|
except Exception as e:
|
|
157
|
-
self.logger.error(
|
|
157
|
+
self.logger.error("读取私钥失败", {'error': str(e)})
|
|
158
158
|
return None
|
|
159
159
|
|
|
160
160
|
def clear_cache(self):
|
|
@@ -177,36 +177,59 @@ class CryptoService:
|
|
|
177
177
|
try:
|
|
178
178
|
# 解析加密数据
|
|
179
179
|
encrypted_data = json.loads(base64.b64decode(encrypted_token))
|
|
180
|
-
|
|
180
|
+
|
|
181
181
|
# 获取私钥
|
|
182
182
|
private_key = self.key_manager.get_private_key()
|
|
183
183
|
if not private_key:
|
|
184
|
+
self.logger.error("无法获取私钥")
|
|
184
185
|
return None
|
|
185
186
|
|
|
186
187
|
# 解密AES密钥
|
|
187
188
|
encrypted_aes_key = base64.b64decode(encrypted_data['key'])
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
189
|
+
|
|
190
|
+
# 使用SHA-512加密算法
|
|
191
|
+
try:
|
|
192
|
+
aes_key = private_key.decrypt(
|
|
193
|
+
encrypted_aes_key,
|
|
194
|
+
padding.OAEP(
|
|
195
|
+
mgf=padding.MGF1(algorithm=hashes.SHA512()),
|
|
196
|
+
algorithm=hashes.SHA512(),
|
|
197
|
+
label=None
|
|
198
|
+
)
|
|
194
199
|
)
|
|
195
|
-
|
|
200
|
+
except Exception as decrypt_error:
|
|
201
|
+
self.logger.error("RSA解密失败", {'error': str(decrypt_error)})
|
|
196
202
|
|
|
197
203
|
# 解密数据
|
|
198
204
|
iv = base64.b64decode(encrypted_data['iv'])
|
|
199
205
|
ciphertext = base64.b64decode(encrypted_data['ciphertext'])
|
|
200
206
|
|
|
201
|
-
|
|
202
|
-
|
|
207
|
+
# 检查是否有认证标签(AES-GCM需要)
|
|
208
|
+
if 'tag' in encrypted_data:
|
|
209
|
+
tag = base64.b64decode(encrypted_data['tag'])
|
|
210
|
+
# 将tag附加到密文末尾(AES-GCM标准做法)
|
|
211
|
+
ciphertext_with_tag = ciphertext + tag
|
|
212
|
+
else:
|
|
213
|
+
# 如果没有tag,假设密文已经包含tag
|
|
214
|
+
ciphertext_with_tag = ciphertext
|
|
215
|
+
|
|
216
|
+
try:
|
|
217
|
+
aesgcm = AESGCM(aes_key)
|
|
218
|
+
decrypted_data = aesgcm.decrypt(iv, ciphertext_with_tag, None)
|
|
219
|
+
except Exception as aes_error:
|
|
220
|
+
self.logger.error("AES-GCM解密失败", {'error': str(aes_error)})
|
|
221
|
+
return None
|
|
203
222
|
|
|
204
223
|
# 解析JSON
|
|
205
|
-
|
|
206
|
-
|
|
224
|
+
try:
|
|
225
|
+
payload = json.loads(decrypted_data.decode('utf-8'))
|
|
226
|
+
return payload
|
|
227
|
+
except json.JSONDecodeError as json_error:
|
|
228
|
+
self.logger.error("JSON解析失败", {'error': str(json_error)})
|
|
229
|
+
return None
|
|
207
230
|
|
|
208
231
|
except Exception as e:
|
|
209
|
-
self.logger.error(
|
|
232
|
+
self.logger.error("解密失败", {'error': str(e)})
|
|
210
233
|
return None
|
|
211
234
|
|
|
212
235
|
|
|
@@ -260,7 +283,7 @@ class Validator:
|
|
|
260
283
|
return True
|
|
261
284
|
|
|
262
285
|
except Exception as e:
|
|
263
|
-
self.logger.error(
|
|
286
|
+
self.logger.error("Nonce验证失败", {'error': str(e)})
|
|
264
287
|
return False
|
|
265
288
|
|
|
266
289
|
def validate(self, payload: Dict[str, Any]) -> bool:
|
|
@@ -362,6 +385,25 @@ class OptimizedCryptoManager:
|
|
|
362
385
|
"""
|
|
363
386
|
return self.crypto_service.decrypt_token(encrypted_token)
|
|
364
387
|
|
|
388
|
+
def validate_payload(self, payload: Dict[str, Any]) -> bool:
|
|
389
|
+
"""
|
|
390
|
+
验证解密后的载荷数据
|
|
391
|
+
|
|
392
|
+
Args:
|
|
393
|
+
payload: 解密后的载荷数据
|
|
394
|
+
|
|
395
|
+
Returns:
|
|
396
|
+
验证是否通过
|
|
397
|
+
"""
|
|
398
|
+
if not payload:
|
|
399
|
+
return False
|
|
400
|
+
|
|
401
|
+
try:
|
|
402
|
+
return self.validator.validate(payload)
|
|
403
|
+
except Exception as e:
|
|
404
|
+
self.logger.error("载荷验证异常", {'error': str(e)})
|
|
405
|
+
return False
|
|
406
|
+
|
|
365
407
|
def get_public_key(self) -> Optional[str]:
|
|
366
408
|
"""获取PEM格式的公钥字符串"""
|
|
367
409
|
return self.key_manager.get_public_key()
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
mdbq/__init__.py,sha256=Il5Q9ATdX8yXqVxtP_nYqUhExzxPC_qk_WXQ_4h0exg,16
|
|
2
|
-
mdbq/__version__.py,sha256=
|
|
2
|
+
mdbq/__version__.py,sha256=jp1E2MHjKBlC7Viq_dGjHn-n6wM-iPGTZ_L6qNhwcwc,19
|
|
3
3
|
mdbq/auth/__init__.py,sha256=pnPMAt63sh1B6kEvmutUuro46zVf2v2YDAG7q-jV_To,24
|
|
4
|
-
mdbq/auth/auth_backend.py,sha256=
|
|
5
|
-
mdbq/auth/crypto.py,sha256=
|
|
4
|
+
mdbq/auth/auth_backend.py,sha256=n-oarg5Gv_vM2OjZvPqMyqnHCjPeBqV5eXp-WoAk6cM,99909
|
|
5
|
+
mdbq/auth/crypto.py,sha256=fcZRFCnrKVVdWDUx_zds51ynFYwS9DBvJOrRQVldrfM,15931
|
|
6
6
|
mdbq/auth/rate_limiter.py,sha256=1m_Paxp8pDNpmyoFGRpFMVOJpbmeIvfVcfiQ2oH72qM,32850
|
|
7
7
|
mdbq/js/__init__.py,sha256=hpMi3_ZKwIWkzc0LnKL-SY9AS-7PYFHq0izYTgEvxjc,30
|
|
8
8
|
mdbq/js/jc.py,sha256=6Rgf1WqaJJ1oevpn-pt08gXKbX5hjoQaV6uZGCAGbYw,13177
|
|
@@ -35,7 +35,7 @@ mdbq/route/routes.py,sha256=QVGfTvDgu0CpcKCvk1ra74H8uojgqTLUav1fnVAqLEA,29433
|
|
|
35
35
|
mdbq/selenium/__init__.py,sha256=AKzeEceqZyvqn2dEDoJSzDQnbuENkJSHAlbHAD0u0ZI,10
|
|
36
36
|
mdbq/selenium/get_driver.py,sha256=1NTlVUE6QsyjTrVVVqTO2LOnYf578ccFWlWnvIXGtic,20903
|
|
37
37
|
mdbq/spider/__init__.py,sha256=RBMFXGy_jd1HXZhngB2T2XTvJqki8P_Fr-pBcwijnew,18
|
|
38
|
-
mdbq-4.0.
|
|
39
|
-
mdbq-4.0.
|
|
40
|
-
mdbq-4.0.
|
|
41
|
-
mdbq-4.0.
|
|
38
|
+
mdbq-4.0.129.dist-info/METADATA,sha256=DB7USbwiD3-cSUA6AFusybJuOShQakubfaTA6RFFYRo,365
|
|
39
|
+
mdbq-4.0.129.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
40
|
+
mdbq-4.0.129.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
|
|
41
|
+
mdbq-4.0.129.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|