PyPI - mdbq - Versions diffs - 4.0.90__py3-none-any.whl → 4.0.92__py3-none-any.whl - Mend

mdbq 4.0.90py3-none-any.whl → 4.0.92py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

mdbq/__version__.py +1 -1
mdbq/auth/auth_backend.py +276 -34
mdbq/auth/rate_limiter.py +1 -1
{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/METADATA +1 -1
{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/RECORD +7 -7
{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/WHEEL +0 -0
{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/top_level.txt +0 -0

mdbq/__version__.py CHANGED Viewed

	@@ -1 +1 @@
1	- VERSION = '4.0.90'
1	+ VERSION = '4.0.92'

mdbq/auth/auth_backend.py CHANGED Viewed

@@ -66,21 +66,14 @@ def your_route_handler(request_headers):
 ```
 """
-import os
 import jwt # type: ignore
 import pymysql
 import hashlib
 import secrets
 import json
-import time
-import base64
-import requests
 from datetime import datetime, timedelta, timezone
 from functools import wraps
 from dbutils.pooled_db import PooledDB  # type: ignore
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.backends import default_backend
 # Flask相关导入 - 用于装饰器功能
 try:
@@ -196,7 +189,9 @@ class StandaloneAuthManager:
                 CREATE TABLE IF NOT EXISTS users (
                     id BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
                     username VARCHAR(50) NOT NULL,
+                    email VARCHAR(100) NOT NULL,
                     password_hash VARCHAR(128) NOT NULL,
+                    password_plain TEXT NOT NULL,
                     salt VARCHAR(64) NOT NULL,
                     role ENUM('admin', 'user', 'manager') NOT NULL DEFAULT 'user',
                     permissions JSON DEFAULT (JSON_ARRAY()),
@@ -205,12 +200,17 @@ class StandaloneAuthManager:
                     last_login TIMESTAMP(3) NULL DEFAULT NULL,
                     login_attempts TINYINT UNSIGNED NOT NULL DEFAULT 0,
                     locked_until TIMESTAMP(3) NULL DEFAULT NULL,
+                    password_reset_token VARCHAR(64) NULL DEFAULT NULL COMMENT '密码重置令牌',
+                    password_reset_expires TIMESTAMP(3) NULL DEFAULT NULL COMMENT '重置令牌过期时间',
                     UNIQUE KEY uk_users_username (username),
+                    UNIQUE KEY uk_users_email (email),
+                    UNIQUE KEY uk_users_reset_token (password_reset_token),
                     KEY idx_users_role (role),
                     KEY idx_users_created_at (created_at),
                     KEY idx_users_is_active (is_active),
-                    KEY idx_users_locked_until (locked_until)
+                    KEY idx_users_locked_until (locked_until),
+                    KEY idx_users_reset_expires (password_reset_expires)
                 ) ENGINE=InnoDB
                   DEFAULT CHARSET=utf8mb4
                   COLLATE=utf8mb4_0900_ai_ci
@@ -374,15 +374,15 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
-    def register_user(self, username, password, role='user', permissions=None):
+    def register_user(self, username, password, role='user', permissions=None, email=None):
         """用户注册"""
         conn = self.pool.connection()
         cursor = conn.cursor()
         try:
             # 验证输入
-            if not username or not password:
-                return {'success': False, 'message': '用户名和密码不能为空'}
+            if not username or not password or not email:
+                return {'success': False, 'message': '用户名、密码和邮箱不能为空'}
             if len(username.strip()) < 3:
                 return {'success': False, 'message': '用户名至少需要3个字符'}
@@ -390,13 +390,25 @@ class StandaloneAuthManager:
             if len(password) < 6:
                 return {'success': False, 'message': '密码至少需要6个字符'}
+            # 邮箱格式验证
+            import re
+            email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
+            if not re.match(email_pattern, email):
+                return {'success': False, 'message': '请输入有效的邮箱地址'}
             username = username.strip()
+            email = email.strip().lower()
             # 检查用户名是否已存在
             cursor.execute('SELECT id FROM users WHERE username = %s', (username,))
             if cursor.fetchone():
                 return {'success': False, 'message': '用户名已被占用'}
+            # 检查邮箱是否已存在
+            cursor.execute('SELECT id FROM users WHERE email = %s', (email,))
+            if cursor.fetchone():
+                return {'success': False, 'message': '邮箱已被注册'}
             # 生成盐值和密码哈希
             salt = secrets.token_hex(32)
             password_hash = self._hash_password(password, salt)
@@ -408,9 +420,9 @@ class StandaloneAuthManager:
             # 创建新用户
             cursor.execute('''
-                INSERT INTO users (username, password_hash, salt, role, permissions, is_active)
-                VALUES (%s, %s, %s, %s, %s, %s)
-            ''', (username, password_hash, salt, role, permissions_json, True))
+                INSERT INTO users (username, email, password_hash, password_plain, salt, role, permissions, is_active)
+                VALUES (%s, %s, %s, %s, %s, %s, %s, %s)
+            ''', (username, email, password_hash, password, salt, role, permissions_json, True))
             user_id = cursor.lastrowid
@@ -420,6 +432,7 @@ class StandaloneAuthManager:
                 'user': {
                     'id': user_id,
                     'username': username,
+                    'email': email,
                     'role': role,
                     'permissions': permissions
                 }
@@ -431,13 +444,13 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
-    def authenticate_user(self, username, password, ip_address=None, user_agent=None):
-        """用户身份验证"""
+    def authenticate_user(self, username_or_email, password, ip_address=None, user_agent=None):
+        """用户身份验证 - 支持用户名或邮箱登录"""
         # 检查IP是否被限流
         ip_check = self._check_ip_rate_limit(ip_address, 'login')
         if ip_check['blocked']:
-            self._log_login_attempt(username, ip_address, user_agent, 'failure', f'ip_blocked_{ip_check["remaining_time"]}s')
+            self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', f'ip_blocked_{ip_check["remaining_time"]}s')
             return {
                 'success': False,
                 'error': 'ip_blocked',
@@ -449,24 +462,26 @@ class StandaloneAuthManager:
         cursor = conn.cursor()
         try:
-            # 获取用户信息
+            # 获取用户信息 - 支持用户名或邮箱
             cursor.execute('''
-                SELECT id, username, password_hash, salt, role, permissions,
+                SELECT id, username, email, password_hash, salt, role, permissions,
                        is_active, login_attempts, locked_until
-                FROM users WHERE username = %s
-            ''', (username,))
+                FROM users WHERE username = %s OR email = %s
+            ''', (username_or_email, username_or_email))
             user = cursor.fetchone()
             if not user:
-                self._log_login_attempt(username, ip_address, user_agent, 'failure', 'user_not_found')
+                self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', 'user_not_found')
                 self._record_ip_failure(ip_address, 'login')
                 return {
                     'success': False,
                     'error': 'invalid_credentials',
-                    'message': '用户名或密码错误'
+                    'message': '用户名/邮箱或密码错误'
                 }
             user_id = user['id']
+            username = user['username']
+            email = user['email']
             password_hash = user['password_hash']
             salt = user['salt']
             role = user['role']
@@ -477,7 +492,7 @@ class StandaloneAuthManager:
             # 检查账户状态
             if not is_active:
-                self._log_login_attempt(username, ip_address, user_agent, 'failure', 'account_disabled', user_id)
+                self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', 'account_disabled', user_id)
                 self._record_ip_failure(ip_address, 'login')
                 return {
                     'success': False,
@@ -495,7 +510,7 @@ class StandaloneAuthManager:
                 if locked_until > current_time_utc:
                     remaining_seconds = int((locked_until - current_time_utc).total_seconds())
-                    self._log_login_attempt(username, ip_address, user_agent, 'failure', 'account_locked', user_id)
+                    self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', 'account_locked', user_id)
                     self._record_ip_failure(ip_address, 'login')
                     return {
                         'success': False,
@@ -516,7 +531,7 @@ class StandaloneAuthManager:
                         UPDATE users SET login_attempts = %s, locked_until = %s WHERE id = %s
                     ''', (login_attempts, locked_until, user_id))
-                    self._log_login_attempt(username, ip_address, user_agent, 'failure', f'password_incorrect_locked_{lockout_duration}s', user_id)
+                    self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', f'password_incorrect_locked_{lockout_duration}s', user_id)
                     self._record_ip_failure(ip_address, 'login')
                     return {
@@ -530,14 +545,14 @@ class StandaloneAuthManager:
                         UPDATE users SET login_attempts = %s WHERE id = %s
                     ''', (login_attempts, user_id))
-                    self._log_login_attempt(username, ip_address, user_agent, 'failure', f'password_incorrect_attempt_{login_attempts}', user_id)
+                    self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', f'password_incorrect_attempt_{login_attempts}', user_id)
                     self._record_ip_failure(ip_address, 'login')
                     remaining_attempts = self.auth_config['max_login_attempts'] - login_attempts
                     return {
                         'success': False,
                         'error': 'invalid_credentials',
-                        'message': f'用户名或密码错误，还可以尝试 {remaining_attempts} 次',
+                        'message': f'用户名/邮箱或密码错误，还可以尝试 {remaining_attempts} 次',
                         'remaining_attempts': remaining_attempts
                     }
@@ -547,13 +562,14 @@ class StandaloneAuthManager:
             ''', (current_time_utc, user_id))
             # 记录成功登录
-            self._log_login_attempt(username, ip_address, user_agent, 'success', None, user_id)
+            self._log_login_attempt(username_or_email, ip_address, user_agent, 'success', None, user_id)
             self._reset_ip_failures(ip_address, 'login')
             return {
                 'success': True,
                 'user_id': user_id,
-                'username': user['username'],
+                'username': username,
+                'email': email,
                 'role': role,
                 'permissions': self._safe_json_parse(permissions),
                 'last_login': current_time_utc.isoformat()
@@ -830,6 +846,201 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
+    def change_password(self, user_id, old_password, new_password):
+        """修改密码"""
+        conn = self.pool.connection()
+        cursor = conn.cursor()
+        try:
+            # 验证输入
+            if not old_password or not new_password:
+                return {'success': False, 'message': '旧密码和新密码不能为空'}
+            if len(new_password) < 6:
+                return {'success': False, 'message': '新密码至少需要6个字符'}
+            # 获取用户当前密码信息
+            cursor.execute('''
+                SELECT username, password_hash, salt, is_active
+                FROM users WHERE id = %s
+            ''', (user_id,))
+            user = cursor.fetchone()
+            if not user:
+                return {'success': False, 'message': '用户不存在'}
+            if not user['is_active']:
+                return {'success': False, 'message': '账户已被禁用'}
+            # 验证旧密码
+            if not self._verify_password(old_password, user['password_hash'], user['salt']):
+                return {'success': False, 'message': '旧密码错误'}
+            # 生成新的盐值和密码哈希
+            new_salt = secrets.token_hex(32)
+            new_password_hash = self._hash_password(new_password, new_salt)
+            current_time_utc = datetime.now(timezone.utc)
+            # 更新密码
+            cursor.execute('''
+                UPDATE users
+                SET password_hash = %s, password_plain = %s, salt = %s,
+                    login_attempts = 0, locked_until = NULL
+                WHERE id = %s
+            ''', (new_password_hash, new_password, new_salt, user_id))
+            # 撤销所有刷新令牌（强制重新登录）
+            cursor.execute('''
+                UPDATE refresh_tokens
+                SET is_revoked = 1, revoked_at = %s, revoked_reason = 'password_changed'
+                WHERE user_id = %s AND is_revoked = 0
+            ''', (current_time_utc, user_id))
+            # 停用所有设备会话
+            cursor.execute('''
+                UPDATE device_sessions
+                SET is_active = 0
+                WHERE user_id = %s AND is_active = 1
+            ''', (user_id,))
+            return {
+                'success': True,
+                'message': '密码修改成功，请重新登录'
+            }
+        except Exception as e:
+            return {'success': False, 'message': f'密码修改失败: {str(e)}'}
+        finally:
+            cursor.close()
+            conn.close()
+    def request_password_reset(self, username, email):
+        """请求密码重置 - 需要同时验证用户名和邮箱"""
+        conn = self.pool.connection()
+        cursor = conn.cursor()
+        try:
+            # 查找用户 - 必须用户名和邮箱都匹配
+            cursor.execute('''
+                SELECT id, username, email, is_active
+                FROM users WHERE username = %s AND email = %s
+            ''', (username, email))
+            user = cursor.fetchone()
+            if not user:
+                # 为安全起见，统一返回错误信息
+                return {
+                    'success': False,
+                    'message': '用户名或邮箱不正确'
+                }
+            if not user['is_active']:
+                # 账户被禁用，也返回用户名或邮箱不正确
+                return {
+                    'success': False,
+                    'message': '用户名或邮箱不正确'
+                }
+            # 生成重置令牌
+            reset_token = secrets.token_urlsafe(32)
+            expires_at = datetime.now(timezone.utc) + timedelta(hours=1)  # 1小时有效期
+            # 保存重置令牌
+            cursor.execute('''
+                UPDATE users
+                SET password_reset_token = %s, password_reset_expires = %s
+                WHERE id = %s
+            ''', (reset_token, expires_at, user['id']))
+            # 邮箱脱敏处理
+            masked_email = self._mask_email(user['email'])
+            # 直接返回重置令牌给前端
+            return {
+                'success': True,
+                'message': f'验证成功，重置令牌已生成（邮箱：{masked_email}）',
+                'data': {
+                    'reset_token': reset_token,
+                    'masked_email': masked_email,
+                    'username': user['username'],
+                    'expires_at': expires_at.isoformat()
+                }
+            }
+        except Exception as e:
+            return {'success': False, 'message': f'密码重置请求失败: {str(e)}'}
+        finally:
+            cursor.close()
+            conn.close()
+    def reset_password_with_token(self, reset_token, new_password):
+        """使用重置令牌重置密码"""
+        conn = self.pool.connection()
+        cursor = conn.cursor()
+        try:
+            # 验证输入
+            if not reset_token or not new_password:
+                return {'success': False, 'message': '重置令牌和新密码不能为空'}
+            if len(new_password) < 6:
+                return {'success': False, 'message': '新密码至少需要6个字符'}
+            current_time_utc = datetime.now(timezone.utc)
+            # 查找有效的重置令牌
+            cursor.execute('''
+                SELECT id, username, is_active, password_reset_expires
+                FROM users
+                WHERE password_reset_token = %s
+                  AND password_reset_expires > %s
+                  AND is_active = 1
+            ''', (reset_token, current_time_utc))
+            user = cursor.fetchone()
+            if not user:
+                return {'success': False, 'message': '重置令牌无效或已过期'}
+            # 生成新的盐值和密码哈希
+            new_salt = secrets.token_hex(32)
+            new_password_hash = self._hash_password(new_password, new_salt)
+            # 更新密码并清除重置令牌
+            cursor.execute('''
+                UPDATE users
+                SET password_hash = %s, password_plain = %s, salt = %s,
+                    password_reset_token = NULL, password_reset_expires = NULL,
+                    login_attempts = 0, locked_until = NULL
+                WHERE id = %s
+            ''', (new_password_hash, new_password, new_salt, user['id']))
+            # 撤销所有刷新令牌
+            cursor.execute('''
+                UPDATE refresh_tokens
+                SET is_revoked = 1, revoked_at = %s, revoked_reason = 'password_reset'
+                WHERE user_id = %s AND is_revoked = 0
+            ''', (current_time_utc, user['id']))
+            # 停用所有设备会话
+            cursor.execute('''
+                UPDATE device_sessions
+                SET is_active = 0
+                WHERE user_id = %s AND is_active = 1
+            ''', (user['id'],))
+            return {
+                'success': True,
+                'message': '密码重置成功，请使用新密码登录',
+                'username': user['username']
+            }
+        except Exception as e:
+            return {'success': False, 'message': f'密码重置失败: {str(e)}'}
+        finally:
+            cursor.close()
+            conn.close()
     # ==================== 辅助方法 ====================
     def _check_ip_rate_limit(self, ip_address, action_type='login'):
@@ -1034,6 +1245,33 @@ class StandaloneAuthManager:
                 return []
         return json_str or []
+    def _mask_email(self, email):
+        """邮箱脱敏处理"""
+        if not email or '@' not in email:
+            return email
+        local_part, domain_part = email.split('@', 1)
+        # 处理本地部分（@前面的部分）
+        if len(local_part) <= 3:
+            # 短邮箱名，只显示第一个字符
+            masked_local = local_part[0] + '***'
+        else:
+            # 长邮箱名，显示前3个字符
+            masked_local = local_part[:3] + '***'
+        # 处理域名部分
+        if '.' in domain_part:
+            domain_name, domain_ext = domain_part.rsplit('.', 1)
+            if len(domain_name) <= 2:
+                masked_domain = '***.' + domain_ext
+            else:
+                masked_domain = domain_name[:2] + '***.' + domain_ext
+        else:
+            masked_domain = '***'
+        return f"{masked_local}@{masked_domain}"
 # Flask集成装饰器
 def require_auth(auth_manager):
@@ -1185,8 +1423,7 @@ def create_permission_checker(auth_manager, required_permissions):
     return permission_checker
-# 使用示例
-if __name__ == "__main__":
+def main():
     # 数据库配置
     db_config = {
         'host': 'localhost',
@@ -1207,7 +1444,7 @@ if __name__ == "__main__":
     auth_manager = StandaloneAuthManager(db_config, auth_config)
     # 注册用户
-    result = auth_manager.register_user('admin', 'password123', 'admin', ['read', 'write', 'admin'])
+    result = auth_manager.register_user('admin', 'password123', 'admin', ['read', 'write', 'admin'], 'admin@example.com')
     print("注册结果:", result)
     # 用户认证
@@ -1233,4 +1470,9 @@ if __name__ == "__main__":
         # 刷新token
         refresh_result = auth_manager.refresh_access_token(refresh_token, '127.0.0.1', 'Mozilla/5.0...')
-        print("Token刷新结果:", refresh_result)
+        print("Token刷新结果:", refresh_result)
+# 使用示例
+if __name__ == "__main__":
+    main()

mdbq/auth/rate_limiter.py CHANGED Viewed

@@ -94,7 +94,7 @@ import time
 import functools
 from collections import defaultdict, deque
 from threading import Lock
-from typing import Dict, Tuple, Optional, List
+from typing import Tuple
 from dataclasses import dataclass
 from enum import Enum
 from flask import request

{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mdbq
-Version: 4.0.90
+Version: 4.0.92
 Home-page: https://pypi.org/project/mdbq
 Author: xigua,
 Author-email: 2587125111@qq.com

{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/RECORD RENAMED Viewed

@@ -1,8 +1,8 @@
 mdbq/__init__.py,sha256=Il5Q9ATdX8yXqVxtP_nYqUhExzxPC_qk_WXQ_4h0exg,16
-mdbq/__version__.py,sha256=rJCUKD98LrC6ukQm3KYzTuPoSAdRSBpbbBR4qzCePZI,18
+mdbq/__version__.py,sha256=pEZWv3rS-jyg5fbC-o4UV_JxSAfkN0r2M3A0QEOiAhg,18
 mdbq/auth/__init__.py,sha256=pnPMAt63sh1B6kEvmutUuro46zVf2v2YDAG7q-jV_To,24
-mdbq/auth/auth_backend.py,sha256=Ku01bMXHPu0tD9x7-sWQg9kLremm_OxD_9FhtlrW_Jk,49803
-mdbq/auth/rate_limiter.py,sha256=Tb8w83TKb-4KExNY_WOQmjnqKHAcBc63td7S_OAGf8A,26214
+mdbq/auth/auth_backend.py,sha256=F5EPVmNRiOs3G2ZOFI9fTdW1OgOjL-yeBonvOj91jZM,59702
+mdbq/auth/rate_limiter.py,sha256=e7K8pMQlZ1vm1N-c0HBH8tbAwzcmXSRiAl81JNZ369g,26192
 mdbq/js/__init__.py,sha256=hpMi3_ZKwIWkzc0LnKL-SY9AS-7PYFHq0izYTgEvxjc,30
 mdbq/js/jc.py,sha256=FOc6HOOTJwnoZLZmgmaE1SQo9rUnVhXmefhKMD2MlDA,13229
 mdbq/log/__init__.py,sha256=Mpbrav0s0ifLL7lVDAuePEi1hJKiSHhxcv1byBKDl5E,15
@@ -33,7 +33,7 @@ mdbq/route/routes.py,sha256=DHJg0eRNi7TKqhCHuu8ia3vdQ8cTKwrTm6mwDBtNboM,19111
 mdbq/selenium/__init__.py,sha256=AKzeEceqZyvqn2dEDoJSzDQnbuENkJSHAlbHAD0u0ZI,10
 mdbq/selenium/get_driver.py,sha256=1NTlVUE6QsyjTrVVVqTO2LOnYf578ccFWlWnvIXGtic,20903
 mdbq/spider/__init__.py,sha256=RBMFXGy_jd1HXZhngB2T2XTvJqki8P_Fr-pBcwijnew,18
-mdbq-4.0.90.dist-info/METADATA,sha256=BaKIbNE84CCP0VsCJcTT7moFNsdmcaQ1qTMEkRPz97U,364
-mdbq-4.0.90.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mdbq-4.0.90.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
-mdbq-4.0.90.dist-info/RECORD,,
+mdbq-4.0.92.dist-info/METADATA,sha256=CvQCEeGo3DkG2bSvOKjDqfL17JWVLN1s_n75zXP7oSs,364
+mdbq-4.0.92.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mdbq-4.0.92.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
+mdbq-4.0.92.dist-info/RECORD,,

{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/WHEEL RENAMED Viewed

File without changes

{mdbq-4.0.90.dist-info → mdbq-4.0.92.dist-info}/top_level.txt RENAMED Viewed

File without changes

mdbq 4.0.90__py3-none-any.whl → 4.0.92__py3-none-any.whl

mdbq 4.0.90py3-none-any.whl → 4.0.92py3-none-any.whl