mdbq 4.0.91__py3-none-any.whl → 4.0.93__py3-none-any.whl

mdbq/__version__.py

@@ -1 +1 @@
-VERSION = '4.0.91'
+VERSION = '4.0.93'

mdbq/auth/auth_backend.py

@@ -189,6 +189,7 @@ class StandaloneAuthManager:
                 CREATE TABLE IF NOT EXISTS users (
                     id BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
                     username VARCHAR(50) NOT NULL,
+                    email VARCHAR(100) NOT NULL,
                     password_hash VARCHAR(128) NOT NULL,
                     password_plain TEXT NOT NULL,
                     salt VARCHAR(64) NOT NULL,
@@ -203,6 +204,7 @@ class StandaloneAuthManager:
                     password_reset_expires TIMESTAMP(3) NULL DEFAULT NULL COMMENT '重置令牌过期时间',
                     
                     UNIQUE KEY uk_users_username (username),
+                    UNIQUE KEY uk_users_email (email),
                     UNIQUE KEY uk_users_reset_token (password_reset_token),
                     KEY idx_users_role (role),
                     KEY idx_users_created_at (created_at),
@@ -372,15 +374,15 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
     
-    def register_user(self, username, password, role='user', permissions=None):
+    def register_user(self, username, password, role='user', permissions=None, email=None):
         """用户注册"""
         conn = self.pool.connection()
         cursor = conn.cursor()
         
         try:
             # 验证输入
-            if not username or not password:
-                return {'success': False, 'message': '用户名和密码不能为空'}
+            if not username or not password or not email:
+                return {'success': False, 'message': '用户名、密码和邮箱不能为空'}
             
             if len(username.strip()) < 3:
                 return {'success': False, 'message': '用户名至少需要3个字符'}
@@ -388,13 +390,25 @@ class StandaloneAuthManager:
             if len(password) < 6:
                 return {'success': False, 'message': '密码至少需要6个字符'}
             
+            # 邮箱格式验证
+            import re
+            email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
+            if not re.match(email_pattern, email):
+                return {'success': False, 'message': '请输入有效的邮箱地址'}
+            
             username = username.strip()
+            email = email.strip().lower()
             
             # 检查用户名是否已存在
             cursor.execute('SELECT id FROM users WHERE username = %s', (username,))
             if cursor.fetchone():
                 return {'success': False, 'message': '用户名已被占用'}
             
+            # 检查邮箱是否已存在
+            cursor.execute('SELECT id FROM users WHERE email = %s', (email,))
+            if cursor.fetchone():
+                return {'success': False, 'message': '邮箱已被注册'}
+            
             # 生成盐值和密码哈希
             salt = secrets.token_hex(32)
             password_hash = self._hash_password(password, salt)
@@ -406,9 +420,9 @@ class StandaloneAuthManager:
             
             # 创建新用户
             cursor.execute('''
-                INSERT INTO users (username, password_hash, password_plain, salt, role, permissions, is_active)
-                VALUES (%s, %s, %s, %s, %s, %s, %s)
-            ''', (username, password_hash, password, salt, role, permissions_json, True))
+                INSERT INTO users (username, email, password_hash, password_plain, salt, role, permissions, is_active)
+                VALUES (%s, %s, %s, %s, %s, %s, %s, %s)
+            ''', (username, email, password_hash, password, salt, role, permissions_json, True))
             
             user_id = cursor.lastrowid
             
@@ -418,6 +432,7 @@ class StandaloneAuthManager:
                 'user': {
                     'id': user_id,
                     'username': username,
+                    'email': email,
                     'role': role,
                     'permissions': permissions
                 }
@@ -429,13 +444,13 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
     
-    def authenticate_user(self, username, password, ip_address=None, user_agent=None):
-        """用户身份验证"""
+    def authenticate_user(self, username_or_email, password, ip_address=None, user_agent=None):
+        """用户身份验证 - 支持用户名或邮箱登录"""
         
         # 检查IP是否被限流
         ip_check = self._check_ip_rate_limit(ip_address, 'login')
         if ip_check['blocked']:
-            self._log_login_attempt(username, ip_address, user_agent, 'failure', f'ip_blocked_{ip_check["remaining_time"]}s')
+            self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', f'ip_blocked_{ip_check["remaining_time"]}s')
             return {
                 'success': False,
                 'error': 'ip_blocked',
@@ -447,24 +462,26 @@ class StandaloneAuthManager:
         cursor = conn.cursor()
         
         try:
-            # 获取用户信息
+            # 获取用户信息 - 支持用户名或邮箱
             cursor.execute('''
-                SELECT id, username, password_hash, salt, role, permissions, 
+                SELECT id, username, email, password_hash, salt, role, permissions, 
                        is_active, login_attempts, locked_until
-                FROM users WHERE username = %s
-            ''', (username,))
+                FROM users WHERE username = %s OR email = %s
+            ''', (username_or_email, username_or_email))
             
             user = cursor.fetchone()
             if not user:
-                self._log_login_attempt(username, ip_address, user_agent, 'failure', 'user_not_found')
+                self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', 'user_not_found')
                 self._record_ip_failure(ip_address, 'login')
                 return {
                     'success': False,
                     'error': 'invalid_credentials',
-                    'message': '用户名或密码错误'
+                    'message': '用户名/邮箱或密码错误'
                 }
             
             user_id = user['id']
+            username = user['username']
+            email = user['email']
             password_hash = user['password_hash']
             salt = user['salt']
             role = user['role']
@@ -475,7 +492,7 @@ class StandaloneAuthManager:
             
             # 检查账户状态
             if not is_active:
-                self._log_login_attempt(username, ip_address, user_agent, 'failure', 'account_disabled', user_id)
+                self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', 'account_disabled', user_id)
                 self._record_ip_failure(ip_address, 'login')
                 return {
                     'success': False,
@@ -493,7 +510,7 @@ class StandaloneAuthManager:
                 
                 if locked_until > current_time_utc:
                     remaining_seconds = int((locked_until - current_time_utc).total_seconds())
-                    self._log_login_attempt(username, ip_address, user_agent, 'failure', 'account_locked', user_id)
+                    self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', 'account_locked', user_id)
                     self._record_ip_failure(ip_address, 'login')
                     return {
                         'success': False,
@@ -514,7 +531,7 @@ class StandaloneAuthManager:
                         UPDATE users SET login_attempts = %s, locked_until = %s WHERE id = %s
                     ''', (login_attempts, locked_until, user_id))
                     
-                    self._log_login_attempt(username, ip_address, user_agent, 'failure', f'password_incorrect_locked_{lockout_duration}s', user_id)
+                    self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', f'password_incorrect_locked_{lockout_duration}s', user_id)
                     self._record_ip_failure(ip_address, 'login')
                     
                     return {
@@ -528,14 +545,14 @@ class StandaloneAuthManager:
                         UPDATE users SET login_attempts = %s WHERE id = %s
                     ''', (login_attempts, user_id))
                     
-                    self._log_login_attempt(username, ip_address, user_agent, 'failure', f'password_incorrect_attempt_{login_attempts}', user_id)
+                    self._log_login_attempt(username_or_email, ip_address, user_agent, 'failure', f'password_incorrect_attempt_{login_attempts}', user_id)
                     self._record_ip_failure(ip_address, 'login')
                     
                     remaining_attempts = self.auth_config['max_login_attempts'] - login_attempts
                     return {
                         'success': False,
                         'error': 'invalid_credentials',
-                        'message': f'用户名或密码错误，还可以尝试 {remaining_attempts} 次',
+                        'message': f'用户名/邮箱或密码错误，还可以尝试 {remaining_attempts} 次',
                         'remaining_attempts': remaining_attempts
                     }
             
@@ -545,13 +562,14 @@ class StandaloneAuthManager:
             ''', (current_time_utc, user_id))
             
             # 记录成功登录
-            self._log_login_attempt(username, ip_address, user_agent, 'success', None, user_id)
+            self._log_login_attempt(username_or_email, ip_address, user_agent, 'success', None, user_id)
             self._reset_ip_failures(ip_address, 'login')
             
             return {
                 'success': True,
                 'user_id': user_id,
-                'username': user['username'],
+                'username': username,
+                'email': email,
                 'role': role,
                 'permissions': self._safe_json_parse(permissions),
                 'last_login': current_time_utc.isoformat()
@@ -897,28 +915,61 @@ class StandaloneAuthManager:
             cursor.close()
             conn.close()
     
-    def request_password_reset(self, username):
-        """请求密码重置"""
+    def get_user_masked_email(self, username):
+        """根据用户名获取脱敏邮箱（用于忘记密码提示）"""
         conn = self.pool.connection()
         cursor = conn.cursor()
         
         try:
-            # 查找用户
+            # 查找用户邮箱
             cursor.execute('''
-                SELECT id, username, is_active
+                SELECT email, is_active
                 FROM users WHERE username = %s
             ''', (username,))
             
+            user = cursor.fetchone()
+            if not user or not user['is_active']:
+                return {'success': False, 'message': '用户不存在'}
+            
+            # 返回脱敏邮箱
+            masked_email = self._mask_email(user['email'])
+            return {
+                'success': True,
+                'masked_email': masked_email
+            }
+            
+        except Exception as e:
+            return {'success': False, 'message': f'查询用户邮箱失败: {str(e)}'}
+        finally:
+            cursor.close()
+            conn.close()
+
+    def request_password_reset(self, username, email):
+        """请求密码重置 - 需要同时验证用户名和邮箱"""
+        conn = self.pool.connection()
+        cursor = conn.cursor()
+        
+        try:
+            # 查找用户 - 必须用户名和邮箱都匹配
+            cursor.execute('''
+                SELECT id, username, email, is_active
+                FROM users WHERE username = %s AND email = %s
+            ''', (username, email))
+            
             user = cursor.fetchone()
             if not user:
-                # 为安全起见，即使用户不存在也返回成功消息
+                # 为安全起见，统一返回错误信息
                 return {
-                    'success': True, 
-                    'message': '如果该用户存在，重置链接已发送到相关联系方式'
+                    'success': False, 
+                    'message': '用户名或邮箱不正确'
                 }
             
             if not user['is_active']:
-                return {'success': False, 'message': '账户已被禁用'}
+                # 账户被禁用，也返回用户名或邮箱不正确
+                return {
+                    'success': False, 
+                    'message': '用户名或邮箱不正确'
+                }
             
             # 生成重置令牌
             reset_token = secrets.token_urlsafe(32)
@@ -931,11 +982,19 @@ class StandaloneAuthManager:
                 WHERE id = %s
             ''', (reset_token, expires_at, user['id']))
             
+            # 邮箱脱敏处理
+            masked_email = self._mask_email(user['email'])
+            
+            # 直接返回重置令牌给前端
             return {
                 'success': True,
-                'message': '重置链接已生成',
-                'reset_token': reset_token,  # 实际应用中应该通过邮件发送
-                'username': user['username']
+                'message': f'验证成功，重置令牌已生成（邮箱：{masked_email}）',
+                'data': {
+                    'reset_token': reset_token,
+                    'masked_email': masked_email,
+                    'username': user['username'],
+                    'expires_at': expires_at.isoformat()
+                }
             }
             
         except Exception as e:
@@ -1215,6 +1274,33 @@ class StandaloneAuthManager:
                 return []
         return json_str or []
 
+    def _mask_email(self, email):
+        """邮箱脱敏处理"""
+        if not email or '@' not in email:
+            return email
+        
+        local_part, domain_part = email.split('@', 1)
+        
+        # 处理本地部分（@前面的部分）
+        if len(local_part) <= 3:
+            # 短邮箱名，只显示第一个字符
+            masked_local = local_part[0] + '***'
+        else:
+            # 长邮箱名，显示前3个字符
+            masked_local = local_part[:3] + '***'
+        
+        # 处理域名部分
+        if '.' in domain_part:
+            domain_name, domain_ext = domain_part.rsplit('.', 1)
+            if len(domain_name) <= 2:
+                masked_domain = '***.' + domain_ext
+            else:
+                masked_domain = domain_name[:2] + '***.' + domain_ext
+        else:
+            masked_domain = '***'
+        
+        return f"{masked_local}@{masked_domain}"
+
 
 # Flask集成装饰器
 def require_auth(auth_manager):
@@ -1387,7 +1473,7 @@ def main():
     auth_manager = StandaloneAuthManager(db_config, auth_config)
     
     # 注册用户
-    result = auth_manager.register_user('admin', 'password123', 'admin', ['read', 'write', 'admin'])
+    result = auth_manager.register_user('admin', 'password123', 'admin', ['read', 'write', 'admin'], 'admin@example.com')
     print("注册结果:", result)
     
     # 用户认证

{mdbq-4.0.91.dist-info → mdbq-4.0.93.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mdbq
-Version: 4.0.91
+Version: 4.0.93
 Home-page: https://pypi.org/project/mdbq
 Author: xigua, 
 Author-email: 2587125111@qq.com

{mdbq-4.0.91.dist-info → mdbq-4.0.93.dist-info}/RECORD

@@ -1,7 +1,7 @@
 mdbq/__init__.py,sha256=Il5Q9ATdX8yXqVxtP_nYqUhExzxPC_qk_WXQ_4h0exg,16
-mdbq/__version__.py,sha256=k-Ojd9XAyoffKPd5ogyvzqZF_lbLJqX_MBLGwMbk2Ew,18
+mdbq/__version__.py,sha256=uqyWnqEalaBGkkETtbWm-C3KxKBrzkBLQ2EZWezDmE0,18
 mdbq/auth/__init__.py,sha256=pnPMAt63sh1B6kEvmutUuro46zVf2v2YDAG7q-jV_To,24
-mdbq/auth/auth_backend.py,sha256=RHWHeSjS2BMTIdtD1sV9idg2BzQ5F9AG3JS7ObFohns,57192
+mdbq/auth/auth_backend.py,sha256=4fbx8PehiW0BzEeJkye6a7KQcMeD1unPr4y5CFBGANI,60691
 mdbq/auth/rate_limiter.py,sha256=e7K8pMQlZ1vm1N-c0HBH8tbAwzcmXSRiAl81JNZ369g,26192
 mdbq/js/__init__.py,sha256=hpMi3_ZKwIWkzc0LnKL-SY9AS-7PYFHq0izYTgEvxjc,30
 mdbq/js/jc.py,sha256=FOc6HOOTJwnoZLZmgmaE1SQo9rUnVhXmefhKMD2MlDA,13229
@@ -33,7 +33,7 @@ mdbq/route/routes.py,sha256=DHJg0eRNi7TKqhCHuu8ia3vdQ8cTKwrTm6mwDBtNboM,19111
 mdbq/selenium/__init__.py,sha256=AKzeEceqZyvqn2dEDoJSzDQnbuENkJSHAlbHAD0u0ZI,10
 mdbq/selenium/get_driver.py,sha256=1NTlVUE6QsyjTrVVVqTO2LOnYf578ccFWlWnvIXGtic,20903
 mdbq/spider/__init__.py,sha256=RBMFXGy_jd1HXZhngB2T2XTvJqki8P_Fr-pBcwijnew,18
-mdbq-4.0.91.dist-info/METADATA,sha256=njj-Rq_D97tP__py-GgA4nlc8D3zPvHO4D63XXqOeKg,364
-mdbq-4.0.91.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mdbq-4.0.91.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
-mdbq-4.0.91.dist-info/RECORD,,
+mdbq-4.0.93.dist-info/METADATA,sha256=zZnnDF3T05r1AkarZURpxPtEOwkuYmJ9_Hy-_0CUq7M,364
+mdbq-4.0.93.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mdbq-4.0.93.dist-info/top_level.txt,sha256=2FQ-uLnCSB-OwFiWntzmwosW3X2Xqsg0ewh1axsaylA,5
+mdbq-4.0.93.dist-info/RECORD,,