PyPI - mdbq - Versions diffs - 4.1.2__py3-none-any.whl → 4.1.4__py3-none-any.whl - Mend - Supply Chain Defender

mdbq 4.1.2py3-none-any.whl → 4.1.4py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mdbq might be problematic. Click here for more details.

Files changed (11) hide show

mdbq/__version__.py +1 -1
mdbq/auth/auth_backend.py +440 -0
mdbq/myconf/myconf.py +30 -43
mdbq/mysql/s_query.py +1 -1
mdbq/redis/getredis.py +33 -28
mdbq/redis/redis_cache.py +103 -134
mdbq/route/monitor.py +58 -201
{mdbq-4.1.2.dist-info → mdbq-4.1.4.dist-info}/METADATA +1 -1
{mdbq-4.1.2.dist-info → mdbq-4.1.4.dist-info}/RECORD +11 -11
{mdbq-4.1.2.dist-info → mdbq-4.1.4.dist-info}/WHEEL +0 -0
{mdbq-4.1.2.dist-info → mdbq-4.1.4.dist-info}/top_level.txt +0 -0

mdbq/__version__.py CHANGED Viewed

	@@ -1 +1 @@
1	- VERSION = '4.1.2'
1	+ VERSION = '4.1.4'

mdbq/auth/auth_backend.py CHANGED Viewed

@@ -27,6 +27,12 @@ import re
 from datetime import datetime, timedelta, timezone
 from functools import wraps
 from dbutils.pooled_db import PooledDB  # type: ignore
+from PIL import Image, ImageDraw, ImageFilter, ImageEnhance
+import random
+import time
+import os
+import io
+import base64
 # Flask相关导入 - 用于装饰器功能
 try:
@@ -2247,6 +2253,440 @@ class StandaloneAuthManager:
             conn.close()
+class SlideCaptchaManager:
+    """滑块验证码管理器"""
+    def __init__(self, redis_client, slide_image_dir):
+        self.redis_client = redis_client
+        self.captcha_width = 300
+        self.captcha_height = 150
+        self.puzzle_size = 42
+        self.puzzle_tolerance = 8
+        self.expire_time = 300  # 5分钟过期
+        self.slide_image_dir = slide_image_dir
+    def generate_captcha(self, session_id):
+        """生成滑块验证码"""
+        try:
+            # 生成背景图片
+            background = self._create_background()
+            # 随机生成拼图位置
+            puzzle_x = random.randint(self.puzzle_size + 10, self.captcha_width - self.puzzle_size - 10)
+            puzzle_y = random.randint(10, self.captcha_height - self.puzzle_size - 10)
+            # 创建拼图形状
+            puzzle_img, puzzle_outline = self._create_puzzle_shape()
+            # 在背景上应用拼图轮廓
+            background_with_hole = background.copy()
+            self._apply_puzzle_hole(background_with_hole, puzzle_x, puzzle_y, puzzle_outline)
+            # 创建拼图块
+            puzzle_piece = self._extract_puzzle_piece(background, puzzle_x, puzzle_y, puzzle_img)
+            # 转换为base64
+            background_b64 = self._image_to_base64(background_with_hole)
+            puzzle_b64 = self._image_to_base64(puzzle_piece)
+            # 存储验证信息到Redis
+            captcha_data = {
+                'puzzle_x': puzzle_x,
+                'puzzle_y': puzzle_y,
+                'created_at': time.time(),
+                'attempts': 0,
+                'max_attempts': 3
+            }
+            self.redis_client.setex(
+                f"captcha:{session_id}",
+                self.expire_time,
+                json.dumps(captcha_data)
+            )
+            return {
+                'success': True,
+                'session_id': session_id,
+                'background': background_b64,
+                'puzzle': puzzle_b64,
+                'puzzle_y': puzzle_y,
+                'captcha_width': self.captcha_width,
+                'captcha_height': self.captcha_height
+            }
+        except Exception as e:
+            return {'success': False, 'message': '生成验证码失败'}
+    def verify_captcha(self, session_id, slide_x, slide_track, slide_time):
+        """验证滑块位置"""
+        try:
+            # 获取验证码信息
+            captcha_key = f"captcha:{session_id}"
+            captcha_data_str = self.redis_client.get(captcha_key)
+            if not captcha_data_str:
+                return {'success': False, 'message': '验证码已过期，请重新获取'}
+            captcha_data = json.loads(captcha_data_str)
+            # 检查尝试次数
+            captcha_data['attempts'] += 1
+            if captcha_data['attempts'] > captcha_data['max_attempts']:
+                self.redis_client.delete(captcha_key)
+                return {'success': False, 'message': '尝试次数过多，请重新获取验证码'}
+            # 验证滑动距离
+            expected_x = captcha_data['puzzle_x']
+            distance_error = abs(slide_x - expected_x)
+            # 验证滑动时间（防止机器人）
+            if slide_time < 0.3:  # 滑动时间太短
+                self._update_captcha_attempts(captcha_key, captcha_data)
+                return {'success': False, 'message': '校检失败'}
+            if slide_time > 60:  # 滑动时间太长
+                self._update_captcha_attempts(captcha_key, captcha_data)
+                return {'success': False, 'message': '校检失败'}
+            # 验证滑动轨迹（简单的轨迹分析）
+            if not self._validate_slide_track(slide_track, slide_x, slide_time):
+                self._update_captcha_attempts(captcha_key, captcha_data)
+                return {'success': False, 'message': '校检失败'}
+            # 验证位置精度
+            if distance_error <= self.puzzle_tolerance:
+                # 验证成功，删除验证码数据
+                self.redis_client.delete(captcha_key)
+                # 生成验证通过的token
+                verify_token = self._generate_verify_token(session_id)
+                self.redis_client.setex(
+                    f"captcha_verified:{session_id}",
+                    300,  # 5分钟内有效
+                    verify_token
+                )
+                return {
+                    'success': True,
+                    'message': '验证成功',
+                    'verify_token': verify_token
+                }
+            else:
+                # 更新尝试次数
+                self._update_captcha_attempts(captcha_key, captcha_data)
+                return {
+                    'success': False,
+                    'message': '校检失败',
+                    'attempts_left': captcha_data['max_attempts'] - captcha_data['attempts']
+                }
+        except Exception as e:
+            return {'success': False, 'message': '验证失败，请重试'}
+    def _create_background(self):
+        """创建背景图片"""
+        try:
+            # 如果文件夹不存在，创建文件夹并使用默认背景
+            if not os.path.exists(self.slide_image_dir):
+                os.makedirs(self.slide_image_dir, exist_ok=True)
+                return self._create_default_background()
+            # 获取所有支持的图片文件（jpg, jpeg, png）
+            image_files = [f for f in os.listdir(self.slide_image_dir)
+                          if f.lower().endswith(('.jpg', '.jpeg', '.png')) and os.path.isfile(os.path.join(self.slide_image_dir, f))]
+            if not image_files:
+                return self._create_default_background()
+            # 随机选择一张图片
+            selected_image = random.choice(image_files)
+            image_path = os.path.join(self.slide_image_dir, selected_image)
+            # 加载并处理背景图片
+            with Image.open(image_path) as bg_img:
+                # 转换为RGB模式（如果需要）
+                if bg_img.mode != 'RGB':
+                    bg_img = bg_img.convert('RGB')
+                # 智能裁剪图片到验证码尺寸，而不是简单缩放
+                background = self._smart_crop_image(bg_img, self.captcha_width, self.captcha_height)
+                # 添加轻微的滤镜效果，增加验证难度
+                background = background.filter(ImageFilter.GaussianBlur(radius=0.5))
+                # 调整亮度和对比度，确保拼图轮廓清晰可见
+                enhancer = ImageEnhance.Brightness(background)
+                background = enhancer.enhance(0.9)  # 稍微变暗
+                enhancer = ImageEnhance.Contrast(background)
+                background = enhancer.enhance(1.1)  # 增加对比度
+                return background
+        except Exception as e:
+            return self._create_default_background()
+    def _smart_crop_image(self, img, target_width, target_height):
+        """
+        智能裁剪图片到目标尺寸
+        优先保持图片的主要内容，避免简单缩放导致的变形
+        """
+        original_width, original_height = img.size
+        target_ratio = target_width / target_height
+        original_ratio = original_width / original_height
+        if abs(original_ratio - target_ratio) < 0.1:
+            # 如果长宽比接近，直接缩放
+            return img.resize((target_width, target_height), Image.Resampling.LANCZOS)
+        if original_ratio > target_ratio:
+            # 原图更宽，需要裁剪宽度
+            # 计算需要的高度来匹配目标比例
+            new_height = original_height
+            new_width = int(new_height * target_ratio)
+            # 从中心开始裁剪
+            left = (original_width - new_width) // 2
+            top = 0
+            right = left + new_width
+            bottom = new_height
+        else:
+            # 原图更高，需要裁剪高度
+            # 计算需要的宽度来匹配目标比例
+            new_width = original_width
+            new_height = int(new_width / target_ratio)
+            # 从中心开始裁剪（稍微偏上，保留重要内容）
+            left = 0
+            top = (original_height - new_height) // 3  # 偏上1/3处开始裁剪
+            right = new_width
+            bottom = top + new_height
+        # 执行裁剪
+        cropped_img = img.crop((left, top, right, bottom))
+        # 缩放到目标尺寸
+        return cropped_img.resize((target_width, target_height), Image.Resampling.LANCZOS)
+    def _create_default_background(self):
+        """创建默认背景图片"""
+        # 创建渐变背景
+        img = Image.new('RGB', (self.captcha_width, self.captcha_height), color='white')
+        draw = ImageDraw.Draw(img)
+        # 添加渐变色
+        for y in range(self.captcha_height):
+            color_intensity = int(240 - (y / self.captcha_height) * 40)
+            color = (color_intensity, color_intensity + 5, color_intensity + 10)
+            draw.line([(0, y), (self.captcha_width, y)], fill=color)
+        # 添加噪点
+        for _ in range(100):
+            x = random.randint(0, self.captcha_width - 1)
+            y = random.randint(0, self.captcha_height - 1)
+            draw.point((x, y), fill=(200, 200, 200))
+        # 添加干扰线
+        for _ in range(5):
+            x1 = random.randint(0, self.captcha_width)
+            y1 = random.randint(0, self.captcha_height)
+            x2 = random.randint(0, self.captcha_width)
+            y2 = random.randint(0, self.captcha_height)
+            draw.line([(x1, y1), (x2, y2)], fill=(220, 220, 220), width=1)
+        return img
+    def _create_puzzle_shape(self):
+        """创建拼图形状"""
+        # 创建拼图轮廓
+        img = Image.new('RGBA', (self.puzzle_size, self.puzzle_size), (0, 0, 0, 0))
+        draw = ImageDraw.Draw(img)
+        # 基础矩形
+        base_size = self.puzzle_size - 4
+        offset = 2
+        # 绘制拼图形状（带凸起）
+        points = []
+        # 左边
+        points.extend([(offset, offset), (offset, base_size // 3)])
+        # 左侧凸起
+        bump_size = 8
+        points.extend([
+            (offset - bump_size, base_size // 3),
+            (offset - bump_size, base_size // 3 + bump_size * 2),
+            (offset, base_size // 3 + bump_size * 2)
+        ])
+        points.extend([(offset, base_size + offset), (base_size // 3, base_size + offset)])
+        # 底部凸起
+        points.extend([
+            (base_size // 3, base_size + offset + bump_size),
+            (base_size // 3 + bump_size * 2, base_size + offset + bump_size),
+            (base_size // 3 + bump_size * 2, base_size + offset)
+        ])
+        points.extend([
+            (base_size + offset, base_size + offset),
+            (base_size + offset, offset),
+            (offset, offset)
+        ])
+        draw.polygon(points, fill=(255, 255, 255, 255), outline=(0, 0, 0, 100))
+        # 创建轮廓遮罩
+        outline = img.copy()
+        outline_draw = ImageDraw.Draw(outline)
+        outline_draw.polygon(points, fill=(0, 0, 0, 0), outline=(100, 100, 100, 200), width=2)
+        return img, outline
+    def _apply_puzzle_hole(self, background, x, y, puzzle_outline):
+        """在背景上应用拼图洞"""
+        # 创建遮罩
+        mask = Image.new('L', (self.puzzle_size, self.puzzle_size), 0)
+        mask_draw = ImageDraw.Draw(mask)
+        # 绘制拼图形状到遮罩
+        points = self._get_puzzle_points()
+        mask_draw.polygon(points, fill=255)
+        # 在背景上创建洞
+        hole_overlay = Image.new('RGBA', background.size, (0, 0, 0, 0))
+        hole_draw = ImageDraw.Draw(hole_overlay)
+        # 绘制阴影洞
+        shadow_points = [(px + x, py + y) for px, py in points]
+        hole_draw.polygon(shadow_points, fill=(0, 0, 0, 80))
+        # 绘制边框
+        hole_draw.polygon(shadow_points, outline=(100, 100, 100, 150), width=1)
+        # 合成到背景
+        background.paste(hole_overlay, (0, 0), hole_overlay)
+    def _extract_puzzle_piece(self, background, x, y, puzzle_img):
+        """提取拼图块"""
+        # 从背景中提取拼图区域
+        puzzle_area = background.crop((x, y, x + self.puzzle_size, y + self.puzzle_size))
+        # 创建最终的拼图块
+        result = Image.new('RGBA', (self.puzzle_size, self.puzzle_size), (0, 0, 0, 0))
+        # 使用拼图形状作为遮罩
+        mask = Image.new('L', (self.puzzle_size, self.puzzle_size), 0)
+        mask_draw = ImageDraw.Draw(mask)
+        points = self._get_puzzle_points()
+        mask_draw.polygon(points, fill=255)
+        # 应用遮罩
+        puzzle_area.putalpha(mask)
+        result.paste(puzzle_area, (0, 0), puzzle_area)
+        # 添加边框
+        draw = ImageDraw.Draw(result)
+        draw.polygon(points, outline=(255, 255, 255, 200), width=1)
+        return result
+    def _get_puzzle_points(self):
+        """获取拼图形状的点坐标"""
+        base_size = self.puzzle_size - 4
+        offset = 2
+        bump_size = 8
+        points = [
+            (offset, offset),
+            (offset, base_size // 3),
+            (offset - bump_size, base_size // 3),
+            (offset - bump_size, base_size // 3 + bump_size * 2),
+            (offset, base_size // 3 + bump_size * 2),
+            (offset, base_size + offset),
+            (base_size // 3, base_size + offset),
+            (base_size // 3, base_size + offset + bump_size),
+            (base_size // 3 + bump_size * 2, base_size + offset + bump_size),
+            (base_size // 3 + bump_size * 2, base_size + offset),
+            (base_size + offset, base_size + offset),
+            (base_size + offset, offset),
+            (offset, offset)
+        ]
+        return points
+    def _image_to_base64(self, img):
+        """将图片转换为base64"""
+        buffer = io.BytesIO()
+        img.save(buffer, format='PNG')
+        img_str = base64.b64encode(buffer.getvalue()).decode()
+        return f"data:image/png;base64,{img_str}"
+    def _validate_slide_track(self, track, final_x, slide_time):
+        """验证滑动轨迹"""
+        if not track or len(track) < 2:
+            return True  # 简化验证，允许较少的轨迹点
+        # 检查轨迹的连续性和合理性
+        total_distance = 0
+        prev_x = 0
+        back_track_count = 0
+        for point in track:
+            if 'x' not in point or 'timestamp' not in point:
+                return False
+            current_x = point['x']
+            if current_x < prev_x:  # 允许少量回退
+                back_track_count += 1
+                if back_track_count > 3:  # 回退次数过多才判定异常
+                    return False
+            total_distance += abs(current_x - prev_x)
+            prev_x = current_x
+        # 检查总距离是否合理（放宽限制）
+        if abs(total_distance - final_x) > 50:
+            return False
+        # 检查平均速度（放宽限制）
+        avg_speed = final_x / slide_time if slide_time > 0 else 0
+        if avg_speed > 800 or avg_speed < 5:  # 速度异常
+            return False
+        return True
+    def _update_captcha_attempts(self, captcha_key, captcha_data):
+        """更新验证码尝试次数"""
+        self.redis_client.setex(
+            captcha_key,
+            self.expire_time,
+            json.dumps(captcha_data)
+        )
+    def _generate_verify_token(self, session_id):
+        """生成验证通过token"""
+        payload = {
+            'session_id': session_id,
+            'timestamp': time.time(),
+            'type': 'slide_captcha'
+        }
+        return base64.b64encode(json.dumps(payload).encode()).decode()
+    def verify_token(self, session_id, verify_token):
+        """验证token是否有效"""
+        try:
+            stored_token = self.redis_client.get(f"captcha_verified:{session_id}")
+            if not stored_token:
+                return False
+            return stored_token.decode() == verify_token
+        except:
+            return False
 # Flask集成装饰器
 def require_auth(auth_manager):
     """