rainycode 1.1.0__tar.gz → 1.1.2__tar.gz

{rainycode-1.1.0 → rainycode-1.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: rainycode
-Version: 1.1.0
+Version: 1.1.2
 Summary: FastAPI base modules
 Requires-Python: >=3.8
 Requires-Dist: build==1.4.0

{rainycode-1.1.0 → rainycode-1.1.2}/common_base/consts.py

@@ -4,6 +4,5 @@ REDIS_PREFIX_USER_INFO: str = "user:info:"
 REDIS_PREFIX_OAUTH_STATE: str = "oauth:state:"
 REDIS_PREFIX_WECHAT_CODE: str = "wechat:code:"
 REDIS_PREFIX_WECHAT_OAUTH_CODE: str = "wechat:oauth:code:"
-REDIS_PREFIX_TEMP_CODE: str = "oauth:temp_code:"
 REDIS_PREFIX_LOGIN_LOCK_USER: str = "auth:login_lock:user:"
 REDIS_PREFIX_LOGIN_LOCK_IP: str = "auth:login_lock:ip:"

{rainycode-1.1.0 → rainycode-1.1.2}/common_depends/auth_depend.py

@@ -53,6 +53,7 @@ async def get_current_user(request: Request, token: str, security_scopes: Securi
 
     # 设置请求上下文
     request.state.user = user
+    request.state.token = token
     return user
 
 

{rainycode-1.1.0 → rainycode-1.1.2}/common_servers/api/auth_api.py

@@ -1,7 +1,7 @@
 from common_models.user_model import User
-from fastapi import APIRouter, Security, Body, Depends, Query, Request
+from fastapi import APIRouter, Security, Body, Query, Request
 from common_base.response import SuccessReturn
-from common_depends.auth_depend import login_require, oauth2_scheme
+from common_depends.auth_depend import login_require
 from common_servers.schemas.auth_schema import *
 from common_servers.service.auth_svc import AuthService
 
@@ -30,10 +30,11 @@ async def refresh_token(refresh_token: str = Body(..., embed=True)):
 
 @router.post("/logout", summary="登出")
 async def logout(
-    token: str = Depends(oauth2_scheme),
+    request: Request,
     refresh_token: str = Body(..., embed=True),
     _: User = Security(login_require),
 ):
+    token = request.state.token
     await AuthService.logout(token, refresh_token)
     return SuccessReturn(msg="登出成功")
 
@@ -69,16 +70,4 @@ async def get_wechat_oauth_url(
     - 如果用户未注册，自动重定向到 snsapi_userinfo 授权
     """
     authorize_url = await AuthService.get_wechat_oauth_url(app_id, redirect_uri, state)
-    return SuccessReturn(data={"authorize_url": authorize_url})
-
-
-@router.get("/wechat/token", summary="通过临时授权码获取 token")
-async def get_token_by_temp_code(code: str = Query(..., description="临时授权码")):
-    """
-    OAuth 回调后，前端使用临时码换取 token
-
-    - 临时码有效期：120 秒
-    - 一次性使用，获取后立即失效
-    """
-    token_data = await AuthService.get_token_by_temp_code(code)
-    return SuccessReturn(data=token_data, msg="获取成功")
+    return SuccessReturn(data={"authorize_url": authorize_url})

{rainycode-1.1.0 → rainycode-1.1.2}/common_servers/service/auth_svc.py

@@ -11,11 +11,11 @@ from common_base.consts import (
     REDIS_PREFIX_USER_INFO,
     REDIS_PREFIX_WECHAT_CODE,
     REDIS_PREFIX_WECHAT_OAUTH_CODE,
-    REDIS_PREFIX_TEMP_CODE,
     REDIS_PREFIX_LOGIN_LOCK_USER,
     REDIS_PREFIX_LOGIN_LOCK_IP,
 )
 from common_base.exception import CustomException
+from common_base.logging import logger
 from common_models.user_model import User
 from common_models.wechat_model import WechatApp, WechatUser, AppTypeEnum
 from common_utils.bcrypt_util import PwdUtil
@@ -23,7 +23,6 @@ from common_utils.jwt_util import JwtUtil
 from common_utils.wechat_util import WechatUtil
 from core.databases.aioredis import AioRedis
 from common_servers.schemas.auth_schema import UserRegister, UserLogin, WechatLogin
-from common_servers.managers.wechat_user_manager import WechatUserManager
 from tortoise.transactions import atomic
 from tortoise.expressions import Q
 from core.base_config import base_config
@@ -33,7 +32,6 @@ from core.base_config import base_config
 LOGIN_FAIL_LIMIT = 5  # 最大失败次数
 LOGIN_LOCK_SECONDS = 900  # 锁定时间（15分钟）
 IP_FAIL_LIMIT = 20  # 单 IP 最大失败次数
-TEMP_CODE_EXPIRE_SECONDS = 120  # 临时授权码有效期
 
 
 class AuthService:
@@ -75,6 +73,7 @@ class AuthService:
             phone=user_in.phone,
             nickname=user_in.nickname
         )
+        logger.info(f"用户注册成功: username={user.username}, user_id={user.id}")
         return user
 
     @classmethod
@@ -83,7 +82,9 @@ class AuthService:
         用户密码登录
         """
         user = await cls._authenticate_password(user_in, client_ip)
-        return await cls._create_tokens(user)
+        token_data = await cls._create_tokens(user)
+        logger.info(f"用户登录成功: username={user.username}, user_id={user.id}, ip={client_ip}")
+        return token_data
 
     @classmethod
     async def login_wechat_mini(cls, wechat_in: WechatLogin) -> dict:
@@ -99,9 +100,12 @@ class AuthService:
         刷新 Token
         """
         user_id = await AioRedis.get(f"{REDIS_PREFIX_REFRESH_TOKEN}{refresh_token}")
-        user_id = int(user_id) if user_id else None
         if not user_id:
             raise CustomException(msg="无效或已过期的刷新令牌")
+        try:
+            user_id = int(user_id)
+        except (ValueError, TypeError):
+            raise CustomException(msg="无效的刷新令牌")
 
         user = await User.get_or_none(id=user_id)
         if not user or not user.is_active:
@@ -109,7 +113,9 @@ class AuthService:
 
         # Token 轮换：删除旧的，生成新的
         await AioRedis.delete(f"{REDIS_PREFIX_REFRESH_TOKEN}{refresh_token}")
-        return await cls._create_tokens(user)
+        token_data = await cls._create_tokens(user)
+        logger.info(f"Token刷新成功: username={user.username}, user_id={user.id}")
+        return token_data
 
     @classmethod
     async def logout(cls, access_token: str, refresh_token: str):
@@ -133,6 +139,12 @@ class AuthService:
         if refresh_token:
             await AioRedis.delete(f"{REDIS_PREFIX_REFRESH_TOKEN}{refresh_token}")
 
+        # 记录登出日志
+        if payload:
+            user_id = payload.get("sub")
+            username = payload.get("username")
+            logger.info(f"用户登出: user_id={user_id}, username={username}")
+
     @classmethod
     async def get_wechat_oauth_url(cls, app_id: str, redirect_uri: str, state: str | None = None) -> str:
         """
@@ -241,8 +253,8 @@ class AuthService:
 
             user_info = await WechatUtil.get_user_info(access_token, openid)
 
-            # 使用 WechatUserManager 创建或绑定用户
-            user = await WechatUserManager.bind_or_register(
+            # 使用 _bind_or_register_wechat_user 创建或绑定用户
+            user = await cls._bind_or_register_wechat_user(
                 openid=openid,
                 app_config=app_config,
                 unionid=wx_res.get("unionid"),
@@ -255,7 +267,7 @@ class AuthService:
 
         # 新用户，需要 snsapi_userinfo 授权
         # 缓存 state 信息供二次回调使用
-        new_state = f"{state}_userinfo"
+        new_state = str(uuid.uuid4())
         await AioRedis.set(f"{REDIS_PREFIX_OAUTH_STATE}{new_state}", cache_value, ex=300)
 
         # 构建 snsapi_userinfo 授权链接
@@ -269,22 +281,6 @@ class AuthService:
 
         return RedirectResponse(url=userinfo_auth_url, status_code=302)
 
-    @classmethod
-    async def get_token_by_temp_code(cls, temp_code: str) -> dict:
-        """
-        通过临时授权码获取 token
-        """
-        cache_key = f"{REDIS_PREFIX_TEMP_CODE}{temp_code}"
-        cache_value = await AioRedis.get(cache_key)
-
-        if not cache_value:
-            raise CustomException(msg="临时授权码已过期，请重新授权")
-
-        # 删除临时码（一次性使用）
-        await AioRedis.delete(cache_key)
-
-        return json.loads(cache_value)
-
     # ==================== 私有方法 ====================
 
     @classmethod
@@ -296,17 +292,19 @@ class AuthService:
         user = await User.get_or_none(username=data.username)
         if not user:
             await cls._record_login_fail(data.username, client_ip)
+            logger.warning(f"登录失败: 用户名不存在, username={data.username}, ip={client_ip}")
             raise CustomException(msg="用户名或密码错误")
 
         if not PwdUtil.verify_password(data.password, user.password):
             await cls._record_login_fail(data.username, client_ip)
+            logger.warning(f"登录失败: 密码错误, username={data.username}, ip={client_ip}")
             raise CustomException(msg="用户名或密码错误")
 
         if not user.is_active:
             raise CustomException(msg="用户已被禁用")
 
         # 清除失败记录
-        await cls._clear_login_fail(data.username)
+        await cls._clear_login_fail(data.username, client_ip)
 
         # 更新最后登录时间
         user.last_login = datetime.now()
@@ -357,8 +355,8 @@ class AuthService:
             if phone and not re.match(r'^1[3-9]\d{9}$', phone):
                 raise CustomException(msg="手机号格式不正确")
 
-        # 6. 使用 WechatUserManager 处理用户绑定/注册
-        return await WechatUserManager.bind_or_register(
+        # 6. 使用 _bind_or_register_wechat_user 处理用户绑定/注册
+        return await cls._bind_or_register_wechat_user(
             openid=openid,
             app_config=app_config,
             unionid=unionid,
@@ -397,9 +395,10 @@ class AuthService:
             await AioRedis.expire(ip_key, LOGIN_LOCK_SECONDS)
 
     @classmethod
-    async def _clear_login_fail(cls, username: str):
+    async def _clear_login_fail(cls, username: str, client_ip: str):
         """清除登录失败记录"""
         await AioRedis.delete(f"{REDIS_PREFIX_LOGIN_LOCK_USER}{username}")
+        await AioRedis.delete(f"{REDIS_PREFIX_LOGIN_LOCK_IP}{client_ip}")
 
     @classmethod
     async def _create_tokens(cls, user: User) -> dict:
@@ -425,22 +424,107 @@ class AuthService:
         }
 
     @classmethod
-    async def _build_redirect_response(cls, redirect_uri: str, token_data: dict, state: str | None = None) -> RedirectResponse:
-        """构建带临时码的重定向响应"""
-        # 生成临时授权码
-        temp_code = str(uuid.uuid4())
-
-        # 缓存 token 数据
-        await AioRedis.set(
-            f"{REDIS_PREFIX_TEMP_CODE}{temp_code}",
-            json.dumps(token_data),
-            ex=TEMP_CODE_EXPIRE_SECONDS
+    @atomic("main")
+    async def _bind_or_register_wechat_user(
+        cls,
+        openid: str,
+        app_config: WechatApp,
+        unionid: str | None = None,
+        phone: str | None = None,
+        nickname: str | None = None,
+        avatar: str | None = None,
+        session_key: str | None = None,
+    ) -> User:
+        """
+        绑定已有用户或创建新用户（微信登录专用）
+
+        Args:
+            openid: 微信 OpenID
+            app_config: 微信应用配置
+            unionid: 微信 UnionID（可选，用于跨应用关联）
+            phone: 手机号（可选，小程序一键登录获取）
+            nickname: 微信昵称
+            avatar: 微信头像
+            session_key: 会话密钥（仅小程序）
+
+        Returns:
+            User: 用户对象
+        """
+        # 1. 检查 WechatUser 是否已存在
+        wechat_user = await WechatUser.get_or_none(
+            openid=openid, wechat_app=app_config
+        ).select_related("user")
+
+        if wechat_user:
+            # 已存在关联，更新信息
+            if session_key:
+                wechat_user.session_key = session_key
+            if nickname:
+                wechat_user.nickname = nickname
+            if avatar:
+                wechat_user.avatar = avatar
+            if phone and not wechat_user.user.phone:
+                wechat_user.user.phone = phone
+                await wechat_user.user.save()
+            await wechat_user.save()
+            return wechat_user.user
+
+        # 2. 检查 User 是否存在（通过 phone 或 unionid）
+        user = None
+        if phone:
+            user = await User.get_or_none(phone=phone)
+
+        # 如果有 UnionID，检查其他应用下的 WechatUser 是否关联了 User
+        if not user and unionid:
+            other_wechat_user = (
+                await WechatUser.filter(unionid=unionid)
+                .exclude(wechat_app=app_config)
+                .first()
+                .select_related("user")
+            )
+            if other_wechat_user:
+                user = other_wechat_user.user
+
+        # 3. 创建 User（如不存在）
+        if not user:
+            # 使用 UUID 避免并发冲突
+            username = f"wx_{uuid.uuid4().hex[:8]}"
+            user = await User.create(
+                username=username,
+                password="",  # 微信用户无密码
+                phone=phone,
+                nickname=nickname or f"用户{username[-4:]}",
+                avatar=avatar,
+            )
+
+        # 4. 创建 WechatUser 关联
+        await WechatUser.create(
+            user=user,
+            wechat_app=app_config,
+            openid=openid,
+            unionid=unionid,
+            session_key=session_key,
+            nickname=nickname,
+            avatar=avatar,
         )
 
-        # 构建重定向 URL
-        params = {"temp_code": temp_code}
+        return user
+
+    @classmethod
+    async def _build_redirect_response(
+        cls, redirect_uri: str, token_data: dict, state: str | None = None
+    ) -> RedirectResponse:
+        """构建带 token 的重定向响应（使用 URL Fragment）"""
+        params = {
+            "access_token": token_data["access_token"],
+            "refresh_token": token_data["refresh_token"],
+            "token_type": token_data["token_type"],
+            "expires_in": str(token_data["expires_in"]),
+        }
         if state:
             params["state"] = state
 
-        redirect_url = f"{redirect_uri}?{urlencode(params)}"
+        # 使用 # fragment 传递 token，避免出现在服务器日志中
+        fragment = urlencode(params)
+        redirect_url = f"{redirect_uri}#{fragment}"
         return RedirectResponse(url=redirect_url, status_code=302)

{rainycode-1.1.0 → rainycode-1.1.2}/common_utils/bcrypt_util.py

@@ -44,7 +44,7 @@ class PwdUtil:
     @classmethod
     def check_password_strength(cls, password: str) -> str | None:
         """
-        检查密码强度
+        检查密码强度（不含长度检查，由 Schema min_length 处理）
 
         Args:
             password: 明文密码
@@ -52,12 +52,10 @@ class PwdUtil:
         Returns:
             str: 如果密码强度不够返回提示信息,否则返回None
         """
-        if len(password) < 6:
-            return "密码长度至少6位"
         if not any(c.isupper() for c in password):
             return "密码需要包含大写字母"
         if not any(c.islower() for c in password):
-            return "密码需要包含小写字母" 
+            return "密码需要包含小写字母"
         if not any(c.isdigit() for c in password):
             return "密码需要包含数字"
         return None

{rainycode-1.1.0 → rainycode-1.1.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "rainycode"
-version = "1.1.0"
+version = "1.1.2"
 description = "FastAPI base modules"
 requires-python = ">=3.8"
 

{rainycode-1.1.0 → rainycode-1.1.2}/rainycode.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: rainycode
-Version: 1.1.0
+Version: 1.1.2
 Summary: FastAPI base modules
 Requires-Python: >=3.8
 Requires-Dist: build==1.4.0

{rainycode-1.1.0 → rainycode-1.1.2}/rainycode.egg-info/SOURCES.txt

@@ -12,7 +12,6 @@ common_models/wechat_model.py
 common_servers/router.py
 common_servers/api/auth_api.py
 common_servers/api/wechat_api.py
-common_servers/managers/wechat_user_manager.py
 common_servers/schemas/__init__.py
 common_servers/schemas/auth_schema.py
 common_servers/service/auth_svc.py

rainycode-1.1.0/common_servers/managers/wechat_user_manager.py

@@ -1,98 +0,0 @@
-import uuid
-from tortoise.transactions import atomic
-from common_models.user_model import User
-from common_models.wechat_model import WechatApp, WechatUser
-
-
-class WechatUserManager:
-    """
-    微信用户绑定/注册统一处理
-    合并小程序和公众号的用户处理逻辑
-    """
-
-    @classmethod
-    @atomic("main")
-    async def bind_or_register(
-        cls,
-        openid: str,
-        app_config: WechatApp,
-        unionid: str | None = None,
-        phone: str | None = None,
-        nickname: str | None = None,
-        avatar: str | None = None,
-        session_key: str | None = None,
-    ) -> User:
-        """
-        绑定已有用户或创建新用户
-
-        Args:
-            openid: 微信 OpenID
-            app_config: 微信应用配置
-            unionid: 微信 UnionID（可选，用于跨应用关联）
-            phone: 手机号（可选，小程序一键登录获取）
-            nickname: 微信昵称
-            avatar: 微信头像
-            session_key: 会话密钥（仅小程序）
-
-        Returns:
-            User: 用户对象
-        """
-        # 1. 检查 WechatUser 是否已存在
-        wechat_user = await WechatUser.get_or_none(
-            openid=openid, wechat_app=app_config
-        ).select_related("user")
-
-        if wechat_user:
-            # 已存在关联，更新信息
-            if session_key:
-                wechat_user.session_key = session_key
-            if nickname:
-                wechat_user.nickname = nickname
-            if avatar:
-                wechat_user.avatar = avatar
-            if phone and not wechat_user.user.phone:
-                wechat_user.user.phone = phone
-                await wechat_user.user.save()
-            await wechat_user.save()
-            return wechat_user.user
-
-        # 2. 检查 User 是否存在（通过 phone 或 unionid）
-        user = None
-        if phone:
-            user = await User.get_or_none(phone=phone)
-
-        # 如果有 UnionID，检查其他应用下的 WechatUser 是否关联了 User
-        if not user and unionid:
-            other_wechat_user = (
-                await WechatUser.filter(unionid=unionid)
-                .exclude(wechat_app=app_config)
-                .first()
-                .select_related("user")
-            )
-            if other_wechat_user:
-                user = other_wechat_user.user
-
-        # 3. 创建 User（如不存在）
-        if not user:
-            # 使用 UUID 避免并发冲突
-            username = f"wx_{uuid.uuid4().hex[:8]}"
-            user = await User.create(
-                username=username,
-                password="",  # 微信用户无密码
-                phone=phone,
-                nickname=nickname or f"用户{username[-4:]}",
-                avatar=avatar,
-            )
-
-        # 4. 创建 WechatUser 关联
-        await WechatUser.create(
-            user=user,
-            wechat_app=app_config,
-            openid=openid,
-            unionid=unionid,
-            session_key=session_key,
-            nickname=nickname,
-            avatar=avatar,
-        )
-
-        return user