skyplatform-iam 1.0.0__py3-none-any.whl → 1.0.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- skyplatform_iam/__init__.py +2 -0
- skyplatform_iam/auth_middleware.py +30 -2
- skyplatform_iam/config.py +77 -13
- {skyplatform_iam-1.0.0.dist-info → skyplatform_iam-1.0.1.dist-info}/METADATA +2 -2
- skyplatform_iam-1.0.1.dist-info/RECORD +9 -0
- skyplatform_iam-1.0.0.dist-info/RECORD +0 -9
- {skyplatform_iam-1.0.0.dist-info → skyplatform_iam-1.0.1.dist-info}/WHEEL +0 -0
skyplatform_iam/__init__.py
CHANGED
|
@@ -6,6 +6,7 @@ SkyPlatform IAM SDK
|
|
|
6
6
|
from .config import AuthConfig
|
|
7
7
|
from .middleware import AuthMiddleware
|
|
8
8
|
from .connect_agenterra_iam import ConnectAgenterraIam
|
|
9
|
+
from .auth_middleware import setup_auth_middleware
|
|
9
10
|
from .exceptions import (
|
|
10
11
|
SkyPlatformAuthException,
|
|
11
12
|
AuthenticationError,
|
|
@@ -28,6 +29,7 @@ __all__ = [
|
|
|
28
29
|
|
|
29
30
|
# 中间件
|
|
30
31
|
"AuthMiddleware",
|
|
32
|
+
"setup_auth_middleware",
|
|
31
33
|
|
|
32
34
|
# 客户端
|
|
33
35
|
"ConnectAgenterraIam",
|
|
@@ -4,20 +4,36 @@ from typing import Optional, Dict
|
|
|
4
4
|
import jwt
|
|
5
5
|
|
|
6
6
|
from .connect_agenterra_iam import ConnectAgenterraIam
|
|
7
|
+
from .config import AuthConfig
|
|
7
8
|
import logging
|
|
8
9
|
|
|
9
10
|
logger = logging.getLogger(__name__)
|
|
10
11
|
|
|
11
12
|
|
|
12
13
|
class AuthMiddleware:
|
|
13
|
-
def __init__(self):
|
|
14
|
+
def __init__(self, auth_config: Optional[AuthConfig] = None):
|
|
14
15
|
self.security = HTTPBearer(auto_error=False)
|
|
15
16
|
self.iam_client = ConnectAgenterraIam()
|
|
17
|
+
self.auth_config = auth_config
|
|
18
|
+
|
|
19
|
+
def is_path_whitelisted(self, path: str) -> bool:
|
|
20
|
+
"""
|
|
21
|
+
检查路径是否在白名单中
|
|
22
|
+
"""
|
|
23
|
+
if not self.auth_config:
|
|
24
|
+
return False
|
|
25
|
+
return self.auth_config.is_path_whitelisted(path)
|
|
16
26
|
|
|
17
27
|
async def verify_token(self, request: Request):
|
|
18
28
|
# 通过token, server_ak, server_sk判断是否有权限
|
|
19
|
-
credentials: HTTPAuthorizationCredentials = await self.security(request)
|
|
20
29
|
api_path = request.url.path
|
|
30
|
+
|
|
31
|
+
# 首先检查路径是否在白名单中
|
|
32
|
+
if self.is_path_whitelisted(api_path):
|
|
33
|
+
logger.info(f"路径 {api_path} 在白名单中,跳过IAM鉴权")
|
|
34
|
+
return True
|
|
35
|
+
|
|
36
|
+
credentials: HTTPAuthorizationCredentials = await self.security(request)
|
|
21
37
|
method = request.method
|
|
22
38
|
|
|
23
39
|
server_ak = request.headers.get("SERVER-AK", "")
|
|
@@ -162,6 +178,18 @@ class AuthMiddleware:
|
|
|
162
178
|
auth_middleware = AuthMiddleware()
|
|
163
179
|
|
|
164
180
|
|
|
181
|
+
def setup_auth_middleware(auth_config: AuthConfig) -> None:
|
|
182
|
+
"""
|
|
183
|
+
设置认证中间件配置
|
|
184
|
+
|
|
185
|
+
Args:
|
|
186
|
+
auth_config: 认证配置实例,包含白名单路径等配置
|
|
187
|
+
"""
|
|
188
|
+
global auth_middleware
|
|
189
|
+
auth_middleware = AuthMiddleware(auth_config)
|
|
190
|
+
logger.info(f"认证中间件已配置,白名单路径数量: {len(auth_config.get_whitelist_paths())}")
|
|
191
|
+
|
|
192
|
+
|
|
165
193
|
# 便捷的依赖函数
|
|
166
194
|
async def get_current_user(request: Request) -> Dict:
|
|
167
195
|
"""获取当前用户的依赖函数"""
|
skyplatform_iam/config.py
CHANGED
|
@@ -2,8 +2,9 @@
|
|
|
2
2
|
SkyPlatform IAM SDK 配置模块
|
|
3
3
|
"""
|
|
4
4
|
import os
|
|
5
|
+
import fnmatch
|
|
5
6
|
from typing import Optional, List
|
|
6
|
-
from pydantic import BaseModel
|
|
7
|
+
from pydantic import BaseModel, Field
|
|
7
8
|
from dotenv import load_dotenv
|
|
8
9
|
|
|
9
10
|
# 加载环境变量
|
|
@@ -20,17 +21,19 @@ class AuthConfig(BaseModel):
|
|
|
20
21
|
server_name: str
|
|
21
22
|
access_key: str
|
|
22
23
|
|
|
23
|
-
|
|
24
24
|
# Token配置
|
|
25
25
|
token_header: str = "Authorization"
|
|
26
26
|
token_prefix: str = "Bearer "
|
|
27
|
-
|
|
27
|
+
|
|
28
28
|
# 错误处理配置
|
|
29
29
|
enable_debug: bool = False
|
|
30
|
-
|
|
30
|
+
|
|
31
|
+
# 白名单路径配置(实例变量)
|
|
32
|
+
whitelist_paths: List[str] = Field(default_factory=list)
|
|
33
|
+
|
|
31
34
|
class Config:
|
|
32
35
|
env_prefix = "AGENTERRA_"
|
|
33
|
-
|
|
36
|
+
|
|
34
37
|
@classmethod
|
|
35
38
|
def from_env(cls) -> "AuthConfig":
|
|
36
39
|
"""
|
|
@@ -40,9 +43,10 @@ class AuthConfig(BaseModel):
|
|
|
40
43
|
agenterra_iam_host=os.environ.get('AGENTERRA_IAM_HOST', ''),
|
|
41
44
|
server_name=os.environ.get('AGENTERRA_SERVER_NAME', ''),
|
|
42
45
|
access_key=os.environ.get('AGENTERRA_ACCESS_KEY', ''),
|
|
43
|
-
enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true'
|
|
46
|
+
enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true',
|
|
47
|
+
whitelist_paths=[] # 初始化空的白名单路径列表
|
|
44
48
|
)
|
|
45
|
-
|
|
49
|
+
|
|
46
50
|
def validate_config(self) -> bool:
|
|
47
51
|
"""
|
|
48
52
|
验证配置是否完整
|
|
@@ -52,17 +56,77 @@ class AuthConfig(BaseModel):
|
|
|
52
56
|
if not getattr(self, field):
|
|
53
57
|
raise ValueError(f"配置项 {field} 不能为空")
|
|
54
58
|
return True
|
|
55
|
-
|
|
59
|
+
|
|
60
|
+
def _normalize_path(self, path: str) -> str:
|
|
61
|
+
"""
|
|
62
|
+
标准化路径格式
|
|
63
|
+
"""
|
|
64
|
+
if not path:
|
|
65
|
+
return path
|
|
66
|
+
|
|
67
|
+
# 确保路径以 / 开头
|
|
68
|
+
if not path.startswith('/'):
|
|
69
|
+
path = '/' + path
|
|
70
|
+
|
|
71
|
+
# 移除重复的斜杠
|
|
72
|
+
while '//' in path:
|
|
73
|
+
path = path.replace('//', '/')
|
|
74
|
+
|
|
75
|
+
return path
|
|
76
|
+
|
|
56
77
|
def add_whitelist_path(self, path: str) -> None:
|
|
57
78
|
"""
|
|
58
79
|
添加白名单路径
|
|
59
80
|
"""
|
|
60
|
-
if
|
|
61
|
-
|
|
62
|
-
|
|
81
|
+
if not path:
|
|
82
|
+
return
|
|
83
|
+
|
|
84
|
+
normalized_path = self._normalize_path(path)
|
|
85
|
+
if normalized_path not in self.whitelist_paths:
|
|
86
|
+
self.whitelist_paths.append(normalized_path)
|
|
87
|
+
|
|
88
|
+
def add_whitelist_paths(self, paths: List[str]) -> None:
|
|
89
|
+
"""
|
|
90
|
+
批量添加白名单路径
|
|
91
|
+
"""
|
|
92
|
+
for path in paths:
|
|
93
|
+
self.add_whitelist_path(path)
|
|
94
|
+
|
|
63
95
|
def remove_whitelist_path(self, path: str) -> None:
|
|
64
96
|
"""
|
|
65
97
|
移除白名单路径
|
|
66
98
|
"""
|
|
67
|
-
if path
|
|
68
|
-
|
|
99
|
+
if not path:
|
|
100
|
+
return
|
|
101
|
+
|
|
102
|
+
normalized_path = self._normalize_path(path)
|
|
103
|
+
if normalized_path in self.whitelist_paths:
|
|
104
|
+
self.whitelist_paths.remove(normalized_path)
|
|
105
|
+
|
|
106
|
+
def clear_whitelist_paths(self) -> None:
|
|
107
|
+
"""
|
|
108
|
+
清空所有白名单路径
|
|
109
|
+
"""
|
|
110
|
+
self.whitelist_paths.clear()
|
|
111
|
+
|
|
112
|
+
def get_whitelist_paths(self) -> List[str]:
|
|
113
|
+
"""
|
|
114
|
+
获取所有白名单路径
|
|
115
|
+
"""
|
|
116
|
+
return self.whitelist_paths.copy()
|
|
117
|
+
|
|
118
|
+
def is_path_whitelisted(self, path: str) -> bool:
|
|
119
|
+
"""
|
|
120
|
+
检查路径是否在白名单中(支持通配符匹配)
|
|
121
|
+
"""
|
|
122
|
+
if not path:
|
|
123
|
+
return False
|
|
124
|
+
|
|
125
|
+
normalized_path = self._normalize_path(path)
|
|
126
|
+
|
|
127
|
+
for whitelist_path in self.whitelist_paths:
|
|
128
|
+
# 支持通配符匹配
|
|
129
|
+
if fnmatch.fnmatch(normalized_path, whitelist_path):
|
|
130
|
+
return True
|
|
131
|
+
|
|
132
|
+
return False
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: skyplatform-iam
|
|
3
|
-
Version: 1.0.
|
|
3
|
+
Version: 1.0.1
|
|
4
4
|
Summary: SkyPlatform IAM认证SDK,提供FastAPI中间件和认证路由
|
|
5
5
|
Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
|
|
6
6
|
Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/
|
|
@@ -24,7 +24,7 @@ Classifier: Programming Language :: Python :: 3.12
|
|
|
24
24
|
Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
|
|
25
25
|
Classifier: Topic :: Security
|
|
26
26
|
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
|
27
|
-
Requires-Python: >=3.
|
|
27
|
+
Requires-Python: >=3.9
|
|
28
28
|
Requires-Dist: fastapi>=0.68.0
|
|
29
29
|
Requires-Dist: pydantic>=1.8.0
|
|
30
30
|
Requires-Dist: python-dotenv>=0.19.0
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
skyplatform_iam/__init__.py,sha256=w_HFG7ddDO-fFsaGMZbBCkacD3VSk8o3ttvv7wluDIg,2516
|
|
2
|
+
skyplatform_iam/auth_middleware.py,sha256=1CvrjR-rFDAxn9YdwD9xWPEDnPmgDWUiELgX_7e4114,8119
|
|
3
|
+
skyplatform_iam/config.py,sha256=s4tctVpguKZv4O1Fhf7_Fo7zELNX6KYviMjkE1WPbQM,3715
|
|
4
|
+
skyplatform_iam/connect_agenterra_iam.py,sha256=kF4iWMhV-NoxCHgV7pyoClK9UliqC16n-E9V1aDPfKw,31843
|
|
5
|
+
skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
|
|
6
|
+
skyplatform_iam/middleware.py,sha256=Yg-pX-wI8ROYCIHtwW7F1ABiFK5FSNlDJUgMc6fD_b4,6231
|
|
7
|
+
skyplatform_iam-1.0.1.dist-info/METADATA,sha256=cXkh0Utk6SnZkikCKU2dutHaxJ38YMisIEk1rP_vov8,7027
|
|
8
|
+
skyplatform_iam-1.0.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
9
|
+
skyplatform_iam-1.0.1.dist-info/RECORD,,
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
skyplatform_iam/__init__.py,sha256=dUrP_jrnS1KLaJWbpGU1_tdSM5sOSc4yt1wTVcXyQfo,2434
|
|
2
|
-
skyplatform_iam/auth_middleware.py,sha256=aE2zNuoJVs4JGwmzrS0B6Pfs7vDDLdaFDxWiSt9Mm04,7137
|
|
3
|
-
skyplatform_iam/config.py,sha256=2oKTkH0wIzbfK2YP9Tj8evtBgqtt-UaN83F2sKO4gcc,1869
|
|
4
|
-
skyplatform_iam/connect_agenterra_iam.py,sha256=kF4iWMhV-NoxCHgV7pyoClK9UliqC16n-E9V1aDPfKw,31843
|
|
5
|
-
skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
|
|
6
|
-
skyplatform_iam/middleware.py,sha256=Yg-pX-wI8ROYCIHtwW7F1ABiFK5FSNlDJUgMc6fD_b4,6231
|
|
7
|
-
skyplatform_iam-1.0.0.dist-info/METADATA,sha256=Ii01sk1ovetEjixB1_UkrzJjRHQqW4YdmQWAtQ4WSc4,7027
|
|
8
|
-
skyplatform_iam-1.0.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
9
|
-
skyplatform_iam-1.0.0.dist-info/RECORD,,
|
|
File without changes
|