PyPI - skyplatform-iam - Versions diffs - 1.0.0__py3-none-any.whl - Mend

skyplatform-iam 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

skyplatform_iam/__init__.py +95 -0
skyplatform_iam/auth_middleware.py +173 -0
skyplatform_iam/config.py +68 -0
skyplatform_iam/connect_agenterra_iam.py +814 -0
skyplatform_iam/exceptions.py +71 -0
skyplatform_iam/middleware.py +186 -0
skyplatform_iam-1.0.0.dist-info/METADATA +262 -0
skyplatform_iam-1.0.0.dist-info/RECORD +9 -0
skyplatform_iam-1.0.0.dist-info/WHEEL +4 -0

skyplatform_iam/exceptions.py ADDED Viewed

@@ -0,0 +1,71 @@
+"""
+SkyPlatform IAM SDK 异常模块
+"""
+from typing import Optional
+class SkyPlatformAuthException(Exception):
+    """
+    SkyPlatform认证SDK基础异常类
+    """
+    def __init__(self, message: str, status_code: int = 500, detail: Optional[str] = None):
+        self.message = message
+        self.status_code = status_code
+        self.detail = detail
+        super().__init__(self.message)
+class AuthenticationError(SkyPlatformAuthException):
+    """
+    认证失败异常
+    """
+    def __init__(self, message: str = "认证失败", detail: Optional[str] = None):
+        super().__init__(message, status_code=401, detail=detail)
+class AuthorizationError(SkyPlatformAuthException):
+    """
+    授权失败异常
+    """
+    def __init__(self, message: str = "权限不足", detail: Optional[str] = None):
+        super().__init__(message, status_code=403, detail=detail)
+class TokenExpiredError(AuthenticationError):
+    """
+    Token过期异常
+    """
+    def __init__(self, message: str = "Token已过期", detail: Optional[str] = None):
+        super().__init__(message, detail=detail)
+class TokenInvalidError(AuthenticationError):
+    """
+    Token无效异常
+    """
+    def __init__(self, message: str = "Token无效", detail: Optional[str] = None):
+        super().__init__(message, detail=detail)
+class ConfigurationError(SkyPlatformAuthException):
+    """
+    配置错误异常
+    """
+    def __init__(self, message: str = "配置错误", detail: Optional[str] = None):
+        super().__init__(message, status_code=500, detail=detail)
+class IAMServiceError(SkyPlatformAuthException):
+    """
+    IAM服务错误异常
+    """
+    def __init__(self, message: str = "IAM服务错误", status_code: int = 500, detail: Optional[str] = None):
+        super().__init__(message, status_code=status_code, detail=detail)
+class NetworkError(SkyPlatformAuthException):
+    """
+    网络错误异常
+    """
+    def __init__(self, message: str = "网络连接错误", detail: Optional[str] = None):
+        super().__init__(message, status_code=503, detail=detail)

skyplatform_iam/middleware.py ADDED Viewed

@@ -0,0 +1,186 @@
+"""
+SkyPlatform IAM SDK 中间件模块
+"""
+import logging
+from typing import Optional, Callable, Dict, Any
+from fastapi import Request, Response, HTTPException
+from fastapi.responses import JSONResponse
+from starlette.middleware.base import BaseHTTPMiddleware
+from .config import AuthConfig
+from .connect_agenterra_iam import ConnectAgenterraIam
+from .exceptions import (
+    AuthenticationError,
+    AuthorizationError,
+    ConfigurationError
+)
+logger = logging.getLogger(__name__)
+class AuthMiddleware(BaseHTTPMiddleware):
+    """
+    认证中间件
+    自动拦截请求进行Token验证和权限检查
+    """
+    def __init__(
+            self,
+            app,
+            config: AuthConfig,
+            skip_validation: Optional[Callable[[Request], bool]] = None
+    ):
+        """
+        初始化认证中间件
+        Args:
+            app: FastAPI应用实例
+            config: 认证配置
+            skip_validation: 自定义跳过验证的函数
+        """
+        super().__init__(app)
+        self.config = config
+        self.iam_client = ConnectAgenterraIam()
+        self.skip_validation = skip_validation
+        # 验证配置
+        try:
+            self.config.validate_config()
+        except ValueError as e:
+            raise ConfigurationError(str(e))
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        """
+        中间件主要处理逻辑
+        """
+        try:
+            # 提取Token（可能为空，白名单接口不需要token）
+            token = self._extract_token(request)
+            # 验证Token和权限（即使token为空也要调用IAM验证，因为可能是白名单接口）
+            user_info = await self._verify_token_and_permission(request, token)
+            if not user_info:
+                return self._create_error_response(
+                    status_code=401,
+                    message="Token验证失败",
+                    detail="提供的Token无效或已过期"
+                )
+            # 检查是否为白名单接口
+            if user_info.get('is_whitelist', False):
+                # 白名单接口，允许访问但不设置用户信息
+                request.state.user = None
+                request.state.authenticated = False
+                request.state.is_whitelist = True
+            else:
+                # 正常认证接口，设置用户信息
+                request.state.user = user_info
+                request.state.authenticated = True
+                request.state.is_whitelist = False
+            # 继续处理请求
+            response = await call_next(request)
+            return response
+        except HTTPException as e:
+            # FastAPI HTTPException直接返回
+            return self._create_error_response(
+                status_code=e.status_code,
+                message=str(e.detail),
+                detail=getattr(e, 'detail', None)
+            )
+        except AuthenticationError as e:
+            return self._create_error_response(
+                status_code=e.status_code,
+                message=e.message,
+                detail=e.detail
+            )
+        except AuthorizationError as e:
+            return self._create_error_response(
+                status_code=e.status_code,
+                message=e.message,
+                detail=e.detail
+            )
+        except Exception as e:
+            logger.error(f"认证中间件处理异常: {str(e)}")
+            if self.config.enable_debug:
+                logger.exception("详细异常信息:")
+            return self._create_error_response(
+                status_code=500,
+                message="内部服务器错误",
+                detail=str(e) if self.config.enable_debug else None
+            )
+    def _extract_token(self, request: Request) -> Optional[str]:
+        """
+        从请求中提取Token
+        """
+        # 从Authorization头提取
+        auth_header = request.headers.get(self.config.token_header)
+        if auth_header and auth_header.startswith(self.config.token_prefix):
+            return auth_header[len(self.config.token_prefix):].strip()
+        # 从查询参数提取（备选方案）
+        token = request.query_params.get("token")
+        if token:
+            return token
+        return None
+    async def _verify_token_and_permission(self, request: Request, token: Optional[str]) -> Optional[Dict[str, Any]]:
+        """
+        验证Token和权限
+        """
+        try:
+            # 获取请求信息
+            api_path = request.url.path
+            method = request.method
+            # 从请求头获取服务认证信息（可选）
+            server_ak = request.headers.get("SERVER-AK", "")
+            server_sk = request.headers.get("SERVER-SK", "")
+            # 调用IAM验证接口（即使token为空也要调用，因为可能是白名单接口）
+            user_info = self.iam_client.verify_token(
+                token=token or "",  # 如果token为None，传递空字符串
+                api=api_path,
+                method=method,
+                server_ak=server_ak,
+                server_sk=server_sk
+            )
+            return user_info
+        except HTTPException:
+            # 重新抛出HTTP异常
+            raise
+        except Exception as e:
+            logger.error(f"Token验证异常: {str(e)}")
+            if self.config.enable_debug:
+                logger.exception("详细异常信息:")
+            return None
+    def _create_error_response(
+            self,
+            status_code: int,
+            message: str,
+            detail: Optional[str] = None
+    ) -> JSONResponse:
+        """
+        创建错误响应
+        """
+        error_data = {
+            "success": False,
+            "message": message,
+            "status_code": status_code
+        }
+        if detail:
+            error_data["detail"] = detail
+        return JSONResponse(
+            status_code=status_code,
+            content=error_data
+        )

skyplatform_iam-1.0.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,262 @@
+Metadata-Version: 2.4
+Name: skyplatform-iam
+Version: 1.0.0
+Summary: SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由
+Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
+Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/
+Project-URL: Repository, https://github.com/xinmayoujiang12621/agenterra_iam.git
+Project-URL: Issues, https://github.com/xinmayoujiang12621/agenterra_iam/issues
+Project-URL: Changelog, https://github.com/xinmayoujiang12621/agenterra_iam/blob/main/CHANGELOG.md
+Author-email: x9 <xuanxienanxunmobao@gmail.com>
+License: MIT
+Keywords: authentication,fastapi,iam,middleware,skyplatform
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Framework :: FastAPI
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.8
+Requires-Dist: fastapi>=0.68.0
+Requires-Dist: pydantic>=1.8.0
+Requires-Dist: python-dotenv>=0.19.0
+Requires-Dist: requests>=2.25.0
+Requires-Dist: starlette>=0.14.0
+Provides-Extra: dev
+Requires-Dist: black>=22.0.0; extra == 'dev'
+Requires-Dist: flake8>=4.0.0; extra == 'dev'
+Requires-Dist: httpx>=0.23.0; extra == 'dev'
+Requires-Dist: isort>=5.10.0; extra == 'dev'
+Requires-Dist: mypy>=0.950; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.18.0; extra == 'dev'
+Requires-Dist: pytest>=6.0.0; extra == 'dev'
+Description-Content-Type: text/markdown
+# SkyPlatform IAM SDK
+SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由，简化第三方服务的认证集成。
+## 功能特性
+- 🔐 **FastAPI中间件**: 自动拦截请求进行Token验证和权限检查
+- 🚀 **认证路由**: 封装用户注册、登录、登出等认证接口
+- ⚙️ **灵活配置**: 支持环境变量和代码配置
+- 🛡️ **白名单机制**: 支持配置无需认证的路径
+- 🔧 **完整兼容**: 基于现有ConnectAgenterraIam类，保持完全兼容
+- 📝 **类型提示**: 完整的TypeScript风格类型提示
+- 🚨 **异常处理**: 完善的错误处理和自定义异常
+## 快速开始
+### 安装
+```bash
+pip install skyplatform-iam
+```
+### 环境变量配置
+创建 `.env` 文件或设置环境变量：
+```bash
+AGENTERRA_IAM_HOST=https://your-iam-host.com
+AGENTERRA_SERVER_NAME=your-server-name
+AGENTERRA_ACCESS_KEY=your-access-key
+```
+### 基本使用
+#### 方式1：一键设置（推荐）
+```python
+from fastapi import FastAPI
+from skyplatform_iam import setup_auth
+app = FastAPI()
+# 一键设置认证中间件和路由
+setup_auth(app)
+@app.get("/protected")
+async def protected_endpoint(request):
+    # 获取用户信息（由中间件自动设置）
+    user = request.state.user
+    return {"message": "访问成功", "user": user}
+```
+#### 方式2：手动设置
+```python
+from fastapi import FastAPI
+from skyplatform_iam import AuthConfig, AuthMiddleware, create_auth_router
+app = FastAPI()
+# 创建配置
+config = AuthConfig.from_env()
+# 添加认证中间件
+app.add_middleware(AuthMiddleware, config=config)
+# 添加认证路由
+auth_router = create_auth_router(config=config, prefix="/auth")
+app.include_router(auth_router)
+```
+#### 方式3：自定义配置
+```python
+from skyplatform_iam import AuthConfig, setup_auth
+# 自定义配置
+config = AuthConfig(
+    agenterra_iam_host="https://your-iam-host.com",
+    server_name="your-server-name",
+    access_key="your-access-key",
+    whitelist_paths=[
+        "/docs", "/redoc", "/openapi.json",
+        "/health", "/public",
+        "/auth/register", "/auth/login"
+    ],
+    enable_debug=True
+)
+setup_auth(app, config=config)
+```
+## API接口
+SDK自动提供以下认证接口：
+- `POST /auth/register` - 用户注册
+- `POST /auth/login` - 用户登录
+- `POST /auth/login_without_password` - 免密登录
+- `POST /auth/logout` - 用户登出
+- `POST /auth/reset_password` - 重置密码
+- `POST /auth/refresh_token` - 刷新Token
+- `POST /auth/assign_role` - 分配角色
+- `POST /auth/user_info` - 获取用户信息
+## 中间件功能
+### 自动Token验证
+中间件会自动：
+1. 检查请求路径是否在白名单中
+2. 从请求头提取Authorization Token
+3. 调用IAM服务验证Token和权限
+4. 将用户信息设置到 `request.state.user`
+### 白名单配置
+默认白名单路径：
+- `/docs`, `/redoc`, `/openapi.json` - API文档
+- `/health` - 健康检查
+- `/auth/*` - 认证相关接口
+添加自定义白名单：
+```python
+config = AuthConfig.from_env()
+config.add_whitelist_path("/public")
+config.add_whitelist_path("/status")
+```
+### 获取用户信息
+在受保护的路由中获取用户信息：
+```python
+@app.get("/user-profile")
+async def get_user_profile(request):
+    if hasattr(request.state, 'user'):
+        user = request.state.user
+        return {
+            "user_id": user["user_id"],
+            "username": user["username"],
+            "session_id": user["session_id"]
+        }
+    else:
+        raise HTTPException(status_code=401, detail="未认证")
+```
+## 异常处理
+SDK提供完整的异常处理：
+```python
+from skyplatform_iam.exceptions import (
+    AuthenticationError,    # 认证失败
+    AuthorizationError,     # 权限不足
+    TokenExpiredError,      # Token过期
+    TokenInvalidError,      # Token无效
+    ConfigurationError,     # 配置错误
+    IAMServiceError,        # IAM服务错误
+    NetworkError           # 网络错误
+)
+```
+## 配置选项
+### AuthConfig参数
+| 参数 | 类型 | 必填 | 说明 |
+|------|------|------|------|
+| `agenterra_iam_host` | str | ✓ | IAM服务地址 |
+| `server_name` | str | ✓ | 服务名称 |
+| `access_key` | str | ✓ | 访问密钥 |
+| `whitelist_paths` | List[str] | ✗ | 白名单路径 |
+| `token_header` | str | ✗ | Token请求头名称（默认：Authorization） |
+| `token_prefix` | str | ✗ | Token前缀（默认：Bearer ） |
+| `enable_debug` | bool | ✗ | 启用调试模式 |
+## 开发和测试
+### 运行测试
+```bash
+# 安装开发依赖
+pip install -e ".[dev]"
+# 运行测试
+python examples/test_sdk.py
+```
+### 运行示例
+```bash
+# 启动示例应用
+python examples/basic_usage.py
+# 访问 http://localhost:8000/docs 查看API文档
+```
+## 兼容性
+- Python 3.8+
+- FastAPI 0.68.0+
+- 完全兼容现有的 `ConnectAgenterraIam` 类
+## 许可证
+MIT License
+## 贡献
+欢迎提交Issue和Pull Request！
+## 更新日志
+### v1.0.0
+- 初始版本发布
+- 提供FastAPI中间件和认证路由
+- 支持完整的认证功能
+- 兼容现有ConnectAgenterraIam类

skyplatform_iam-1.0.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,9 @@
+skyplatform_iam/__init__.py,sha256=dUrP_jrnS1KLaJWbpGU1_tdSM5sOSc4yt1wTVcXyQfo,2434
+skyplatform_iam/auth_middleware.py,sha256=aE2zNuoJVs4JGwmzrS0B6Pfs7vDDLdaFDxWiSt9Mm04,7137
+skyplatform_iam/config.py,sha256=2oKTkH0wIzbfK2YP9Tj8evtBgqtt-UaN83F2sKO4gcc,1869
+skyplatform_iam/connect_agenterra_iam.py,sha256=kF4iWMhV-NoxCHgV7pyoClK9UliqC16n-E9V1aDPfKw,31843
+skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
+skyplatform_iam/middleware.py,sha256=Yg-pX-wI8ROYCIHtwW7F1ABiFK5FSNlDJUgMc6fD_b4,6231
+skyplatform_iam-1.0.0.dist-info/METADATA,sha256=Ii01sk1ovetEjixB1_UkrzJjRHQqW4YdmQWAtQ4WSc4,7027
+skyplatform_iam-1.0.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+skyplatform_iam-1.0.0.dist-info/RECORD,,

skyplatform_iam-1.0.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any