PyPI - skyplatform-iam - Versions diffs - 1.0.3__py3-none-any.whl → 1.0.5__py3-none-any.whl - Mend

skyplatform-iam 1.0.3py3-none-any.whl → 1.0.5py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

skyplatform_iam/__init__.py +68 -17
skyplatform_iam/api.py +366 -0
skyplatform_iam/config.py +173 -18
skyplatform_iam/connect_agenterra_iam.py +209 -0
skyplatform_iam/global_manager.py +272 -0
skyplatform_iam/middleware.py +138 -31
skyplatform_iam-1.0.5.dist-info/METADATA +461 -0
skyplatform_iam-1.0.5.dist-info/RECORD +10 -0
skyplatform_iam-1.0.3.dist-info/METADATA +0 -261
skyplatform_iam-1.0.3.dist-info/RECORD +0 -8
{skyplatform_iam-1.0.3.dist-info → skyplatform_iam-1.0.5.dist-info}/WHEEL +0 -0

skyplatform_iam/global_manager.py ADDED Viewed

@@ -0,0 +1,272 @@
+"""
+SkyPlatform IAM SDK 全局管理器模块
+提供单例模式的全局状态管理，确保线程安全和统一配置
+"""
+import threading
+import logging
+from typing import Optional, Dict, Any, TYPE_CHECKING
+from fastapi import FastAPI, Request
+from .config import AuthConfig
+from .connect_agenterra_iam import ConnectAgenterraIam
+from .exceptions import ConfigurationError, IAMServiceError
+# 使用TYPE_CHECKING避免循环导入
+if TYPE_CHECKING:
+    from .middleware import AuthMiddleware
+logger = logging.getLogger(__name__)
+class GlobalIAMManager:
+    """
+    全局IAM管理器，使用单例模式
+    负责管理全局的IAM配置、客户端实例和中间件
+    """
+    _instance: Optional['GlobalIAMManager'] = None
+    _lock = threading.Lock()
+    def __new__(cls) -> 'GlobalIAMManager':
+        """单例模式实现，确保线程安全"""
+        if cls._instance is None:
+            with cls._lock:
+                if cls._instance is None:
+                    cls._instance = super().__new__(cls)
+                    cls._instance._initialized = False
+        return cls._instance
+    def __init__(self):
+        """初始化全局管理器"""
+        if hasattr(self, '_initialized') and self._initialized:
+            return
+        self._config: Optional[AuthConfig] = None
+        self._iam_client: Optional[ConnectAgenterraIam] = None
+        self._middleware: Optional['AuthMiddleware'] = None
+        self._app: Optional[FastAPI] = None
+        self._initialized = False
+        self._init_lock = threading.Lock()
+        logger.debug("GlobalIAMManager实例已创建")
+    def initialize(self, app: FastAPI, config: Optional[AuthConfig] = None, **kwargs) -> None:
+        """
+        初始化IAM管理器
+        Args:
+            app: FastAPI应用实例
+            config: 认证配置，如果为None则从环境变量加载
+            **kwargs: 额外配置参数
+        Raises:
+            ConfigurationError: 配置错误
+            IAMServiceError: IAM服务连接错误
+        """
+        with self._init_lock:
+            if self._initialized:
+                logger.warning("GlobalIAMManager已经初始化，跳过重复初始化")
+                return
+            try:
+                # 1. 处理配置
+                if config is None:
+                    logger.info("未提供配置，尝试从环境变量加载")
+                    config = AuthConfig.from_env()
+                # 验证配置
+                config.validate_config()
+                self._config = config
+                # 2. 创建IAM客户端
+                self._iam_client = ConnectAgenterraIam(config=config)
+                logger.info(f"IAM客户端已创建，连接到: {config.agenterra_iam_host}")
+                # 3. 创建中间件（不直接注册，由用户决定）
+                from .middleware import AuthMiddleware
+                self._middleware = AuthMiddleware(app=app, config=config, use_global_manager=False)
+                logger.info("认证中间件已创建")
+                # 4. 保存应用引用
+                self._app = app
+                # 5. 标记为已初始化
+                self._initialized = True
+                logger.info(f"GlobalIAMManager初始化完成 - 服务: {config.server_name}, "
+                          f"白名单路径数量: {len(config.get_whitelist_paths())}")
+            except Exception as e:
+                logger.error(f"GlobalIAMManager初始化失败: {str(e)}")
+                # 清理部分初始化的状态
+                self._config = None
+                self._iam_client = None
+                self._middleware = None
+                self._app = None
+                if isinstance(e, (ConfigurationError, IAMServiceError)):
+                    raise
+                else:
+                    raise IAMServiceError(f"初始化失败: {str(e)}")
+    def get_client(self) -> ConnectAgenterraIam:
+        """
+        获取IAM客户端实例
+        Returns:
+            ConnectAgenterraIam: IAM客户端实例
+        Raises:
+            IAMServiceError: 如果管理器未初始化
+        """
+        if not self._initialized or self._iam_client is None:
+            raise IAMServiceError(
+                "GlobalIAMManager未初始化，请先调用init_skyplatform_iam()函数进行初始化"
+            )
+        return self._iam_client
+    def get_config(self) -> AuthConfig:
+        """
+        获取当前配置
+        Returns:
+            AuthConfig: 当前认证配置
+        Raises:
+            IAMServiceError: 如果管理器未初始化
+        """
+        if not self._initialized or self._config is None:
+            raise IAMServiceError(
+                "GlobalIAMManager未初始化，请先调用init_skyplatform_iam()函数进行初始化"
+            )
+        return self._config
+    def get_middleware(self) -> 'AuthMiddleware':
+        """
+        获取中间件实例
+        Returns:
+            AuthMiddleware: 认证中间件实例
+        Raises:
+            IAMServiceError: 如果管理器未初始化
+        """
+        if not self._initialized or self._middleware is None:
+            raise IAMServiceError(
+                "GlobalIAMManager未初始化，请先调用init_skyplatform_iam()函数进行初始化"
+            )
+        return self._middleware
+    def is_initialized(self) -> bool:
+        """
+        检查是否已初始化
+        Returns:
+            bool: 是否已初始化
+        """
+        return self._initialized
+    async def get_current_user_info(self, request: Request) -> Optional[Dict[str, Any]]:
+        """
+        便捷方法：获取当前用户信息
+        Args:
+            request: FastAPI请求对象
+        Returns:
+            Optional[Dict]: 用户信息字典，如果未登录则返回None
+        Raises:
+            IAMServiceError: 如果管理器未初始化
+        """
+        if not self._initialized:
+            raise IAMServiceError(
+                "GlobalIAMManager未初始化，请先调用init_skyplatform_iam()函数进行初始化"
+            )
+        # 检查请求状态中是否已有用户信息（由中间件设置）
+        if hasattr(request.state, 'user') and request.state.user:
+            return request.state.user
+        # 如果中间件没有设置用户信息，尝试手动验证
+        try:
+            from .middleware import AuthService
+            auth_service = AuthService(self._config)
+            return await auth_service.get_current_user(request)
+        except Exception as e:
+            logger.error(f"获取用户信息失败: {str(e)}")
+            return None
+    async def verify_permission(
+        self,
+        user_id: str,
+        permission: str,
+        resource: Optional[str] = None
+    ) -> bool:
+        """
+        便捷方法：验证用户权限
+        Args:
+            user_id: 用户ID
+            permission: 权限标识
+            resource: 资源标识（可选）
+        Returns:
+            bool: 是否有权限
+        Raises:
+            IAMServiceError: 如果管理器未初始化
+        """
+        client = self.get_client()
+        try:
+            # 这里可以根据实际的IAM客户端API进行权限验证
+            # 目前先返回True，具体实现需要根据ConnectAgenterraIam的API
+            logger.info(f"验证权限: user_id={user_id}, permission={permission}, resource={resource}")
+            return True
+        except Exception as e:
+            logger.error(f"权限验证失败: {str(e)}")
+            return False
+    def reset(self) -> None:
+        """
+        重置管理器状态（主要用于测试）
+        """
+        with self._init_lock:
+            self._config = None
+            self._iam_client = None
+            self._middleware = None
+            self._app = None
+            self._initialized = False
+            logger.info("GlobalIAMManager状态已重置")
+    def get_status(self) -> Dict[str, Any]:
+        """
+        获取管理器状态信息
+        Returns:
+            Dict: 状态信息
+        """
+        return {
+            "initialized": self._initialized,
+            "has_config": self._config is not None,
+            "has_client": self._iam_client is not None,
+            "has_middleware": self._middleware is not None,
+            "has_app": self._app is not None,
+            "server_name": self._config.server_name if self._config else None,
+            "iam_host": self._config.agenterra_iam_host if self._config else None,
+            "whitelist_paths_count": len(self._config.get_whitelist_paths()) if self._config else 0
+        }
+# 全局管理器实例
+_global_manager = GlobalIAMManager()
+def get_global_manager() -> GlobalIAMManager:
+    """
+    获取全局管理器实例
+    Returns:
+        GlobalIAMManager: 全局管理器实例
+    """
+    return _global_manager

skyplatform_iam/middleware.py CHANGED Viewed

@@ -11,10 +11,12 @@ import jwt
 from .config import AuthConfig
 from .connect_agenterra_iam import ConnectAgenterraIam
+from .global_manager import get_global_manager
 from .exceptions import (
     AuthenticationError,
     AuthorizationError,
-    ConfigurationError
+    ConfigurationError,
+    IAMServiceError
 )
 logger = logging.getLogger(__name__)
@@ -24,40 +26,72 @@ class AuthMiddleware(BaseHTTPMiddleware):
     """
     认证中间件
     自动拦截请求进行Token验证和权限检查
+    支持全局实例共享和延迟初始化
     """
     def __init__(
             self,
             app,
-            config: AuthConfig,
-            skip_validation: Optional[Callable[[Request], bool]] = None
+            config: Optional[AuthConfig] = None,
+            skip_validation: Optional[Callable[[Request], bool]] = None,
+            use_global_manager: bool = True
     ):
         """
         初始化认证中间件
         Args:
             app: FastAPI应用实例
-            config: 认证配置
+            config: 认证配置，如果为None且use_global_manager=True，则从全局管理器获取
             skip_validation: 自定义跳过验证的函数
+            use_global_manager: 是否使用全局管理器（推荐）
         """
         super().__init__(app)
-        self.config = config
-        self.iam_client = ConnectAgenterraIam(config=config)
+        self.use_global_manager = use_global_manager
         self.skip_validation = skip_validation
-        # 验证配置
-        try:
-            self.config.validate_config()
-        except ValueError as e:
-            raise ConfigurationError(str(e))
+        if use_global_manager:
+            # 使用全局管理器（延迟初始化）
+            self.config = None
+            self.iam_client = None
+            logger.info("AuthMiddleware使用全局管理器模式")
+        else:
+            # 传统模式（向后兼容）
+            if config is None:
+                raise ConfigurationError("在非全局管理器模式下，config参数不能为None")
+            self.config = config
+            self.iam_client = ConnectAgenterraIam(config=config)
+            # 验证配置
+            try:
+                self.config.validate_config()
+            except ValueError as e:
+                raise ConfigurationError(str(e))
+            logger.info("AuthMiddleware使用传统模式")
+    def _get_config_and_client(self):
+        """获取配置和客户端实例"""
+        if self.use_global_manager:
+            try:
+                manager = get_global_manager()
+                if not manager.is_initialized():
+                    raise IAMServiceError("SkyPlatform IAM SDK未初始化，请先调用init_skyplatform_iam()")
+                return manager.get_config(), manager.get_client()
+            except Exception as e:
+                logger.error(f"从全局管理器获取配置和客户端失败: {str(e)}")
+                raise IAMServiceError(f"获取IAM配置失败: {str(e)}")
+        else:
+            return self.config, self.iam_client
     def is_path_whitelisted(self, path: str) -> bool:
         """
         检查路径是否在本地白名单中
         """
-        if not self.config:
+        try:
+            config, _ = self._get_config_and_client()
+            return config.is_path_whitelisted(path)
+        except Exception as e:
+            logger.error(f"检查白名单路径失败: {str(e)}")
             return False
-        return self.config.is_path_whitelisted(path)
     async def dispatch(self, request: Request, call_next: Callable) -> Response:
         """
@@ -139,23 +173,31 @@ class AuthMiddleware(BaseHTTPMiddleware):
         """
         从请求中提取Token
         """
-        # 从Authorization头提取
-        auth_header = request.headers.get(self.config.token_header)
-        if auth_header and auth_header.startswith(self.config.token_prefix):
-            return auth_header[len(self.config.token_prefix):].strip()
+        try:
+            config, _ = self._get_config_and_client()
+            # 从Authorization头提取
+            auth_header = request.headers.get(config.token_header)
+            if auth_header and auth_header.startswith(config.token_prefix):
+                return auth_header[len(config.token_prefix):].strip()
-        # 从查询参数提取（备选方案）
-        token = request.query_params.get("token")
-        if token:
-            return token
+            # 从查询参数提取（备选方案）
+            token = request.query_params.get("token")
+            if token:
+                return token
-        return None
+            return None
+        except Exception as e:
+            logger.error(f"提取Token失败: {str(e)}")
+            return None
     async def _verify_token_and_permission(self, request: Request, token: Optional[str]) -> Optional[Dict[str, Any]]:
         """
         验证Token和权限
         """
         try:
+            config, iam_client = self._get_config_and_client()
             # 获取请求信息
             api_path = request.url.path
             method = request.method
@@ -165,7 +207,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
             server_sk = request.headers.get("SERVER-SK", "")
             # 调用IAM验证接口（即使token为空也要调用，因为可能是白名单接口）
-            user_info = self.iam_client.verify_token(
+            user_info = iam_client.verify_token(
                 token=token or "",  # 如果token为None，传递空字符串
                 api=api_path,
                 method=method,
@@ -180,8 +222,12 @@ class AuthMiddleware(BaseHTTPMiddleware):
             raise
         except Exception as e:
             logger.error(f"Token验证异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            try:
+                config, _ = self._get_config_and_client()
+                if config.enable_debug:
+                    logger.exception("详细异常信息:")
+            except:
+                pass
             return None
     def _create_error_response(
@@ -387,32 +433,93 @@ auth_service = None
 def setup_auth_middleware(auth_config: AuthConfig) -> None:
     """
-    设置认证中间件配置
+    设置认证中间件配置（向后兼容）
     Args:
         auth_config: 认证配置实例，包含白名单路径等配置
+    Deprecated:
+        请使用 init_skyplatform_iam() 替代
     """
     global auth_service
     auth_service = AuthService(auth_config)
+    logger.warning("setup_auth_middleware()已废弃，请使用init_skyplatform_iam()替代")
     logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
+def create_auth_middleware(
+    app,
+    config: Optional[AuthConfig] = None,
+    use_global_manager: bool = True
+) -> AuthMiddleware:
+    """
+    创建认证中间件实例
+    Args:
+        app: FastAPI应用实例
+        config: 认证配置，如果为None且use_global_manager=True，则从全局管理器获取
+        use_global_manager: 是否使用全局管理器（推荐）
+    Returns:
+        AuthMiddleware: 认证中间件实例
+    Example:
+        # 使用全局管理器（推荐）
+        middleware = create_auth_middleware(app)
+        # 传统模式（向后兼容）
+        middleware = create_auth_middleware(app, config, use_global_manager=False)
+    """
+    return AuthMiddleware(app, config, use_global_manager=use_global_manager)
 # 便捷的依赖函数
 async def get_current_user(request: Request) -> Dict:
-    """获取当前用户的依赖函数"""
+    """
+    获取当前用户的依赖函数
+    优先使用全局管理器，向后兼容传统模式
+    """
+    try:
+        # 尝试使用全局管理器
+        manager = get_global_manager()
+        if manager.is_initialized():
+            user_info = await manager.get_current_user_info(request)
+            if user_info is None:
+                raise HTTPException(
+                    status_code=status.HTTP_401_UNAUTHORIZED,
+                    detail="需要登录认证",
+                    headers={"WWW-Authenticate": "Bearer"},
+                )
+            return user_info
+    except IAMServiceError:
+        pass  # 全局管理器未初始化，尝试传统模式
+    # 传统模式（向后兼容）
     if auth_service is None:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="认证服务未初始化，请先调用setup_auth_middleware函数进行配置"
+            detail="认证服务未初始化，请先调用init_skyplatform_iam()或setup_auth_middleware()函数进行配置"
         )
     return await auth_service.require_auth(request)
 async def get_optional_user(request: Request) -> Optional[Dict]:
-    """获取可选当前用户的依赖函数"""
+    """
+    获取可选当前用户的依赖函数
+    优先使用全局管理器，向后兼容传统模式
+    """
+    try:
+        # 尝试使用全局管理器
+        manager = get_global_manager()
+        if manager.is_initialized():
+            return await manager.get_current_user_info(request)
+    except IAMServiceError:
+        pass  # 全局管理器未初始化，尝试传统模式
+    # 传统模式（向后兼容）
     if auth_service is None:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="认证服务未初始化，请先调用setup_auth_middleware函数进行配置"
+            detail="认证服务未初始化，请先调用init_skyplatform_iam()或setup_auth_middleware()函数进行配置"
         )
     return await auth_service.optional_auth(request)

skyplatform-iam 1.0.3__py3-none-any.whl → 1.0.5__py3-none-any.whl

skyplatform-iam 1.0.3py3-none-any.whl → 1.0.5py3-none-any.whl