PyPI - skyplatform-iam - Versions diffs - 1.0.5__py3-none-any.whl → 1.1.0__py3-none-any.whl - Mend

skyplatform-iam 1.0.5py3-none-any.whl → 1.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

skyplatform_iam/__init__.py +73 -69
skyplatform_iam/config.py +18 -173
skyplatform_iam/connect_agenterra_iam.py +88 -127
skyplatform_iam/middleware.py +31 -138
{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.1.0.dist-info}/METADATA +1 -1
skyplatform_iam-1.1.0.dist-info/RECORD +8 -0
skyplatform_iam/api.py +0 -366
skyplatform_iam/global_manager.py +0 -272
skyplatform_iam-1.0.5.dist-info/RECORD +0 -10
{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.1.0.dist-info}/WHEEL +0 -0

skyplatform_iam/middleware.py CHANGED Viewed

@@ -11,12 +11,10 @@ import jwt
 from .config import AuthConfig
 from .connect_agenterra_iam import ConnectAgenterraIam
-from .global_manager import get_global_manager
 from .exceptions import (
     AuthenticationError,
     AuthorizationError,
-    ConfigurationError,
-    IAMServiceError
+    ConfigurationError
 )
 logger = logging.getLogger(__name__)
@@ -26,72 +24,40 @@ class AuthMiddleware(BaseHTTPMiddleware):
     """
     认证中间件
     自动拦截请求进行Token验证和权限检查
-    支持全局实例共享和延迟初始化
     """
     def __init__(
             self,
             app,
-            config: Optional[AuthConfig] = None,
-            skip_validation: Optional[Callable[[Request], bool]] = None,
-            use_global_manager: bool = True
+            config: AuthConfig,
+            skip_validation: Optional[Callable[[Request], bool]] = None
     ):
         """
         初始化认证中间件
         Args:
             app: FastAPI应用实例
-            config: 认证配置，如果为None且use_global_manager=True，则从全局管理器获取
+            config: 认证配置
             skip_validation: 自定义跳过验证的函数
-            use_global_manager: 是否使用全局管理器（推荐）
         """
         super().__init__(app)
-        self.use_global_manager = use_global_manager
+        self.config = config
+        self.iam_client = ConnectAgenterraIam(config=config)
         self.skip_validation = skip_validation
-        if use_global_manager:
-            # 使用全局管理器（延迟初始化）
-            self.config = None
-            self.iam_client = None
-            logger.info("AuthMiddleware使用全局管理器模式")
-        else:
-            # 传统模式（向后兼容）
-            if config is None:
-                raise ConfigurationError("在非全局管理器模式下，config参数不能为None")
-            self.config = config
-            self.iam_client = ConnectAgenterraIam(config=config)
-            # 验证配置
-            try:
-                self.config.validate_config()
-            except ValueError as e:
-                raise ConfigurationError(str(e))
-            logger.info("AuthMiddleware使用传统模式")
-    def _get_config_and_client(self):
-        """获取配置和客户端实例"""
-        if self.use_global_manager:
-            try:
-                manager = get_global_manager()
-                if not manager.is_initialized():
-                    raise IAMServiceError("SkyPlatform IAM SDK未初始化，请先调用init_skyplatform_iam()")
-                return manager.get_config(), manager.get_client()
-            except Exception as e:
-                logger.error(f"从全局管理器获取配置和客户端失败: {str(e)}")
-                raise IAMServiceError(f"获取IAM配置失败: {str(e)}")
-        else:
-            return self.config, self.iam_client
+        # 验证配置
+        try:
+            self.config.validate_config()
+        except ValueError as e:
+            raise ConfigurationError(str(e))
     def is_path_whitelisted(self, path: str) -> bool:
         """
         检查路径是否在本地白名单中
         """
-        try:
-            config, _ = self._get_config_and_client()
-            return config.is_path_whitelisted(path)
-        except Exception as e:
-            logger.error(f"检查白名单路径失败: {str(e)}")
+        if not self.config:
             return False
+        return self.config.is_path_whitelisted(path)
     async def dispatch(self, request: Request, call_next: Callable) -> Response:
         """
@@ -173,31 +139,23 @@ class AuthMiddleware(BaseHTTPMiddleware):
         """
         从请求中提取Token
         """
-        try:
-            config, _ = self._get_config_and_client()
-            # 从Authorization头提取
-            auth_header = request.headers.get(config.token_header)
-            if auth_header and auth_header.startswith(config.token_prefix):
-                return auth_header[len(config.token_prefix):].strip()
+        # 从Authorization头提取
+        auth_header = request.headers.get(self.config.token_header)
+        if auth_header and auth_header.startswith(self.config.token_prefix):
+            return auth_header[len(self.config.token_prefix):].strip()
-            # 从查询参数提取（备选方案）
-            token = request.query_params.get("token")
-            if token:
-                return token
+        # 从查询参数提取（备选方案）
+        token = request.query_params.get("token")
+        if token:
+            return token
-            return None
-        except Exception as e:
-            logger.error(f"提取Token失败: {str(e)}")
-            return None
+        return None
     async def _verify_token_and_permission(self, request: Request, token: Optional[str]) -> Optional[Dict[str, Any]]:
         """
         验证Token和权限
         """
         try:
-            config, iam_client = self._get_config_and_client()
             # 获取请求信息
             api_path = request.url.path
             method = request.method
@@ -207,7 +165,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
             server_sk = request.headers.get("SERVER-SK", "")
             # 调用IAM验证接口（即使token为空也要调用，因为可能是白名单接口）
-            user_info = iam_client.verify_token(
+            user_info = self.iam_client.verify_token(
                 token=token or "",  # 如果token为None，传递空字符串
                 api=api_path,
                 method=method,
@@ -222,12 +180,8 @@ class AuthMiddleware(BaseHTTPMiddleware):
             raise
         except Exception as e:
             logger.error(f"Token验证异常: {str(e)}")
-            try:
-                config, _ = self._get_config_and_client()
-                if config.enable_debug:
-                    logger.exception("详细异常信息:")
-            except:
-                pass
+            if self.config.enable_debug:
+                logger.exception("详细异常信息:")
             return None
     def _create_error_response(
@@ -433,93 +387,32 @@ auth_service = None
 def setup_auth_middleware(auth_config: AuthConfig) -> None:
     """
-    设置认证中间件配置（向后兼容）
+    设置认证中间件配置
     Args:
         auth_config: 认证配置实例，包含白名单路径等配置
-    Deprecated:
-        请使用 init_skyplatform_iam() 替代
     """
     global auth_service
     auth_service = AuthService(auth_config)
-    logger.warning("setup_auth_middleware()已废弃，请使用init_skyplatform_iam()替代")
     logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
-def create_auth_middleware(
-    app,
-    config: Optional[AuthConfig] = None,
-    use_global_manager: bool = True
-) -> AuthMiddleware:
-    """
-    创建认证中间件实例
-    Args:
-        app: FastAPI应用实例
-        config: 认证配置，如果为None且use_global_manager=True，则从全局管理器获取
-        use_global_manager: 是否使用全局管理器（推荐）
-    Returns:
-        AuthMiddleware: 认证中间件实例
-    Example:
-        # 使用全局管理器（推荐）
-        middleware = create_auth_middleware(app)
-        # 传统模式（向后兼容）
-        middleware = create_auth_middleware(app, config, use_global_manager=False)
-    """
-    return AuthMiddleware(app, config, use_global_manager=use_global_manager)
 # 便捷的依赖函数
 async def get_current_user(request: Request) -> Dict:
-    """
-    获取当前用户的依赖函数
-    优先使用全局管理器，向后兼容传统模式
-    """
-    try:
-        # 尝试使用全局管理器
-        manager = get_global_manager()
-        if manager.is_initialized():
-            user_info = await manager.get_current_user_info(request)
-            if user_info is None:
-                raise HTTPException(
-                    status_code=status.HTTP_401_UNAUTHORIZED,
-                    detail="需要登录认证",
-                    headers={"WWW-Authenticate": "Bearer"},
-                )
-            return user_info
-    except IAMServiceError:
-        pass  # 全局管理器未初始化，尝试传统模式
-    # 传统模式（向后兼容）
+    """获取当前用户的依赖函数"""
     if auth_service is None:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="认证服务未初始化，请先调用init_skyplatform_iam()或setup_auth_middleware()函数进行配置"
+            detail="认证服务未初始化，请先调用setup_auth_middleware函数进行配置"
         )
     return await auth_service.require_auth(request)
 async def get_optional_user(request: Request) -> Optional[Dict]:
-    """
-    获取可选当前用户的依赖函数
-    优先使用全局管理器，向后兼容传统模式
-    """
-    try:
-        # 尝试使用全局管理器
-        manager = get_global_manager()
-        if manager.is_initialized():
-            return await manager.get_current_user_info(request)
-    except IAMServiceError:
-        pass  # 全局管理器未初始化，尝试传统模式
-    # 传统模式（向后兼容）
+    """获取可选当前用户的依赖函数"""
     if auth_service is None:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="认证服务未初始化，请先调用init_skyplatform_iam()或setup_auth_middleware()函数进行配置"
+            detail="认证服务未初始化，请先调用setup_auth_middleware函数进行配置"
         )
     return await auth_service.optional_auth(request)

{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.1.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skyplatform-iam
-Version: 1.0.5
+Version: 1.1.0
 Summary: SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由
 Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
 Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/

skyplatform_iam-1.1.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,8 @@
+skyplatform_iam/__init__.py,sha256=JfCqvHdzjiwkEVhgzlB45pKKs0VkxKg8yrMMQ4NpWpY,4664
+skyplatform_iam/config.py,sha256=s4tctVpguKZv4O1Fhf7_Fo7zELNX6KYviMjkE1WPbQM,3715
+skyplatform_iam/connect_agenterra_iam.py,sha256=9SnZkYmZ1VewzIz6a3-uOdOLzHrhPyJPIofZHgImJCM,39785
+skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
+skyplatform_iam/middleware.py,sha256=XNJxvjw3O55TW-ff_uORK-C9Wy4BTAfkcnNjy1SQkx0,15721
+skyplatform_iam-1.1.0.dist-info/METADATA,sha256=K3G-22HfmCKyzHOK_zvrpGDzez_gpEvrqon7nsvG4wg,12658
+skyplatform_iam-1.1.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+skyplatform_iam-1.1.0.dist-info/RECORD,,

skyplatform_iam/api.py DELETED Viewed

@@ -1,366 +0,0 @@
-"""
-SkyPlatform IAM SDK 统一API模块
-提供统一的初始化和全局访问接口
-"""
-import logging
-from typing import Optional, Dict, Any
-from fastapi import FastAPI, Request
-from .config import AuthConfig
-from .global_manager import get_global_manager, GlobalIAMManager
-from .connect_agenterra_iam import ConnectAgenterraIam
-from .exceptions import IAMServiceError, ConfigurationError
-logger = logging.getLogger(__name__)
-def init_skyplatform_iam(
-    app: FastAPI,
-    config: Optional[AuthConfig] = None,
-    **kwargs
-) -> GlobalIAMManager:
-    """
-    统一初始化SkyPlatform IAM SDK
-    一次配置，全局可用
-    Args:
-        app: FastAPI应用实例
-        config: 认证配置，如果为None则从环境变量加载
-        **kwargs: 额外配置参数
-    Returns:
-        GlobalIAMManager: 全局IAM管理器实例
-    Raises:
-        ConfigurationError: 配置错误
-        IAMServiceError: IAM服务连接错误
-    Example:
-        # 方式1：直接配置
-        config = AuthConfig(
-            agenterra_iam_host="http://127.0.0.1:5001",
-            server_name="Agenterra_shop",
-            access_key="your_access_key"
-        )
-        init_skyplatform_iam(app, config)
-        # 方式2：从环境变量加载
-        init_skyplatform_iam(app)
-    """
-    logger.info("开始初始化SkyPlatform IAM SDK")
-    try:
-        # 获取全局管理器
-        manager = get_global_manager()
-        # 如果已经初始化，记录警告并返回
-        if manager.is_initialized():
-            logger.warning("SkyPlatform IAM SDK已经初始化，跳过重复初始化")
-            return manager
-        # 处理配置
-        if config is None:
-            logger.info("未提供配置，从环境变量加载")
-            try:
-                config = AuthConfig.from_env()
-            except Exception as e:
-                raise ConfigurationError(f"从环境变量加载配置失败: {str(e)}")
-        # 应用额外配置参数
-        if kwargs:
-            logger.debug(f"应用额外配置参数: {kwargs}")
-            config = config.copy_with_updates(**kwargs)
-        # 初始化管理器
-        manager.initialize(app, config)
-        logger.info("SkyPlatform IAM SDK初始化完成")
-        return manager
-    except Exception as e:
-        logger.error(f"SkyPlatform IAM SDK初始化失败: {str(e)}")
-        raise
-class LazyIAMClient:
-    """
-    懒加载的IAM客户端包装器
-    解决模块导入时的初始化顺序问题
-    """
-    def __init__(self):
-        self._client = None
-        self._initialized = False
-    def _get_client(self) -> ConnectAgenterraIam:
-        """获取实际的IAM客户端实例"""
-        if not self._initialized:
-            try:
-                manager = get_global_manager()
-                self._client = manager.get_client()
-                self._initialized = True
-            except Exception as e:
-                # 提供更详细的错误信息和解决建议
-                error_msg = (
-                    f"获取IAM客户端失败: {str(e)}\n\n"
-                    "解决方案:\n"
-                    "1. 确保在使用IAM客户端前调用 init_skyplatform_iam() 初始化SDK\n"
-                    "2. 避免在模块导入时直接调用 get_iam_client()，应在函数内部调用\n"
-                    "3. 检查初始化顺序，确保SDK在应用启动时正确初始化\n\n"
-                    "正确的使用方式:\n"
-                    "```python\n"
-                    "# 在main.py或应用启动时\n"
-                    "from skyplatform_iam import init_skyplatform_iam\n"
-                    "init_skyplatform_iam(app, config)\n\n"
-                    "# 在业务代码中\n"
-                    "def some_function():\n"
-                    "    iam_client = get_iam_client()  # 在函数内部调用\n"
-                    "    return iam_client.login_with_password(...)\n"
-                    "```"
-                )
-                logger.error(error_msg)
-                raise IAMServiceError(error_msg)
-        return self._client
-    def __getattr__(self, name):
-        """代理所有属性访问到实际的IAM客户端"""
-        client = self._get_client()
-        return getattr(client, name)
-    def __repr__(self):
-        """提供有用的调试信息"""
-        if self._initialized and self._client:
-            return f"<LazyIAMClient: {repr(self._client)}>"
-        else:
-            return "<LazyIAMClient: 未初始化，将在首次使用时自动初始化>"
-def get_iam_client() -> ConnectAgenterraIam:
-    """
-    获取全局IAM客户端实例
-    Returns:
-        ConnectAgenterraIam: IAM客户端实例
-    Raises:
-        IAMServiceError: 如果SDK未初始化
-    Example:
-        # 正确的使用方式 - 注意要加括号调用函数
-        iam_client = get_iam_client()  # 正确 ✓
-        user_info = iam_client.get_user_by_id("user123")
-        # 用于登录验证
-        result = iam_client.login_with_password(
-            username="test_user",
-            password="password123"
-        )
-        # 常见错误 - 不要这样做
-        # iam_client = get_iam_client  # 错误 ✗ 缺少括号
-        # 这会导致 'function' object has no attribute 'login_with_password' 错误
-    Note:
-        确保在调用此函数前已经通过 init_skyplatform_iam() 初始化了SDK
-    Warning:
-        避免在模块导入时直接调用此函数，应在函数内部调用以避免初始化顺序问题
-    """
-    try:
-        manager = get_global_manager()
-        return manager.get_client()
-    except Exception as e:
-        # 提供更详细的错误信息和解决建议
-        error_msg = (
-            f"获取IAM客户端失败: {str(e)}\n\n"
-            "解决方案:\n"
-            "1. 确保在使用IAM客户端前调用 init_skyplatform_iam() 初始化SDK\n"
-            "2. 避免在模块导入时直接调用 get_iam_client()，应在函数内部调用\n"
-            "3. 检查初始化顺序，确保SDK在应用启动时正确初始化\n\n"
-            "正确的使用方式:\n"
-            "```python\n"
-            "# 在main.py或应用启动时\n"
-            "from skyplatform_iam import init_skyplatform_iam\n"
-            "init_skyplatform_iam(app, config)\n\n"
-            "# 在业务代码中\n"
-            "def some_function():\n"
-            "    iam_client = get_iam_client()  # 在函数内部调用\n"
-            "    return iam_client.login_with_password(...)\n"
-            "```\n\n"
-            "如果需要在模块级别使用IAM客户端，请考虑使用 create_lazy_iam_client() 函数"
-        )
-        logger.error(error_msg)
-        raise IAMServiceError(error_msg)
-def create_lazy_iam_client() -> LazyIAMClient:
-    """
-    创建懒加载的IAM客户端实例
-    这个函数专门用于解决模块导入时的初始化顺序问题。
-    返回的客户端会在首次使用时才进行实际的初始化。
-    Returns:
-        LazyIAMClient: 懒加载的IAM客户端包装器
-    Example:
-        # 在模块级别安全使用（推荐用于解决导入顺序问题）
-        iam_client = create_lazy_iam_client()
-        # 在函数中使用时才会真正初始化
-        def login_user(username, password):
-            return iam_client.login_with_password(username, password)
-        # 也可以在类中使用
-        class AuthService:
-            def __init__(self):
-                self.iam_client = create_lazy_iam_client()
-            def authenticate(self, username, password):
-                return self.iam_client.login_with_password(username, password)
-    """
-    return LazyIAMClient()
-async def get_current_user_info(request: Request) -> Optional[Dict[str, Any]]:
-    """
-    便捷方法：获取当前用户信息
-    Args:
-        request: FastAPI请求对象
-    Returns:
-        Optional[Dict]: 用户信息字典，如果未登录则返回None
-    Raises:
-        IAMServiceError: 如果SDK未初始化
-    Example:
-        @app.get("/profile")
-        async def get_profile(request: Request):
-            user = await get_current_user_info(request)
-            if not user:
-                raise HTTPException(401, "未登录")
-            return {"user": user}
-    """
-    try:
-        manager = get_global_manager()
-        return await manager.get_current_user_info(request)
-    except Exception as e:
-        logger.error(f"获取当前用户信息失败: {str(e)}")
-        if isinstance(e, IAMServiceError):
-            raise
-        return None
-async def verify_permission(
-    user_id: str,
-    permission: str,
-    resource: Optional[str] = None
-) -> bool:
-    """
-    便捷方法：验证用户权限
-    Args:
-        user_id: 用户ID
-        permission: 权限标识
-        resource: 资源标识（可选）
-    Returns:
-        bool: 是否有权限
-    Raises:
-        IAMServiceError: 如果SDK未初始化
-    Example:
-        has_permission = await verify_permission("user123", "read", "document")
-        if not has_permission:
-            raise HTTPException(403, "权限不足")
-    """
-    try:
-        manager = get_global_manager()
-        return await manager.verify_permission(user_id, permission, resource)
-    except Exception as e:
-        logger.error(f"权限验证失败: {str(e)}")
-        if isinstance(e, IAMServiceError):
-            raise
-        return False
-def get_config() -> AuthConfig:
-    """
-    获取当前配置
-    Returns:
-        AuthConfig: 当前认证配置
-    Raises:
-        IAMServiceError: 如果SDK未初始化
-    Example:
-        config = get_config()
-        print(f"当前服务名: {config.server_name}")
-    """
-    try:
-        manager = get_global_manager()
-        return manager.get_config()
-    except Exception as e:
-        logger.error(f"获取配置失败: {str(e)}")
-        raise
-def get_sdk_status() -> Dict[str, Any]:
-    """
-    获取SDK状态信息
-    Returns:
-        Dict: SDK状态信息
-    Example:
-        status = get_sdk_status()
-        print(f"SDK初始化状态: {status['initialized']}")
-    """
-    try:
-        manager = get_global_manager()
-        return manager.get_status()
-    except Exception as e:
-        logger.error(f"获取SDK状态失败: {str(e)}")
-        return {
-            "initialized": False,
-            "error": str(e)
-        }
-def reset_sdk() -> None:
-    """
-    重置SDK状态（主要用于测试）
-    Warning:
-        此方法会清除所有SDK状态，仅在测试环境中使用
-    """
-    logger.warning("重置SDK状态")
-    try:
-        manager = get_global_manager()
-        manager.reset()
-        logger.info("SDK状态已重置")
-    except Exception as e:
-        logger.error(f"重置SDK状态失败: {str(e)}")
-# 向后兼容的别名
-def setup_auth(app: FastAPI, config: Optional[AuthConfig] = None) -> GlobalIAMManager:
-    """
-    向后兼容的初始化函数
-    Args:
-        app: FastAPI应用实例
-        config: 认证配置
-    Returns:
-        GlobalIAMManager: 全局IAM管理器实例
-    Deprecated:
-        请使用 init_skyplatform_iam() 替代
-    """
-    logger.warning("setup_auth()已废弃，请使用init_skyplatform_iam()替代")
-    return init_skyplatform_iam(app, config)

skyplatform-iam 1.0.5__py3-none-any.whl → 1.1.0__py3-none-any.whl

skyplatform-iam 1.0.5py3-none-any.whl → 1.1.0py3-none-any.whl