PyPI - skyplatform-iam - Versions diffs - 1.0.5__py3-none-any.whl → 1.2.0__py3-none-any.whl - Mend

skyplatform-iam 1.0.5py3-none-any.whl → 1.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

skyplatform_iam/__init__.py +73 -69
skyplatform_iam/config.py +46 -180
skyplatform_iam/connect_agenterra_iam.py +147 -161
skyplatform_iam/middleware.py +69 -145
{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.2.0.dist-info}/METADATA +1 -1
skyplatform_iam-1.2.0.dist-info/RECORD +8 -0
skyplatform_iam/api.py +0 -366
skyplatform_iam/global_manager.py +0 -272
skyplatform_iam-1.0.5.dist-info/RECORD +0 -10
{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.2.0.dist-info}/WHEEL +0 -0

skyplatform_iam/middleware.py CHANGED Viewed

@@ -11,12 +11,10 @@ import jwt
 from .config import AuthConfig
 from .connect_agenterra_iam import ConnectAgenterraIam
-from .global_manager import get_global_manager
 from .exceptions import (
     AuthenticationError,
     AuthorizationError,
-    ConfigurationError,
-    IAMServiceError
+    ConfigurationError
 )
 logger = logging.getLogger(__name__)
@@ -26,72 +24,40 @@ class AuthMiddleware(BaseHTTPMiddleware):
     """
     认证中间件
     自动拦截请求进行Token验证和权限检查
-    支持全局实例共享和延迟初始化
     """
     def __init__(
             self,
             app,
-            config: Optional[AuthConfig] = None,
-            skip_validation: Optional[Callable[[Request], bool]] = None,
-            use_global_manager: bool = True
+            config: AuthConfig,
+            skip_validation: Optional[Callable[[Request], bool]] = None
     ):
         """
         初始化认证中间件
         Args:
             app: FastAPI应用实例
-            config: 认证配置，如果为None且use_global_manager=True，则从全局管理器获取
+            config: 认证配置
             skip_validation: 自定义跳过验证的函数
-            use_global_manager: 是否使用全局管理器（推荐）
         """
         super().__init__(app)
-        self.use_global_manager = use_global_manager
+        self.config = config
+        self.iam_client = ConnectAgenterraIam(config=config)
         self.skip_validation = skip_validation
-        if use_global_manager:
-            # 使用全局管理器（延迟初始化）
-            self.config = None
-            self.iam_client = None
-            logger.info("AuthMiddleware使用全局管理器模式")
-        else:
-            # 传统模式（向后兼容）
-            if config is None:
-                raise ConfigurationError("在非全局管理器模式下，config参数不能为None")
-            self.config = config
-            self.iam_client = ConnectAgenterraIam(config=config)
-            # 验证配置
-            try:
-                self.config.validate_config()
-            except ValueError as e:
-                raise ConfigurationError(str(e))
-            logger.info("AuthMiddleware使用传统模式")
-    def _get_config_and_client(self):
-        """获取配置和客户端实例"""
-        if self.use_global_manager:
-            try:
-                manager = get_global_manager()
-                if not manager.is_initialized():
-                    raise IAMServiceError("SkyPlatform IAM SDK未初始化，请先调用init_skyplatform_iam()")
-                return manager.get_config(), manager.get_client()
-            except Exception as e:
-                logger.error(f"从全局管理器获取配置和客户端失败: {str(e)}")
-                raise IAMServiceError(f"获取IAM配置失败: {str(e)}")
-        else:
-            return self.config, self.iam_client
+        # 验证配置
+        try:
+            self.config.validate_config()
+        except ValueError as e:
+            raise ConfigurationError(str(e))
     def is_path_whitelisted(self, path: str) -> bool:
         """
         检查路径是否在本地白名单中
         """
-        try:
-            config, _ = self._get_config_and_client()
-            return config.is_path_whitelisted(path)
-        except Exception as e:
-            logger.error(f"检查白名单路径失败: {str(e)}")
+        if not self.config:
             return False
+        return self.config.is_path_whitelisted(path)
     async def dispatch(self, request: Request, call_next: Callable) -> Response:
         """
@@ -100,7 +66,14 @@ class AuthMiddleware(BaseHTTPMiddleware):
         try:
             # 获取请求路径
             api_path = request.url.path
+            method = request.method
+            # 检查是否为机机接口鉴权 来自其他服务
+            server_ak = request.headers.get('SERVER-AK')
+            server_sk = request.headers.get('SERVER-SK')
+            # 检查是否为人机接口鉴权 来自前端
+            # token = request.headers.get('Authorization')
             # 首先检查路径是否在本地白名单中
             if self.is_path_whitelisted(api_path):
                 logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
@@ -114,6 +87,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 提取Token（可能为空，白名单接口不需要token）
             token = self._extract_token(request)
+            machine_token = self._extract_machine_token(request)
             # 验证Token和权限（即使token为空也要调用IAM验证，因为可能是白名单接口）
             user_info = await self._verify_token_and_permission(request, token)
@@ -131,6 +105,11 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 request.state.authenticated = False
                 request.state.is_whitelist = True
             else:
+                if machine_token:
+                    payload = jwt.decode(machine_token, algorithms=["HS256"], options={"verify_signature": False})
+                    user_id = payload.get("sub", None)
+                    request.state.user_id = user_id
                 # 正常认证接口，设置用户信息
                 request.state.user = user_info
                 request.state.authenticated = True
@@ -173,31 +152,37 @@ class AuthMiddleware(BaseHTTPMiddleware):
         """
         从请求中提取Token
         """
-        try:
-            config, _ = self._get_config_and_client()
-            # 从Authorization头提取
-            auth_header = request.headers.get(config.token_header)
-            if auth_header and auth_header.startswith(config.token_prefix):
-                return auth_header[len(config.token_prefix):].strip()
-            # 从查询参数提取（备选方案）
-            token = request.query_params.get("token")
-            if token:
-                return token
+        # 从Authorization头提取
+        auth_header = request.headers.get(self.config.token_header)
+        if auth_header and auth_header.startswith(self.config.token_prefix):
+            print("has auth_header: ", auth_header)
+            return auth_header[len(self.config.token_prefix):].strip()
-            return None
-        except Exception as e:
-            logger.error(f"提取Token失败: {str(e)}")
-            return None
+        # 从查询参数提取（备选方案）
+        token = request.query_params.get("token")
+        if token:
+            print("has token: ", token)
+            return token
+        return None
+    def _extract_machine_token(self, request: Request) -> Optional[str]:
+        """
+        从请求中提取Token
+        """
+        # 从Authorization头提取
+        machine_token = request.headers.get("MACHINE-TOKEN")
+        if machine_token:
+            print("has MACHINE-TOKEN': ", machine_token)
+            return machine_token
+        return None
     async def _verify_token_and_permission(self, request: Request, token: Optional[str]) -> Optional[Dict[str, Any]]:
         """
         验证Token和权限
         """
         try:
-            config, iam_client = self._get_config_and_client()
             # 获取请求信息
             api_path = request.url.path
             method = request.method
@@ -205,14 +190,16 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 从请求头获取服务认证信息（可选）
             server_ak = request.headers.get("SERVER-AK", "")
             server_sk = request.headers.get("SERVER-SK", "")
+            machine_token = request.headers.get("MACHINE-TOKEN", "")
             # 调用IAM验证接口（即使token为空也要调用，因为可能是白名单接口）
-            user_info = iam_client.verify_token(
+            user_info = self.iam_client.verify_token(
                 token=token or "",  # 如果token为None，传递空字符串
                 api=api_path,
                 method=method,
                 server_ak=server_ak,
-                server_sk=server_sk
+                server_sk=server_sk,
+                machine_token=machine_token
             )
             return user_info
@@ -222,12 +209,8 @@ class AuthMiddleware(BaseHTTPMiddleware):
             raise
         except Exception as e:
             logger.error(f"Token验证异常: {str(e)}")
-            try:
-                config, _ = self._get_config_and_client()
-                if config.enable_debug:
-                    logger.exception("详细异常信息:")
-            except:
-                pass
+            if self.config.enable_debug:
+                logger.exception("详细异常信息:")
             return None
     def _create_error_response(
@@ -279,22 +262,24 @@ class AuthService:
         """验证token和权限"""
         # 通过token, server_ak, server_sk判断是否有权限
         api_path = request.url.path
         # 首先检查路径是否在白名单中
         if self.is_path_whitelisted(api_path):
             logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
             return True
         credentials: HTTPAuthorizationCredentials = await self.security(request)
         method = request.method
         server_ak = request.headers.get("SERVER-AK", "")
         server_sk = request.headers.get("SERVER-SK", "")
+        machine_token = request.headers.get("MACHINE-TOKEN", "")
+        print("248 machine_token:", machine_token)
         token = ""
         if credentials is not None:
             token = credentials.credentials
-        user_info_by_iam = self.iam_client.verify_token(token, api_path, method, server_ak, server_sk)
+        user_info_by_iam = self.iam_client.verify_token(token, api_path, method, server_ak, server_sk, machine_token)
         if user_info_by_iam:
             return True
         return False
@@ -310,7 +295,7 @@ class AuthService:
             credentials: HTTPAuthorizationCredentials = await self.security(request)
             if not credentials:
                 return None
             token = credentials.credentials
             # 直接解析JWT token获取payload
@@ -433,93 +418,32 @@ auth_service = None
 def setup_auth_middleware(auth_config: AuthConfig) -> None:
     """
-    设置认证中间件配置（向后兼容）
+    设置认证中间件配置
     Args:
         auth_config: 认证配置实例，包含白名单路径等配置
-    Deprecated:
-        请使用 init_skyplatform_iam() 替代
     """
     global auth_service
     auth_service = AuthService(auth_config)
-    logger.warning("setup_auth_middleware()已废弃，请使用init_skyplatform_iam()替代")
     logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
-def create_auth_middleware(
-    app,
-    config: Optional[AuthConfig] = None,
-    use_global_manager: bool = True
-) -> AuthMiddleware:
-    """
-    创建认证中间件实例
-    Args:
-        app: FastAPI应用实例
-        config: 认证配置，如果为None且use_global_manager=True，则从全局管理器获取
-        use_global_manager: 是否使用全局管理器（推荐）
-    Returns:
-        AuthMiddleware: 认证中间件实例
-    Example:
-        # 使用全局管理器（推荐）
-        middleware = create_auth_middleware(app)
-        # 传统模式（向后兼容）
-        middleware = create_auth_middleware(app, config, use_global_manager=False)
-    """
-    return AuthMiddleware(app, config, use_global_manager=use_global_manager)
 # 便捷的依赖函数
 async def get_current_user(request: Request) -> Dict:
-    """
-    获取当前用户的依赖函数
-    优先使用全局管理器，向后兼容传统模式
-    """
-    try:
-        # 尝试使用全局管理器
-        manager = get_global_manager()
-        if manager.is_initialized():
-            user_info = await manager.get_current_user_info(request)
-            if user_info is None:
-                raise HTTPException(
-                    status_code=status.HTTP_401_UNAUTHORIZED,
-                    detail="需要登录认证",
-                    headers={"WWW-Authenticate": "Bearer"},
-                )
-            return user_info
-    except IAMServiceError:
-        pass  # 全局管理器未初始化，尝试传统模式
-    # 传统模式（向后兼容）
+    """获取当前用户的依赖函数"""
     if auth_service is None:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="认证服务未初始化，请先调用init_skyplatform_iam()或setup_auth_middleware()函数进行配置"
+            detail="认证服务未初始化，请先调用setup_auth_middleware函数进行配置"
         )
     return await auth_service.require_auth(request)
 async def get_optional_user(request: Request) -> Optional[Dict]:
-    """
-    获取可选当前用户的依赖函数
-    优先使用全局管理器，向后兼容传统模式
-    """
-    try:
-        # 尝试使用全局管理器
-        manager = get_global_manager()
-        if manager.is_initialized():
-            return await manager.get_current_user_info(request)
-    except IAMServiceError:
-        pass  # 全局管理器未初始化，尝试传统模式
-    # 传统模式（向后兼容）
+    """获取可选当前用户的依赖函数"""
     if auth_service is None:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="认证服务未初始化，请先调用init_skyplatform_iam()或setup_auth_middleware()函数进行配置"
+            detail="认证服务未初始化，请先调用setup_auth_middleware函数进行配置"
         )
     return await auth_service.optional_auth(request)

{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.2.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skyplatform-iam
-Version: 1.0.5
+Version: 1.2.0
 Summary: SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由
 Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
 Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/

skyplatform_iam-1.2.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,8 @@
+skyplatform_iam/__init__.py,sha256=N4acauQXv5CUHNgaeYc3wCTi9zlwt9xvZW5szZ-ahkc,4664
+skyplatform_iam/config.py,sha256=4EOzjevFtQ25tZPK7wpU58W6hD-B_XVQF7VCNQzdVOM,4429
+skyplatform_iam/connect_agenterra_iam.py,sha256=ixnk45JQoILfwVVKdPllLO-xUqGb8moOh0G6sAIvrVU,40712
+skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
+skyplatform_iam/middleware.py,sha256=e_YNRWXmDVKeKwpAcFYptTV4WZboAF-ICC5p9rvLSE0,17069
+skyplatform_iam-1.2.0.dist-info/METADATA,sha256=T7kVHT53D8WXPJTomoWc6nDNIS3ZM2SYGVDX_r26JGY,12658
+skyplatform_iam-1.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+skyplatform_iam-1.2.0.dist-info/RECORD,,

skyplatform-iam 1.0.5__py3-none-any.whl → 1.2.0__py3-none-any.whl

skyplatform-iam 1.0.5py3-none-any.whl → 1.2.0py3-none-any.whl