PyPI - skyplatform-iam - Versions diffs - 1.1.0__py3-none-any.whl → 1.2.1__py3-none-any.whl - Mend

skyplatform-iam 1.1.0py3-none-any.whl → 1.2.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

skyplatform_iam/__init__.py +34 -1
skyplatform_iam/config.py +34 -9
skyplatform_iam/connect_agenterra_iam.py +99 -51
skyplatform_iam/middleware.py +68 -24
{skyplatform_iam-1.1.0.dist-info → skyplatform_iam-1.2.1.dist-info}/METADATA +1 -1
skyplatform_iam-1.2.1.dist-info/RECORD +8 -0
skyplatform_iam-1.1.0.dist-info/RECORD +0 -8
{skyplatform_iam-1.1.0.dist-info → skyplatform_iam-1.2.1.dist-info}/WHEEL +0 -0

skyplatform_iam/__init__.py CHANGED Viewed

@@ -17,7 +17,7 @@ from .exceptions import (
     NetworkError
 )
-__version__ = "1.0.0"
+__version__ = "1.2.1"
 __author__ = "x9"
 __description__ = "SkyPlatform IAM认证SDK，提供FastAPI中间件和IAM服务连接功能"
@@ -100,6 +100,9 @@ def init_skyplatform_iam(app, config: AuthConfig = None):
     # 验证配置的完整性
     config.validate_config()
+    # 配置SDK日志级别
+    _configure_sdk_logging(config.enable_sdk_logging)
     # 初始化全局认证服务
     setup_auth_middleware(config)
@@ -110,6 +113,36 @@ def init_skyplatform_iam(app, config: AuthConfig = None):
     return middleware
+def _configure_sdk_logging(enable_sdk_logging: bool):
+    """
+    配置SDK日志级别
+    Args:
+        enable_sdk_logging: 是否启用SDK日志
+    """
+    import logging
+    # SDK相关的logger名称列表
+    sdk_loggers = [
+        'skyplatform_iam.config',
+        'skyplatform_iam.middleware',
+        'skyplatform_iam.connect_agenterra_iam',
+        'skyplatform_iam.exceptions'
+    ]
+    if enable_sdk_logging:
+        # 启用SDK日志，设置为INFO级别
+        log_level = logging.INFO
+    else:
+        # 禁用SDK日志，设置为WARNING级别，只显示警告和错误
+        log_level = logging.WARNING
+    # 配置所有SDK相关的logger
+    for logger_name in sdk_loggers:
+        logger = logging.getLogger(logger_name)
+        logger.setLevel(log_level)
 def get_iam_client(config: AuthConfig = None) -> ConnectAgenterraIam:
     """
     获取全局IAM客户端实例

skyplatform_iam/config.py CHANGED Viewed

@@ -1,14 +1,18 @@
 """
 SkyPlatform IAM SDK 配置模块
 """
+import logging
 import os
 import fnmatch
-from typing import Optional, List
+from typing import List, Optional, Dict
+import jwt
 from pydantic import BaseModel, Field
 from dotenv import load_dotenv
 # 加载环境变量
 load_dotenv()
+logger = logging.getLogger(__name__)
 class AuthConfig(BaseModel):
@@ -20,6 +24,7 @@ class AuthConfig(BaseModel):
     agenterra_iam_host: str
     server_name: str
     access_key: str
+    machine_token: str
     # Token配置
     token_header: str = "Authorization"
@@ -27,6 +32,9 @@ class AuthConfig(BaseModel):
     # 错误处理配置
     enable_debug: bool = False
+    # SDK日志控制配置
+    enable_sdk_logging: bool = True
     # 白名单路径配置（实例变量）
     whitelist_paths: List[str] = Field(default_factory=list)
@@ -44,6 +52,8 @@ class AuthConfig(BaseModel):
             server_name=os.environ.get('AGENTERRA_SERVER_NAME', ''),
             access_key=os.environ.get('AGENTERRA_ACCESS_KEY', ''),
             enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true',
+            enable_sdk_logging=os.environ.get('AGENTERRA_ENABLE_SDK_LOGGING', 'true').lower() == 'true',
+            machine_token=os.environ.get('MACHINE_TOKEN', ''),
             whitelist_paths=[]  # 初始化空的白名单路径列表
         )
@@ -63,15 +73,15 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return path
         # 确保路径以 / 开头
         if not path.startswith('/'):
             path = '/' + path
         # 移除重复的斜杠
         while '//' in path:
             path = path.replace('//', '/')
         return path
     def add_whitelist_path(self, path: str) -> None:
@@ -80,7 +90,7 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return
         normalized_path = self._normalize_path(path)
         if normalized_path not in self.whitelist_paths:
             self.whitelist_paths.append(normalized_path)
@@ -98,7 +108,7 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return
         normalized_path = self._normalize_path(path)
         if normalized_path in self.whitelist_paths:
             self.whitelist_paths.remove(normalized_path)
@@ -121,12 +131,27 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return False
         normalized_path = self._normalize_path(path)
         for whitelist_path in self.whitelist_paths:
             # 支持通配符匹配
             if fnmatch.fnmatch(normalized_path, whitelist_path):
                 return True
         return False
+def decode_jwt_token(token: str) -> Optional[Dict]:
+    """直接解析JWT token获取payload"""
+    try:
+        # 不验证签名，只解析payload（因为token已经通过verify_token验证过）
+        decoded_payload = jwt.decode(token, options={"verify_signature": False})
+        logger.debug(f"JWT token解析成功: {decoded_payload}")
+        return decoded_payload
+    except jwt.InvalidTokenError as e:
+        logger.error(f"JWT token解析失败: {str(e)}")
+        return None
+    except Exception as e:
+        logger.error(f"JWT token解析异常: {str(e)}")
+        return None

skyplatform_iam/connect_agenterra_iam.py CHANGED Viewed

@@ -2,9 +2,16 @@ import requests
 import logging
 import traceback
 import copy
+import urllib3
 from enum import Enum
 from fastapi import HTTPException, status
+from .config import decode_jwt_token
+# 禁用 urllib3 的 InsecureRequestWarning 警告
+# 这样可以避免在使用自定义 HTTPS 地址（可能没有有效证书）时出现警告信息
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 class CredentialTypeEnum(str, Enum):
     """凭证类型枚举，与后端API保持一致"""
@@ -17,7 +24,7 @@ class CredentialTypeEnum(str, Enum):
 class ConnectAgenterraIam(object):
     _instance = None
     _initialized = False
     def __new__(cls, config=None, logger_name="skyplatform_iam", log_level=logging.INFO):
         """
         单例模式实现
@@ -26,11 +33,11 @@ class ConnectAgenterraIam(object):
         if cls._instance is None:
             cls._instance = super(ConnectAgenterraIam, cls).__new__(cls)
         return cls._instance
     def __init__(self, config=None, logger_name="skyplatform_iam", log_level=logging.INFO):
         """
         初始化AgenterraIAM连接器
         参数:
         - config: AuthConfig配置对象，如果为None则从环境变量读取
         - logger_name: 日志记录器名称
@@ -39,7 +46,22 @@ class ConnectAgenterraIam(object):
         # 防止重复初始化
         if self._initialized:
             return
+        # 必须传入config参数，不再支持从环境变量读取
+        if config is None:
+            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+        # 保存配置对象，用于日志控制
+        self.config = config
+        # 根据配置设置日志级别
+        if hasattr(config, 'enable_sdk_logging') and not config.enable_sdk_logging:
+            # 禁用SDK日志时，设置为WARNING级别，只显示警告和错误
+            effective_log_level = logging.WARNING
+        else:
+            # 启用SDK日志时，使用传入的日志级别
+            effective_log_level = log_level
         # 配置日志记录器
         self.logger = logging.getLogger(logger_name)
         if not self.logger.handlers:
@@ -49,17 +71,16 @@ class ConnectAgenterraIam(object):
             )
             handler.setFormatter(formatter)
             self.logger.addHandler(handler)
-            self.logger.setLevel(log_level)
-        # 必须传入config参数，不再支持从环境变量读取
-        if config is None:
-            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+            self.logger.setLevel(effective_log_level)
         self.agenterra_iam_host = config.agenterra_iam_host
         self.server_name = config.server_name
         self.access_key = config.access_key
-        self.logger.info("使用传入的AuthConfig配置")
+        self.machine_token = config.machine_token
+        if hasattr(config, 'enable_sdk_logging') and config.enable_sdk_logging:
+            self.logger.info("使用传入的AuthConfig配置")
         # 验证必要的配置
         if not self.agenterra_iam_host:
             self.logger.warning("AGENTERRA_IAM_HOST 配置未设置")
@@ -67,9 +88,11 @@ class ConnectAgenterraIam(object):
             self.logger.warning("AGENTERRA_SERVER_NAME 配置未设置")
         if not self.access_key:
             self.logger.warning("AGENTERRA_ACCESS_KEY 配置未设置")
-        self.logger.info(f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
+        if hasattr(config, 'enable_sdk_logging') and config.enable_sdk_logging:
+            self.logger.info(
+                f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
         self.headers = {
             "Content-Type": "application/json",
             "SERVER-AK": self.server_name,
@@ -77,9 +100,10 @@ class ConnectAgenterraIam(object):
         }
         self.body = {
             "server_name": self.server_name,
-            "access_key": self.access_key
+            "access_key": self.access_key,
+            "machine_token": self.machine_token
         }
         # 标记为已初始化
         self._initialized = True
@@ -87,20 +111,20 @@ class ConnectAgenterraIam(object):
         """
         重新加载配置
         用于在运行时更新配置
         参数:
         - config: AuthConfig配置对象
         """
         if config is None:
             raise ValueError("必须传入AuthConfig配置对象")
         self.logger.info("重新加载配置")
         # 更新配置
         self.agenterra_iam_host = config.agenterra_iam_host
         self.server_name = config.server_name
         self.access_key = config.access_key
         # 验证必要的配置
         if not self.agenterra_iam_host:
             self.logger.warning("AGENTERRA_IAM_HOST 配置未设置")
@@ -108,7 +132,7 @@ class ConnectAgenterraIam(object):
             self.logger.warning("AGENTERRA_SERVER_NAME 配置未设置")
         if not self.access_key:
             self.logger.warning("AGENTERRA_ACCESS_KEY 配置未设置")
         # 更新headers和body
         self.headers = {
             "Content-Type": "application/json",
@@ -117,77 +141,83 @@ class ConnectAgenterraIam(object):
         }
         self.body = {
             "server_name": self.server_name,
-            "access_key": self.access_key
+            "access_key": self.access_key,
+            "machine_token": self.machine_token,
         }
-        self.logger.info(f"配置重新加载完成 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
+        self.logger.info(
+            f"配置重新加载完成 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
     def _mask_sensitive(self, value, mask_char="*", show_chars=4):
         """
         脱敏处理敏感信息
         参数:
         - value: 要脱敏的值
         - mask_char: 脱敏字符
         - show_chars: 显示的字符数量
         返回: 脱敏后的字符串
         """
         if not value or not isinstance(value, str):
             return str(value) if value else "None"
         if len(value) <= show_chars:
             return mask_char * len(value)
         return value[:show_chars] + mask_char * (len(value) - show_chars)
     def _sanitize_log_data(self, data):
         """
         清理日志数据，脱敏敏感信息
         参数:
         - data: 要清理的数据（字典或其他类型）
         返回: 清理后的数据
         """
         if not isinstance(data, dict):
             return data
         # 需要脱敏的字段列表
         sensitive_fields = [
-            'password', 'access_key', 'token', 'refresh_token',
+            'password', 'access_key', 'token', 'refresh_token',
             'SERVER-SK', 'new_password', 'server_sk'
         ]
         sanitized = copy.deepcopy(data)
         for key, value in sanitized.items():
             if key.lower() in [field.lower() for field in sensitive_fields]:
                 sanitized[key] = self._mask_sensitive(str(value))
             elif isinstance(value, dict):
                 sanitized[key] = self._sanitize_log_data(value)
         return sanitized
     def _log_request(self, method_name, url, headers, body):
         """记录请求信息"""
-        sanitized_headers = self._sanitize_log_data(headers)
-        sanitized_body = self._sanitize_log_data(body)
-        self.logger.info(f"[{method_name}] 发送请求 - URL: {url}")
-        self.logger.info(f"[{method_name}] 请求头: {sanitized_headers}")
-        self.logger.info(f"[{method_name}] 请求体: {sanitized_body}")
+        # 只有在启用SDK日志时才输出详细的请求信息
+        if hasattr(self, 'config') and hasattr(self.config, 'enable_sdk_logging') and self.config.enable_sdk_logging:
+            sanitized_headers = self._sanitize_log_data(headers)
+            sanitized_body = self._sanitize_log_data(body)
+            self.logger.info(f"[{method_name}] 发送请求 - URL: {url}")
+            self.logger.info(f"[{method_name}] 请求头: {sanitized_headers}")
+            self.logger.info(f"[{method_name}] 请求体: {sanitized_body}")
     def _log_response(self, method_name, response):
         """记录响应信息"""
-        try:
-            response_data = response.json() if response.content else {}
-            sanitized_response = self._sanitize_log_data(response_data)
-            self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
-            self.logger.info(f"[{method_name}] 响应内容: {sanitized_response}")
-        except Exception as e:
-            self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
-            self.logger.info(f"[{method_name}] 响应内容解析失败: {str(e)}")
+        # 只有在启用SDK日志时才输出详细的响应信息
+        if hasattr(self, 'config') and hasattr(self.config, 'enable_sdk_logging') and self.config.enable_sdk_logging:
+            try:
+                response_data = response.json() if response.content else {}
+                sanitized_response = self._sanitize_log_data(response_data)
+                self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
+                self.logger.info(f"[{method_name}] 响应内容: {sanitized_response}")
+            except Exception as e:
+                self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
+                self.logger.info(f"[{method_name}] 响应内容解析失败: {str(e)}")
     def register(self, cred_type=None, cred_value=None, password=None, nickname=None, avatar_url=None,
                  username=None, phone=None):
@@ -346,6 +376,11 @@ class ConnectAgenterraIam(object):
             if response.status_code == 200:
                 self.logger.info(f"[{method_name}] 密码登录成功")
+                data = response.json()["data"]
+                access_token = data["access_token"]
+                payload = decode_jwt_token(access_token)
+                self.machine_token = payload["machine_access_token"]
                 return response
             else:
                 self.logger.warning(f"[{method_name}] 密码登录失败 - 状态码: {response.status_code}")
@@ -452,9 +487,12 @@ class ConnectAgenterraIam(object):
             # 记录请求信息
             self._log_request(method_name, url, self.headers, body)
+            headers = self.headers.copy()
+            headers['MACHINE-TOKEN'] = self.machine_token
             response = requests.post(
                 url=url,
-                headers=self.headers,
+                headers=headers,
                 json=body,
                 verify=False
             )
@@ -474,7 +512,7 @@ class ConnectAgenterraIam(object):
             self.logger.error(f"[{method_name}] 异常堆栈: {traceback.format_exc()}")
             return False
-    def verify_token(self, token, api, method, server_ak="", server_sk=""):
+    def verify_token(self, token, api, method, server_ak="", server_sk="", machine_token=""):
         """
         请求iam进行鉴权
         server_name: 服务名称
@@ -494,6 +532,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": machine_token if machine_token else self.machine_token,
                 "token": token,
                 "api": api,
                 "method": method,
@@ -600,6 +639,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "user_id": user_id,
                 "new_password": new_password
             }
@@ -647,6 +687,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "refresh_token": refresh_token
             }
             uri = "/api/v2/service/refresh_token"
@@ -694,6 +735,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "user_id": user_id,
                 "role_id": role_id
             }
@@ -736,6 +778,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "token": token,
             }
             uri = "/api/v2/service/token"
@@ -788,6 +831,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "user_id": user_id,
                 "config_name": config_name
             }
@@ -844,6 +888,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "user_id": user_id
             }
@@ -896,6 +941,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "user_id": user_id,
                 "config_name": config_name
             }
@@ -957,6 +1003,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "target_user_id": target_user_id,
                 "cred_type": cred_type.value,
                 "cred_value": cred_value
@@ -1021,6 +1068,7 @@ class ConnectAgenterraIam(object):
             body = {
                 "server_name": self.server_name,
                 "access_key": self.access_key,
+                "machine_token": self.machine_token,
                 "cred_type": cred_type.value,
                 "cred_value": cred_value
             }

skyplatform_iam/middleware.py CHANGED Viewed

@@ -66,10 +66,18 @@ class AuthMiddleware(BaseHTTPMiddleware):
         try:
             # 获取请求路径
             api_path = request.url.path
+            method = request.method
+            # 检查是否为机机接口鉴权 来自其他服务
+            server_ak = request.headers.get('SERVER-AK')
+            server_sk = request.headers.get('SERVER-SK')
+            # 检查是否为人机接口鉴权 来自前端
+            # token = request.headers.get('Authorization')
             # 首先检查路径是否在本地白名单中
             if self.is_path_whitelisted(api_path):
-                logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
+                if self.config.enable_sdk_logging:
+                    logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
                 # 设置白名单标识
                 request.state.user = None
                 request.state.authenticated = False
@@ -80,6 +88,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 提取Token（可能为空，白名单接口不需要token）
             token = self._extract_token(request)
+            machine_token = self._extract_machine_token(request)
             # 验证Token和权限（即使token为空也要调用IAM验证，因为可能是白名单接口）
             user_info = await self._verify_token_and_permission(request, token)
@@ -97,6 +106,16 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 request.state.authenticated = False
                 request.state.is_whitelist = True
             else:
+                if machine_token:
+                    try:
+                        payload = jwt.decode(machine_token, algorithms=["HS256"], options={"verify_signature": False})
+                        user_id = payload.get("sub", None)
+                        request.state.user_id = user_id
+                    except Exception as jwt_error:
+                        if self.config.enable_sdk_logging:
+                            logger.error(f"JWT解码失败: {str(jwt_error)}")
+                        # JWT解码失败时不设置user_id，但继续处理
                 # 正常认证接口，设置用户信息
                 request.state.user = user_info
                 request.state.authenticated = True
@@ -125,9 +144,10 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 detail=e.detail
             )
         except Exception as e:
-            logger.error(f"认证中间件处理异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            if self.config.enable_sdk_logging:
+                logger.error(f"认证中间件处理异常: {str(e)}")
+                if self.config.enable_debug:
+                    logger.exception("详细异常信息:")
             return self._create_error_response(
                 status_code=500,
@@ -151,6 +171,17 @@ class AuthMiddleware(BaseHTTPMiddleware):
         return None
+    def _extract_machine_token(self, request: Request) -> Optional[str]:
+        """
+        从请求中提取Token
+        """
+        # 从Authorization头提取
+        machine_token = request.headers.get("MACHINE-TOKEN")
+        if machine_token:
+            return machine_token
+        return None
     async def _verify_token_and_permission(self, request: Request, token: Optional[str]) -> Optional[Dict[str, Any]]:
         """
         验证Token和权限
@@ -163,6 +194,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 从请求头获取服务认证信息（可选）
             server_ak = request.headers.get("SERVER-AK", "")
             server_sk = request.headers.get("SERVER-SK", "")
+            machine_token = request.headers.get("MACHINE-TOKEN", "")
             # 调用IAM验证接口（即使token为空也要调用，因为可能是白名单接口）
             user_info = self.iam_client.verify_token(
@@ -170,7 +202,8 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 api=api_path,
                 method=method,
                 server_ak=server_ak,
-                server_sk=server_sk
+                server_sk=server_sk,
+                machine_token=machine_token
             )
             return user_info
@@ -179,9 +212,10 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 重新抛出HTTP异常
             raise
         except Exception as e:
-            logger.error(f"Token验证异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            if self.config.enable_sdk_logging:
+                logger.error(f"Token验证异常: {str(e)}")
+                if self.config.enable_debug:
+                    logger.exception("详细异常信息:")
             return None
     def _create_error_response(
@@ -233,22 +267,24 @@ class AuthService:
         """验证token和权限"""
         # 通过token, server_ak, server_sk判断是否有权限
         api_path = request.url.path
         # 首先检查路径是否在白名单中
         if self.is_path_whitelisted(api_path):
-            logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
+            if self.auth_config.enable_sdk_logging:
+                logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
             return True
         credentials: HTTPAuthorizationCredentials = await self.security(request)
         method = request.method
         server_ak = request.headers.get("SERVER-AK", "")
         server_sk = request.headers.get("SERVER-SK", "")
+        machine_token = request.headers.get("MACHINE-TOKEN", "")
         token = ""
         if credentials is not None:
             token = credentials.credentials
-        user_info_by_iam = self.iam_client.verify_token(token, api_path, method, server_ak, server_sk)
+        user_info_by_iam = self.iam_client.verify_token(token, api_path, method, server_ak, server_sk, machine_token)
         if user_info_by_iam:
             return True
         return False
@@ -264,13 +300,14 @@ class AuthService:
             credentials: HTTPAuthorizationCredentials = await self.security(request)
             if not credentials:
                 return None
             token = credentials.credentials
             # 直接解析JWT token获取payload
             payload = self.decode_jwt_token(token)
             if not payload:
-                logger.error("JWT token解析失败")
+                if self.auth_config.enable_sdk_logging:
+                    logger.error("JWT token解析失败")
                 return None
             # 从payload中提取用户信息
@@ -326,20 +363,23 @@ class AuthService:
             cred_types = [cred.get("type") for cred in all_credentials]
             cred_type_count = {cred_type: cred_types.count(cred_type) for cred_type in set(cred_types)}
-            logger.info(
-                f"用户认证成功: user_id={iam_user_id}, username={username}, 凭证数量={total_credentials}, 凭证类型分布={cred_type_count}")
-            logger.debug(f"JWT payload: {payload}")
+            if self.auth_config.enable_sdk_logging:
+                logger.info(
+                    f"用户认证成功: user_id={iam_user_id}, username={username}, 凭证数量={total_credentials}, 凭证类型分布={cred_type_count}")
+                logger.debug(f"JWT payload: {payload}")
             # 将用户信息添加到请求状态中
             request.state.user = user_info
             return user_info
         except HTTPException as e:
-            logger.error(f"获取当前用户信息失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"获取当前用户信息失败: {str(e)}")
             # 重新抛出HTTP异常（403权限不足）
             return None
         except Exception as e:
-            logger.error(f"获取当前用户信息失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"获取当前用户信息失败: {str(e)}")
             return None
     async def require_auth(self, request: Request) -> Dict:
@@ -371,13 +411,16 @@ class AuthService:
         try:
             # 不验证签名，只解析payload（因为token已经通过verify_token验证过）
             decoded_payload = jwt.decode(token, options={"verify_signature": False})
-            logger.debug(f"JWT token解析成功: {decoded_payload}")
+            if self.auth_config.enable_sdk_logging:
+                logger.debug(f"JWT token解析成功: {decoded_payload}")
             return decoded_payload
         except jwt.InvalidTokenError as e:
-            logger.error(f"JWT token解析失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"JWT token解析失败: {str(e)}")
             return None
         except Exception as e:
-            logger.error(f"JWT token解析异常: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"JWT token解析异常: {str(e)}")
             return None
@@ -394,7 +437,8 @@ def setup_auth_middleware(auth_config: AuthConfig) -> None:
     """
     global auth_service
     auth_service = AuthService(auth_config)
-    logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
+    if auth_config.enable_sdk_logging:
+        logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
 # 便捷的依赖函数

{skyplatform_iam-1.1.0.dist-info → skyplatform_iam-1.2.1.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skyplatform-iam
-Version: 1.1.0
+Version: 1.2.1
 Summary: SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由
 Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
 Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/

skyplatform_iam-1.2.1.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,8 @@
+skyplatform_iam/__init__.py,sha256=6ffSGMRItbBPnxgQMaoeB1oGLfXuMK3HHrspuiqyO8s,5591
+skyplatform_iam/config.py,sha256=x3GBikMkC8-0og0Vhs6h5_nTcBXeEd8euDgVDd7IsK4,4607
+skyplatform_iam/connect_agenterra_iam.py,sha256=t03IdWCwBP1oOF1WBTSZETB4MUKQ7zTmfvc6zXD83fg,42050
+skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
+skyplatform_iam/middleware.py,sha256=jXX8_UciUhOkbK418anqtJoclNhvTQeFnguwPjv5K9E,17863
+skyplatform_iam-1.2.1.dist-info/METADATA,sha256=HLkBft7Qp6w9NFpsHtkVJWFXLcHNZDJ_7_AaXYprZ6E,12658
+skyplatform_iam-1.2.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+skyplatform_iam-1.2.1.dist-info/RECORD,,

skyplatform_iam-1.1.0.dist-info/RECORD DELETED Viewed

@@ -1,8 +0,0 @@
-skyplatform_iam/__init__.py,sha256=JfCqvHdzjiwkEVhgzlB45pKKs0VkxKg8yrMMQ4NpWpY,4664
-skyplatform_iam/config.py,sha256=s4tctVpguKZv4O1Fhf7_Fo7zELNX6KYviMjkE1WPbQM,3715
-skyplatform_iam/connect_agenterra_iam.py,sha256=9SnZkYmZ1VewzIz6a3-uOdOLzHrhPyJPIofZHgImJCM,39785
-skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
-skyplatform_iam/middleware.py,sha256=XNJxvjw3O55TW-ff_uORK-C9Wy4BTAfkcnNjy1SQkx0,15721
-skyplatform_iam-1.1.0.dist-info/METADATA,sha256=K3G-22HfmCKyzHOK_zvrpGDzez_gpEvrqon7nsvG4wg,12658
-skyplatform_iam-1.1.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-skyplatform_iam-1.1.0.dist-info/RECORD,,

{skyplatform_iam-1.1.0.dist-info → skyplatform_iam-1.2.1.dist-info}/WHEEL RENAMED Viewed

File without changes

skyplatform-iam 1.1.0__py3-none-any.whl → 1.2.1__py3-none-any.whl

skyplatform-iam 1.1.0py3-none-any.whl → 1.2.1py3-none-any.whl