skyplatform-iam 1.2.0__py3-none-any.whl → 1.2.1__py3-none-any.whl

skyplatform_iam/__init__.py

@@ -17,7 +17,7 @@ from .exceptions import (
     NetworkError
 )
 
-__version__ = "1.2.0"
+__version__ = "1.2.1"
 __author__ = "x9"
 __description__ = "SkyPlatform IAM认证SDK，提供FastAPI中间件和IAM服务连接功能"
 
@@ -100,6 +100,9 @@ def init_skyplatform_iam(app, config: AuthConfig = None):
     # 验证配置的完整性
     config.validate_config()
     
+    # 配置SDK日志级别
+    _configure_sdk_logging(config.enable_sdk_logging)
+    
     # 初始化全局认证服务
     setup_auth_middleware(config)
     
@@ -110,6 +113,36 @@ def init_skyplatform_iam(app, config: AuthConfig = None):
     return middleware
 
 
+def _configure_sdk_logging(enable_sdk_logging: bool):
+    """
+    配置SDK日志级别
+    
+    Args:
+        enable_sdk_logging: 是否启用SDK日志
+    """
+    import logging
+    
+    # SDK相关的logger名称列表
+    sdk_loggers = [
+        'skyplatform_iam.config',
+        'skyplatform_iam.middleware', 
+        'skyplatform_iam.connect_agenterra_iam',
+        'skyplatform_iam.exceptions'
+    ]
+    
+    if enable_sdk_logging:
+        # 启用SDK日志，设置为INFO级别
+        log_level = logging.INFO
+    else:
+        # 禁用SDK日志，设置为WARNING级别，只显示警告和错误
+        log_level = logging.WARNING
+    
+    # 配置所有SDK相关的logger
+    for logger_name in sdk_loggers:
+        logger = logging.getLogger(logger_name)
+        logger.setLevel(log_level)
+
+
 def get_iam_client(config: AuthConfig = None) -> ConnectAgenterraIam:
     """
     获取全局IAM客户端实例

skyplatform_iam/config.py

@@ -32,6 +32,9 @@ class AuthConfig(BaseModel):
 
     # 错误处理配置
     enable_debug: bool = False
+    
+    # SDK日志控制配置
+    enable_sdk_logging: bool = True
 
     # 白名单路径配置（实例变量）
     whitelist_paths: List[str] = Field(default_factory=list)
@@ -49,6 +52,7 @@ class AuthConfig(BaseModel):
             server_name=os.environ.get('AGENTERRA_SERVER_NAME', ''),
             access_key=os.environ.get('AGENTERRA_ACCESS_KEY', ''),
             enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true',
+            enable_sdk_logging=os.environ.get('AGENTERRA_ENABLE_SDK_LOGGING', 'true').lower() == 'true',
             machine_token=os.environ.get('MACHINE_TOKEN', ''),
             whitelist_paths=[]  # 初始化空的白名单路径列表
         )

skyplatform_iam/connect_agenterra_iam.py

@@ -2,11 +2,16 @@ import requests
 import logging
 import traceback
 import copy
+import urllib3
 from enum import Enum
 from fastapi import HTTPException, status
 
 from .config import decode_jwt_token
 
+# 禁用 urllib3 的 InsecureRequestWarning 警告
+# 这样可以避免在使用自定义 HTTPS 地址（可能没有有效证书）时出现警告信息
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
 
 class CredentialTypeEnum(str, Enum):
     """凭证类型枚举，与后端API保持一致"""
@@ -42,6 +47,21 @@ class ConnectAgenterraIam(object):
         if self._initialized:
             return
 
+        # 必须传入config参数，不再支持从环境变量读取
+        if config is None:
+            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+
+        # 保存配置对象，用于日志控制
+        self.config = config
+
+        # 根据配置设置日志级别
+        if hasattr(config, 'enable_sdk_logging') and not config.enable_sdk_logging:
+            # 禁用SDK日志时，设置为WARNING级别，只显示警告和错误
+            effective_log_level = logging.WARNING
+        else:
+            # 启用SDK日志时，使用传入的日志级别
+            effective_log_level = log_level
+
         # 配置日志记录器
         self.logger = logging.getLogger(logger_name)
         if not self.logger.handlers:
@@ -51,17 +71,15 @@ class ConnectAgenterraIam(object):
             )
             handler.setFormatter(formatter)
             self.logger.addHandler(handler)
-            self.logger.setLevel(log_level)
-
-        # 必须传入config参数，不再支持从环境变量读取
-        if config is None:
-            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+            self.logger.setLevel(effective_log_level)
 
         self.agenterra_iam_host = config.agenterra_iam_host
         self.server_name = config.server_name
         self.access_key = config.access_key
         self.machine_token = config.machine_token
-        self.logger.info("使用传入的AuthConfig配置")
+        
+        if hasattr(config, 'enable_sdk_logging') and config.enable_sdk_logging:
+            self.logger.info("使用传入的AuthConfig配置")
 
         # 验证必要的配置
         if not self.agenterra_iam_host:
@@ -71,8 +89,9 @@ class ConnectAgenterraIam(object):
         if not self.access_key:
             self.logger.warning("AGENTERRA_ACCESS_KEY 配置未设置")
 
-        self.logger.info(
-            f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
+        if hasattr(config, 'enable_sdk_logging') and config.enable_sdk_logging:
+            self.logger.info(
+                f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
 
         self.headers = {
             "Content-Type": "application/json",
@@ -178,23 +197,27 @@ class ConnectAgenterraIam(object):
 
     def _log_request(self, method_name, url, headers, body):
         """记录请求信息"""
-        sanitized_headers = self._sanitize_log_data(headers)
-        sanitized_body = self._sanitize_log_data(body)
+        # 只有在启用SDK日志时才输出详细的请求信息
+        if hasattr(self, 'config') and hasattr(self.config, 'enable_sdk_logging') and self.config.enable_sdk_logging:
+            sanitized_headers = self._sanitize_log_data(headers)
+            sanitized_body = self._sanitize_log_data(body)
 
-        self.logger.info(f"[{method_name}] 发送请求 - URL: {url}")
-        self.logger.info(f"[{method_name}] 请求头: {sanitized_headers}")
-        self.logger.info(f"[{method_name}] 请求体: {sanitized_body}")
+            self.logger.info(f"[{method_name}] 发送请求 - URL: {url}")
+            self.logger.info(f"[{method_name}] 请求头: {sanitized_headers}")
+            self.logger.info(f"[{method_name}] 请求体: {sanitized_body}")
 
     def _log_response(self, method_name, response):
         """记录响应信息"""
-        try:
-            response_data = response.json() if response.content else {}
-            sanitized_response = self._sanitize_log_data(response_data)
-            self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
-            self.logger.info(f"[{method_name}] 响应内容: {sanitized_response}")
-        except Exception as e:
-            self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
-            self.logger.info(f"[{method_name}] 响应内容解析失败: {str(e)}")
+        # 只有在启用SDK日志时才输出详细的响应信息
+        if hasattr(self, 'config') and hasattr(self.config, 'enable_sdk_logging') and self.config.enable_sdk_logging:
+            try:
+                response_data = response.json() if response.content else {}
+                sanitized_response = self._sanitize_log_data(response_data)
+                self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
+                self.logger.info(f"[{method_name}] 响应内容: {sanitized_response}")
+            except Exception as e:
+                self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
+                self.logger.info(f"[{method_name}] 响应内容解析失败: {str(e)}")
 
     def register(self, cred_type=None, cred_value=None, password=None, nickname=None, avatar_url=None,
                  username=None, phone=None):

skyplatform_iam/middleware.py

@@ -76,7 +76,8 @@ class AuthMiddleware(BaseHTTPMiddleware):
 
             # 首先检查路径是否在本地白名单中
             if self.is_path_whitelisted(api_path):
-                logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
+                if self.config.enable_sdk_logging:
+                    logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
                 # 设置白名单标识
                 request.state.user = None
                 request.state.authenticated = False
@@ -106,9 +107,14 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 request.state.is_whitelist = True
             else:
                 if machine_token:
-                    payload = jwt.decode(machine_token, algorithms=["HS256"], options={"verify_signature": False})
-                    user_id = payload.get("sub", None)
-                    request.state.user_id = user_id
+                    try:
+                        payload = jwt.decode(machine_token, algorithms=["HS256"], options={"verify_signature": False})
+                        user_id = payload.get("sub", None)
+                        request.state.user_id = user_id
+                    except Exception as jwt_error:
+                        if self.config.enable_sdk_logging:
+                            logger.error(f"JWT解码失败: {str(jwt_error)}")
+                        # JWT解码失败时不设置user_id，但继续处理
 
                 # 正常认证接口，设置用户信息
                 request.state.user = user_info
@@ -138,9 +144,10 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 detail=e.detail
             )
         except Exception as e:
-            logger.error(f"认证中间件处理异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            if self.config.enable_sdk_logging:
+                logger.error(f"认证中间件处理异常: {str(e)}")
+                if self.config.enable_debug:
+                    logger.exception("详细异常信息:")
 
             return self._create_error_response(
                 status_code=500,
@@ -155,13 +162,11 @@ class AuthMiddleware(BaseHTTPMiddleware):
         # 从Authorization头提取
         auth_header = request.headers.get(self.config.token_header)
         if auth_header and auth_header.startswith(self.config.token_prefix):
-            print("has auth_header: ", auth_header)
             return auth_header[len(self.config.token_prefix):].strip()
 
         # 从查询参数提取（备选方案）
         token = request.query_params.get("token")
         if token:
-            print("has token: ", token)
             return token
 
         return None
@@ -173,7 +178,6 @@ class AuthMiddleware(BaseHTTPMiddleware):
         # 从Authorization头提取
         machine_token = request.headers.get("MACHINE-TOKEN")
         if machine_token:
-            print("has MACHINE-TOKEN': ", machine_token)
             return machine_token
 
         return None
@@ -208,9 +212,10 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 重新抛出HTTP异常
             raise
         except Exception as e:
-            logger.error(f"Token验证异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            if self.config.enable_sdk_logging:
+                logger.error(f"Token验证异常: {str(e)}")
+                if self.config.enable_debug:
+                    logger.exception("详细异常信息:")
             return None
 
     def _create_error_response(
@@ -265,7 +270,8 @@ class AuthService:
 
         # 首先检查路径是否在白名单中
         if self.is_path_whitelisted(api_path):
-            logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
+            if self.auth_config.enable_sdk_logging:
+                logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
             return True
 
         credentials: HTTPAuthorizationCredentials = await self.security(request)
@@ -274,7 +280,6 @@ class AuthService:
         server_ak = request.headers.get("SERVER-AK", "")
         server_sk = request.headers.get("SERVER-SK", "")
         machine_token = request.headers.get("MACHINE-TOKEN", "")
-        print("248 machine_token:", machine_token)
 
         token = ""
         if credentials is not None:
@@ -301,7 +306,8 @@ class AuthService:
             # 直接解析JWT token获取payload
             payload = self.decode_jwt_token(token)
             if not payload:
-                logger.error("JWT token解析失败")
+                if self.auth_config.enable_sdk_logging:
+                    logger.error("JWT token解析失败")
                 return None
 
             # 从payload中提取用户信息
@@ -357,20 +363,23 @@ class AuthService:
             cred_types = [cred.get("type") for cred in all_credentials]
             cred_type_count = {cred_type: cred_types.count(cred_type) for cred_type in set(cred_types)}
 
-            logger.info(
-                f"用户认证成功: user_id={iam_user_id}, username={username}, 凭证数量={total_credentials}, 凭证类型分布={cred_type_count}")
-            logger.debug(f"JWT payload: {payload}")
+            if self.auth_config.enable_sdk_logging:
+                logger.info(
+                    f"用户认证成功: user_id={iam_user_id}, username={username}, 凭证数量={total_credentials}, 凭证类型分布={cred_type_count}")
+                logger.debug(f"JWT payload: {payload}")
 
             # 将用户信息添加到请求状态中
             request.state.user = user_info
             return user_info
 
         except HTTPException as e:
-            logger.error(f"获取当前用户信息失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"获取当前用户信息失败: {str(e)}")
             # 重新抛出HTTP异常（403权限不足）
             return None
         except Exception as e:
-            logger.error(f"获取当前用户信息失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"获取当前用户信息失败: {str(e)}")
             return None
 
     async def require_auth(self, request: Request) -> Dict:
@@ -402,13 +411,16 @@ class AuthService:
         try:
             # 不验证签名，只解析payload（因为token已经通过verify_token验证过）
             decoded_payload = jwt.decode(token, options={"verify_signature": False})
-            logger.debug(f"JWT token解析成功: {decoded_payload}")
+            if self.auth_config.enable_sdk_logging:
+                logger.debug(f"JWT token解析成功: {decoded_payload}")
             return decoded_payload
         except jwt.InvalidTokenError as e:
-            logger.error(f"JWT token解析失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"JWT token解析失败: {str(e)}")
             return None
         except Exception as e:
-            logger.error(f"JWT token解析异常: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"JWT token解析异常: {str(e)}")
             return None
 
 
@@ -425,7 +437,8 @@ def setup_auth_middleware(auth_config: AuthConfig) -> None:
     """
     global auth_service
     auth_service = AuthService(auth_config)
-    logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
+    if auth_config.enable_sdk_logging:
+        logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
 
 
 # 便捷的依赖函数

{skyplatform_iam-1.2.0.dist-info → skyplatform_iam-1.2.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skyplatform-iam
-Version: 1.2.0
+Version: 1.2.1
 Summary: SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由
 Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
 Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/

skyplatform_iam-1.2.1.dist-info/RECORD

@@ -0,0 +1,8 @@
+skyplatform_iam/__init__.py,sha256=6ffSGMRItbBPnxgQMaoeB1oGLfXuMK3HHrspuiqyO8s,5591
+skyplatform_iam/config.py,sha256=x3GBikMkC8-0og0Vhs6h5_nTcBXeEd8euDgVDd7IsK4,4607
+skyplatform_iam/connect_agenterra_iam.py,sha256=t03IdWCwBP1oOF1WBTSZETB4MUKQ7zTmfvc6zXD83fg,42050
+skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
+skyplatform_iam/middleware.py,sha256=jXX8_UciUhOkbK418anqtJoclNhvTQeFnguwPjv5K9E,17863
+skyplatform_iam-1.2.1.dist-info/METADATA,sha256=HLkBft7Qp6w9NFpsHtkVJWFXLcHNZDJ_7_AaXYprZ6E,12658
+skyplatform_iam-1.2.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+skyplatform_iam-1.2.1.dist-info/RECORD,,

skyplatform_iam-1.2.0.dist-info/RECORD

@@ -1,8 +0,0 @@
-skyplatform_iam/__init__.py,sha256=N4acauQXv5CUHNgaeYc3wCTi9zlwt9xvZW5szZ-ahkc,4664
-skyplatform_iam/config.py,sha256=4EOzjevFtQ25tZPK7wpU58W6hD-B_XVQF7VCNQzdVOM,4429
-skyplatform_iam/connect_agenterra_iam.py,sha256=ixnk45JQoILfwVVKdPllLO-xUqGb8moOh0G6sAIvrVU,40712
-skyplatform_iam/exceptions.py,sha256=Rt55QIzVK1F_kn6yzKQKKakD6PZDFdPLCGaCphKKms8,2166
-skyplatform_iam/middleware.py,sha256=e_YNRWXmDVKeKwpAcFYptTV4WZboAF-ICC5p9rvLSE0,17069
-skyplatform_iam-1.2.0.dist-info/METADATA,sha256=T7kVHT53D8WXPJTomoWc6nDNIS3ZM2SYGVDX_r26JGY,12658
-skyplatform_iam-1.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-skyplatform_iam-1.2.0.dist-info/RECORD,,