PyPI - skyplatform-iam - Versions diffs - 1.2.0__tar.gz → 1.2.1__tar.gz - Mend

skyplatform-iam 1.2.0tar.gz → 1.2.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skyplatform-iam
-Version: 1.2.0
+Version: 1.2.1
 Summary: SkyPlatform IAM认证SDK，提供FastAPI中间件和认证路由
 Project-URL: Homepage, https://github.com/xinmayoujiang12621/agenterra_iam
 Project-URL: Documentation, https://skyplatform-iam.readthedocs.io/

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "skyplatform-iam"
-version = "1.2.0"
+version = "1.2.1"
 authors = [
   { name="x9", email="xuanxienanxunmobao@gmail.com" },
 ]

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/skyplatform_iam/__init__.py RENAMED Viewed

@@ -17,7 +17,7 @@ from .exceptions import (
     NetworkError
 )
-__version__ = "1.2.0"
+__version__ = "1.2.1"
 __author__ = "x9"
 __description__ = "SkyPlatform IAM认证SDK，提供FastAPI中间件和IAM服务连接功能"
@@ -100,6 +100,9 @@ def init_skyplatform_iam(app, config: AuthConfig = None):
     # 验证配置的完整性
     config.validate_config()
+    # 配置SDK日志级别
+    _configure_sdk_logging(config.enable_sdk_logging)
     # 初始化全局认证服务
     setup_auth_middleware(config)
@@ -110,6 +113,36 @@ def init_skyplatform_iam(app, config: AuthConfig = None):
     return middleware
+def _configure_sdk_logging(enable_sdk_logging: bool):
+    """
+    配置SDK日志级别
+    Args:
+        enable_sdk_logging: 是否启用SDK日志
+    """
+    import logging
+    # SDK相关的logger名称列表
+    sdk_loggers = [
+        'skyplatform_iam.config',
+        'skyplatform_iam.middleware',
+        'skyplatform_iam.connect_agenterra_iam',
+        'skyplatform_iam.exceptions'
+    ]
+    if enable_sdk_logging:
+        # 启用SDK日志，设置为INFO级别
+        log_level = logging.INFO
+    else:
+        # 禁用SDK日志，设置为WARNING级别，只显示警告和错误
+        log_level = logging.WARNING
+    # 配置所有SDK相关的logger
+    for logger_name in sdk_loggers:
+        logger = logging.getLogger(logger_name)
+        logger.setLevel(log_level)
 def get_iam_client(config: AuthConfig = None) -> ConnectAgenterraIam:
     """
     获取全局IAM客户端实例

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/skyplatform_iam/config.py RENAMED Viewed

@@ -32,6 +32,9 @@ class AuthConfig(BaseModel):
     # 错误处理配置
     enable_debug: bool = False
+    # SDK日志控制配置
+    enable_sdk_logging: bool = True
     # 白名单路径配置（实例变量）
     whitelist_paths: List[str] = Field(default_factory=list)
@@ -49,6 +52,7 @@ class AuthConfig(BaseModel):
             server_name=os.environ.get('AGENTERRA_SERVER_NAME', ''),
             access_key=os.environ.get('AGENTERRA_ACCESS_KEY', ''),
             enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true',
+            enable_sdk_logging=os.environ.get('AGENTERRA_ENABLE_SDK_LOGGING', 'true').lower() == 'true',
             machine_token=os.environ.get('MACHINE_TOKEN', ''),
             whitelist_paths=[]  # 初始化空的白名单路径列表
         )

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/skyplatform_iam/connect_agenterra_iam.py RENAMED Viewed

@@ -2,11 +2,16 @@ import requests
 import logging
 import traceback
 import copy
+import urllib3
 from enum import Enum
 from fastapi import HTTPException, status
 from .config import decode_jwt_token
+# 禁用 urllib3 的 InsecureRequestWarning 警告
+# 这样可以避免在使用自定义 HTTPS 地址（可能没有有效证书）时出现警告信息
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 class CredentialTypeEnum(str, Enum):
     """凭证类型枚举，与后端API保持一致"""
@@ -42,6 +47,21 @@ class ConnectAgenterraIam(object):
         if self._initialized:
             return
+        # 必须传入config参数，不再支持从环境变量读取
+        if config is None:
+            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+        # 保存配置对象，用于日志控制
+        self.config = config
+        # 根据配置设置日志级别
+        if hasattr(config, 'enable_sdk_logging') and not config.enable_sdk_logging:
+            # 禁用SDK日志时，设置为WARNING级别，只显示警告和错误
+            effective_log_level = logging.WARNING
+        else:
+            # 启用SDK日志时，使用传入的日志级别
+            effective_log_level = log_level
         # 配置日志记录器
         self.logger = logging.getLogger(logger_name)
         if not self.logger.handlers:
@@ -51,17 +71,15 @@ class ConnectAgenterraIam(object):
             )
             handler.setFormatter(formatter)
             self.logger.addHandler(handler)
-            self.logger.setLevel(log_level)
-        # 必须传入config参数，不再支持从环境变量读取
-        if config is None:
-            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+            self.logger.setLevel(effective_log_level)
         self.agenterra_iam_host = config.agenterra_iam_host
         self.server_name = config.server_name
         self.access_key = config.access_key
         self.machine_token = config.machine_token
-        self.logger.info("使用传入的AuthConfig配置")
+        if hasattr(config, 'enable_sdk_logging') and config.enable_sdk_logging:
+            self.logger.info("使用传入的AuthConfig配置")
         # 验证必要的配置
         if not self.agenterra_iam_host:
@@ -71,8 +89,9 @@ class ConnectAgenterraIam(object):
         if not self.access_key:
             self.logger.warning("AGENTERRA_ACCESS_KEY 配置未设置")
-        self.logger.info(
-            f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
+        if hasattr(config, 'enable_sdk_logging') and config.enable_sdk_logging:
+            self.logger.info(
+                f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
         self.headers = {
             "Content-Type": "application/json",
@@ -178,23 +197,27 @@ class ConnectAgenterraIam(object):
     def _log_request(self, method_name, url, headers, body):
         """记录请求信息"""
-        sanitized_headers = self._sanitize_log_data(headers)
-        sanitized_body = self._sanitize_log_data(body)
+        # 只有在启用SDK日志时才输出详细的请求信息
+        if hasattr(self, 'config') and hasattr(self.config, 'enable_sdk_logging') and self.config.enable_sdk_logging:
+            sanitized_headers = self._sanitize_log_data(headers)
+            sanitized_body = self._sanitize_log_data(body)
-        self.logger.info(f"[{method_name}] 发送请求 - URL: {url}")
-        self.logger.info(f"[{method_name}] 请求头: {sanitized_headers}")
-        self.logger.info(f"[{method_name}] 请求体: {sanitized_body}")
+            self.logger.info(f"[{method_name}] 发送请求 - URL: {url}")
+            self.logger.info(f"[{method_name}] 请求头: {sanitized_headers}")
+            self.logger.info(f"[{method_name}] 请求体: {sanitized_body}")
     def _log_response(self, method_name, response):
         """记录响应信息"""
-        try:
-            response_data = response.json() if response.content else {}
-            sanitized_response = self._sanitize_log_data(response_data)
-            self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
-            self.logger.info(f"[{method_name}] 响应内容: {sanitized_response}")
-        except Exception as e:
-            self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
-            self.logger.info(f"[{method_name}] 响应内容解析失败: {str(e)}")
+        # 只有在启用SDK日志时才输出详细的响应信息
+        if hasattr(self, 'config') and hasattr(self.config, 'enable_sdk_logging') and self.config.enable_sdk_logging:
+            try:
+                response_data = response.json() if response.content else {}
+                sanitized_response = self._sanitize_log_data(response_data)
+                self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
+                self.logger.info(f"[{method_name}] 响应内容: {sanitized_response}")
+            except Exception as e:
+                self.logger.info(f"[{method_name}] 响应状态码: {response.status_code}")
+                self.logger.info(f"[{method_name}] 响应内容解析失败: {str(e)}")
     def register(self, cred_type=None, cred_value=None, password=None, nickname=None, avatar_url=None,
                  username=None, phone=None):

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/skyplatform_iam/middleware.py RENAMED Viewed

@@ -76,7 +76,8 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 首先检查路径是否在本地白名单中
             if self.is_path_whitelisted(api_path):
-                logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
+                if self.config.enable_sdk_logging:
+                    logger.info(f"路径 {api_path} 在本地白名单中，跳过认证直接允许访问")
                 # 设置白名单标识
                 request.state.user = None
                 request.state.authenticated = False
@@ -106,9 +107,14 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 request.state.is_whitelist = True
             else:
                 if machine_token:
-                    payload = jwt.decode(machine_token, algorithms=["HS256"], options={"verify_signature": False})
-                    user_id = payload.get("sub", None)
-                    request.state.user_id = user_id
+                    try:
+                        payload = jwt.decode(machine_token, algorithms=["HS256"], options={"verify_signature": False})
+                        user_id = payload.get("sub", None)
+                        request.state.user_id = user_id
+                    except Exception as jwt_error:
+                        if self.config.enable_sdk_logging:
+                            logger.error(f"JWT解码失败: {str(jwt_error)}")
+                        # JWT解码失败时不设置user_id，但继续处理
                 # 正常认证接口，设置用户信息
                 request.state.user = user_info
@@ -138,9 +144,10 @@ class AuthMiddleware(BaseHTTPMiddleware):
                 detail=e.detail
             )
         except Exception as e:
-            logger.error(f"认证中间件处理异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            if self.config.enable_sdk_logging:
+                logger.error(f"认证中间件处理异常: {str(e)}")
+                if self.config.enable_debug:
+                    logger.exception("详细异常信息:")
             return self._create_error_response(
                 status_code=500,
@@ -155,13 +162,11 @@ class AuthMiddleware(BaseHTTPMiddleware):
         # 从Authorization头提取
         auth_header = request.headers.get(self.config.token_header)
         if auth_header and auth_header.startswith(self.config.token_prefix):
-            print("has auth_header: ", auth_header)
             return auth_header[len(self.config.token_prefix):].strip()
         # 从查询参数提取（备选方案）
         token = request.query_params.get("token")
         if token:
-            print("has token: ", token)
             return token
         return None
@@ -173,7 +178,6 @@ class AuthMiddleware(BaseHTTPMiddleware):
         # 从Authorization头提取
         machine_token = request.headers.get("MACHINE-TOKEN")
         if machine_token:
-            print("has MACHINE-TOKEN': ", machine_token)
             return machine_token
         return None
@@ -208,9 +212,10 @@ class AuthMiddleware(BaseHTTPMiddleware):
             # 重新抛出HTTP异常
             raise
         except Exception as e:
-            logger.error(f"Token验证异常: {str(e)}")
-            if self.config.enable_debug:
-                logger.exception("详细异常信息:")
+            if self.config.enable_sdk_logging:
+                logger.error(f"Token验证异常: {str(e)}")
+                if self.config.enable_debug:
+                    logger.exception("详细异常信息:")
             return None
     def _create_error_response(
@@ -265,7 +270,8 @@ class AuthService:
         # 首先检查路径是否在白名单中
         if self.is_path_whitelisted(api_path):
-            logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
+            if self.auth_config.enable_sdk_logging:
+                logger.info(f"路径 {api_path} 在白名单中，跳过IAM鉴权")
             return True
         credentials: HTTPAuthorizationCredentials = await self.security(request)
@@ -274,7 +280,6 @@ class AuthService:
         server_ak = request.headers.get("SERVER-AK", "")
         server_sk = request.headers.get("SERVER-SK", "")
         machine_token = request.headers.get("MACHINE-TOKEN", "")
-        print("248 machine_token:", machine_token)
         token = ""
         if credentials is not None:
@@ -301,7 +306,8 @@ class AuthService:
             # 直接解析JWT token获取payload
             payload = self.decode_jwt_token(token)
             if not payload:
-                logger.error("JWT token解析失败")
+                if self.auth_config.enable_sdk_logging:
+                    logger.error("JWT token解析失败")
                 return None
             # 从payload中提取用户信息
@@ -357,20 +363,23 @@ class AuthService:
             cred_types = [cred.get("type") for cred in all_credentials]
             cred_type_count = {cred_type: cred_types.count(cred_type) for cred_type in set(cred_types)}
-            logger.info(
-                f"用户认证成功: user_id={iam_user_id}, username={username}, 凭证数量={total_credentials}, 凭证类型分布={cred_type_count}")
-            logger.debug(f"JWT payload: {payload}")
+            if self.auth_config.enable_sdk_logging:
+                logger.info(
+                    f"用户认证成功: user_id={iam_user_id}, username={username}, 凭证数量={total_credentials}, 凭证类型分布={cred_type_count}")
+                logger.debug(f"JWT payload: {payload}")
             # 将用户信息添加到请求状态中
             request.state.user = user_info
             return user_info
         except HTTPException as e:
-            logger.error(f"获取当前用户信息失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"获取当前用户信息失败: {str(e)}")
             # 重新抛出HTTP异常（403权限不足）
             return None
         except Exception as e:
-            logger.error(f"获取当前用户信息失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"获取当前用户信息失败: {str(e)}")
             return None
     async def require_auth(self, request: Request) -> Dict:
@@ -402,13 +411,16 @@ class AuthService:
         try:
             # 不验证签名，只解析payload（因为token已经通过verify_token验证过）
             decoded_payload = jwt.decode(token, options={"verify_signature": False})
-            logger.debug(f"JWT token解析成功: {decoded_payload}")
+            if self.auth_config.enable_sdk_logging:
+                logger.debug(f"JWT token解析成功: {decoded_payload}")
             return decoded_payload
         except jwt.InvalidTokenError as e:
-            logger.error(f"JWT token解析失败: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"JWT token解析失败: {str(e)}")
             return None
         except Exception as e:
-            logger.error(f"JWT token解析异常: {str(e)}")
+            if self.auth_config.enable_sdk_logging:
+                logger.error(f"JWT token解析异常: {str(e)}")
             return None
@@ -425,7 +437,8 @@ def setup_auth_middleware(auth_config: AuthConfig) -> None:
     """
     global auth_service
     auth_service = AuthService(auth_config)
-    logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
+    if auth_config.enable_sdk_logging:
+        logger.info(f"认证中间件已配置，白名单路径数量: {len(auth_config.get_whitelist_paths())}")
 # 便捷的依赖函数

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/README.md RENAMED Viewed

File without changes

{skyplatform_iam-1.2.0 → skyplatform_iam-1.2.1}/skyplatform_iam/exceptions.py RENAMED Viewed

File without changes

skyplatform-iam 1.2.0__tar.gz → 1.2.1__tar.gz

skyplatform-iam 1.2.0tar.gz → 1.2.1tar.gz