upload project source code

2026-04-30 18:49:43 +08:00
commit 9b394ba682
2277 changed files with 660945 additions and 0 deletions
--- a/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/init.py
+++ b/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/init.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+
--- a/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/controller.py
+++ b/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/controller.py
@@ -0,0 +1,139 @@
+# -*- coding: utf-8 -*-
+
+from typing import Union, Dict
+from fastapi import APIRouter, Depends, Request
+from fastapi.responses import JSONResponse
+from sqlalchemy.ext.asyncio import AsyncSession
+from redis.asyncio.client import Redis
+
+from app.common.response import ErrorResponse, SuccessResponse
+from app.core.router_class import OperationLogRoute
+from app.core.security import CustomOAuth2PasswordRequestForm
+from app.core.logger import log
+from app.config.setting import settings
+from app.core.dependencies import (
+    db_getter,
+    get_current_user,
+    redis_getter
+)
+
+from .service import (
+    LoginService,
+    CaptchaService
+)
+from .schema import (
+    CaptchaOutSchema,
+    JWTOutSchema,
+    RefreshTokenPayloadSchema,
+    LogoutPayloadSchema
+)
+
+
+AuthRouter = APIRouter(route_class=OperationLogRoute, prefix="/auth", tags=["认证授权"])
+
+
+@AuthRouter.post("/login", summary="登录", description="登录", response_model=JWTOutSchema)
+async def login_for_access_token_controller(
+    request: Request,
+    redis: Redis = Depends(redis_getter), 
+    login_form: CustomOAuth2PasswordRequestForm = Depends(),
+    db: AsyncSession = Depends(db_getter),
+) -> Union[JSONResponse, Dict]:
+    """
+    用户登录
+
+    参数:
+    - request (Request): FastAPI请求对象
+    - login_form (CustomOAuth2PasswordRequestForm): 登录表单数据
+    - db (AsyncSession): 数据库会话对象
+        
+    返回:
+    - JWTOutSchema: 包含访问令牌和刷新令牌的响应模型
+        
+    异常:
+    - CustomException: 认证失败时抛出异常。
+    """
+    login_token = await LoginService.authenticate_user_service(request=request, redis=redis, login_form=login_form, db=db)
+
+    log.info(f"用户{login_form.username}登录成功")
+
+    # 如果是文档请求，则不记录日志:http://localhost:8000/api/v1/docs
+    if settings.DOCS_URL in request.headers.get("referer", ""):
+        return login_token.model_dump()
+    return SuccessResponse(data=login_token.model_dump(), msg="登录成功")
+
+
+@AuthRouter.post("/token/refresh", summary="刷新token", description="刷新token", response_model=JWTOutSchema, dependencies=[Depends(get_current_user)])
+async def get_new_token_controller(
+    request: Request,
+    payload: RefreshTokenPayloadSchema,
+    db: AsyncSession = Depends(db_getter),
+    redis: Redis = Depends(redis_getter) 
+) -> JSONResponse:
+    """
+    刷新token
+
+    参数:
+    - request (Request): FastAPI请求对象
+    - payload (RefreshTokenPayloadSchema): 刷新令牌负载模型
+        
+    返回:
+    - JWTOutSchema: 包含新的访问令牌和刷新令牌的响应模型
+        
+    异常:
+    - CustomException: 刷新令牌失败时抛出异常。
+    """
+    # 解析当前的访问Token以获取用户名
+    new_token = await LoginService.refresh_token_service(db=db, request=request, redis=redis, refresh_token=payload)
+    token_dict = new_token.model_dump()
+    log.info(f"刷新token成功: {token_dict}")
+    return SuccessResponse(data=token_dict, msg="刷新成功")
+
+
+@AuthRouter.get("/captcha/get", summary="获取验证码", description="获取登录验证码", response_model=CaptchaOutSchema)
+async def get_captcha_for_login_controller(
+    redis: Redis = Depends(redis_getter)
+) -> JSONResponse:
+    """
+    获取登录验证码
+
+    参数:
+    - redis (Redis): Redis客户端对象
+        
+    返回:
+    - CaptchaOutSchema: 包含验证码图片和key的响应模型
+        
+    异常:
+    - CustomException: 获取验证码失败时抛出异常。
+    """
+    # 获取验证码
+    captcha = await CaptchaService.get_captcha_service(redis=redis)
+    log.info(f"获取验证码成功")
+    return SuccessResponse(data=captcha, msg="获取验证码成功")
+
+
+@AuthRouter.post('/logout', summary="退出登录", description="退出登录", dependencies=[Depends(get_current_user)])
+async def logout_controller(
+    payload: LogoutPayloadSchema,
+    redis: Redis = Depends(redis_getter)
+) -> JSONResponse:
+    """
+    退出登录
+
+    参数:
+    - payload (LogoutPayloadSchema): 退出登录负载模型
+    - redis (Redis): Redis客户端对象
+        
+    返回:
+    - JSONResponse: 包含退出登录结果的响应模型
+        
+    异常:
+    - CustomException: 退出登录失败时抛出异常。
+    """
+    if await LoginService.logout_service(redis=redis, token=payload):
+        log.info('退出成功')
+        return SuccessResponse(msg='退出成功')
+    return ErrorResponse(msg='退出失败')
+
+
+
--- a/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/schema.py
+++ b/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/schema.py
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+
+from datetime import datetime
+from pydantic import ConfigDict, Field, BaseModel, model_validator
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from ..user.model import UserModel
+
+
+class AuthSchema(BaseModel):
+    """权限认证模型"""
+    model_config = ConfigDict(arbitrary_types_allowed=True)
+
+    user: UserModel | None = Field(default=None, description='用户信息')
+    check_data_scope: bool = Field(default=True, description='是否检查数据权限')
+    db: AsyncSession = Field(description='数据库会话')
+
+
+class JWTPayloadSchema(BaseModel):
+    """JWT载荷模型"""
+    sub: str = Field(..., description='用户登录信息')
+    is_refresh: bool = Field(default=False, description='是否刷新token')
+    exp: datetime | int = Field(..., description='过期时间')
+
+    @model_validator(mode='after')
+    def validate_fields(self):
+        if not self.sub or len(self.sub.strip()) == 0:
+            raise ValueError("会话编号不能为空")
+        return self
+
+
+class JWTOutSchema(BaseModel):
+    """JWT响应模型"""
+    model_config = ConfigDict(from_attributes=True)
+
+    access_token: str = Field(..., min_length=1, description='访问token')
+    refresh_token: str = Field(..., min_length=1, description='刷新token')
+    token_type: str = Field(default='Bearer', description='token类型')
+    expires_in: int = Field(..., gt=0, description='过期时间(秒)')
+
+
+class RefreshTokenPayloadSchema(BaseModel):
+    """刷新Token载荷模型"""
+    refresh_token: str = Field(..., min_length=1, description='刷新token')
+
+
+class LogoutPayloadSchema(BaseModel):
+    """退出登录载荷模型"""
+    token: str = Field(..., min_length=1, description='token')
+
+
+class CaptchaOutSchema(BaseModel):
+    """验证码响应模型"""
+    model_config = ConfigDict(from_attributes=True)
+
+    enable: bool = Field(default=True, description='是否启用验证码')
+    key: str = Field(..., min_length=1, description='验证码唯一标识')
+    img_base: str = Field(..., min_length=1, description='Base64编码的验证码图片')
+
+
+
--- a/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/service.py
+++ b/后端源码/yifan.action-ai.cn/api-bak/app/api/v1/module_system/auth/service.py
@@ -0,0 +1,377 @@
+# -*- coding: utf-8 -*-
+
+import json
+import uuid
+from typing import NewType
+from fastapi import Request
+from redis.asyncio.client import Redis
+from sqlalchemy.ext.asyncio import AsyncSession
+from datetime import datetime, timedelta
+from user_agents import parse
+
+from app.common.enums import RedisInitKeyConfig
+from app.utils.common_util import get_random_character
+from app.utils.captcha_util import CaptchaUtil
+from app.utils.ip_local_util import IpLocalUtil
+from app.utils.hash_bcrpy_util import PwdUtil
+from app.core.redis_crud import RedisCURD
+from app.core.exceptions import CustomException
+from app.core.logger import log
+from app.config.setting import settings
+from app.core.security import (
+    CustomOAuth2PasswordRequestForm,
+    create_access_token,
+    decode_access_token
+)
+
+from app.api.v1.module_monitor.online.schema import OnlineOutSchema
+from ..user.crud import UserCRUD
+from ..user.model import UserModel
+from .schema import (
+    JWTPayloadSchema,
+    JWTOutSchema,
+    AuthSchema,
+    CaptchaOutSchema,
+    LogoutPayloadSchema,
+    RefreshTokenPayloadSchema
+)
+
+CaptchaKey = NewType('CaptchaKey', str)
+CaptchaBase64 = NewType('CaptchaBase64', str)
+
+
+class LoginService:
+    """登录认证服务"""
+
+    @classmethod
+    async def authenticate_user_service(cls, request: Request, redis: Redis, login_form: CustomOAuth2PasswordRequestForm, db: AsyncSession) -> JWTOutSchema:
+        """
+        用户认证
+        
+        参数:
+        - request (Request): FastAPI请求对象
+        - login_form (CustomOAuth2PasswordRequestForm): 登录表单数据
+        - db (AsyncSession): 数据库会话对象
+            
+        返回:
+        - JWTOutSchema: 包含访问令牌和刷新令牌的响应模型
+            
+        异常:
+        - CustomException: 认证失败时抛出异常。
+        """
+        # 判断是否来自API文档
+        referer = request.headers.get('referer', '')
+        request_from_docs = referer.endswith(('docs', 'redoc'))
+        
+        # 验证码校验
+        if settings.CAPTCHA_ENABLE and not request_from_docs:
+            if not login_form.captcha_key or not login_form.captcha:
+                raise CustomException(msg="验证码不能为空")
+            await CaptchaService.check_captcha_service(redis=redis, key=login_form.captcha_key, captcha=login_form.captcha)
+
+        # 用户认证
+        auth = AuthSchema(db=db)
+        user = await UserCRUD(auth).get_by_username_crud(username=login_form.username)
+
+        if not user:
+            raise CustomException(msg="用户不存在")
+
+        if not PwdUtil.verify_password(plain_password=login_form.password, password_hash=user.password):
+            raise CustomException(msg="账号或密码错误")
+
+        if not user.status:
+            raise CustomException(msg="用户已被停用")
+        
+        # 更新最后登录时间
+        user = await UserCRUD(auth).update_last_login_crud(id=user.id)
+        if not user:
+            raise CustomException(msg="用户不存在")
+        if not login_form.login_type:
+            raise CustomException(msg="登录类型不能为空")
+
+        # 创建token
+        token = await cls.create_token_service(request=request, redis=redis, user=user, login_type=login_form.login_type)
+
+        return token
+
+    @classmethod
+    async def create_token_service(cls, request: Request, redis: Redis, user: UserModel, login_type: str) -> JWTOutSchema:
+        """
+        创建访问令牌和刷新令牌
+        
+        参数:
+        - request (Request): FastAPI请求对象
+        - redis (Redis): Redis客户端对象
+        - user (UserModel): 用户模型对象
+        - login_type (str): 登录类型
+            
+        返回:
+        - JWTOutSchema: 包含访问令牌和刷新令牌的响应模型
+            
+        异常:
+        - CustomException: 创建令牌失败时抛出异常。
+        """
+        # 生成会话编号
+        session_id = str(uuid.uuid4())
+        request.scope["session_id"] = session_id
+
+        user_agent = parse(request.headers.get("user-agent"))
+        request_ip = None
+        x_forwarded_for = request.headers.get('X-Forwarded-For')
+        if x_forwarded_for:
+            # 取第一个 IP 地址，通常为客户端真实 IP
+            request_ip = x_forwarded_for.split(',')[0].strip()
+        else:
+            # 若没有 X-Forwarded-For 头，则使用 request.client.host
+            if request.client:
+                request_ip = request.client.host
+            else:
+                request_ip = "127.0.0.1"
+
+        login_location = await IpLocalUtil.get_ip_location(request_ip)
+        request.scope["login_location"] = login_location
+        
+        # 确保在请求上下文中设置用户名和会话ID
+        request.scope["user_username"] = user.username
+
+        access_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+        refresh_expires = timedelta(minutes=settings.REFRESH_TOKEN_EXPIRE_MINUTES)
+        
+        now = datetime.now()
+        
+        # 记录租户信息到日志
+        log.info(f"用户ID: {user.id}, 用户名: {user.username} 正在生成JWT令牌")
+        
+        # 生成会话信息
+        session_info=OnlineOutSchema(
+            session_id=session_id,
+            user_id=user.id, 
+            name=user.name,
+            user_name=user.username,
+            ipaddr=request_ip,
+            login_location=login_location,
+            os=user_agent.os.family,
+            browser = user_agent.browser.family,
+            login_time=user.last_login,
+            login_type=login_type
+        ).model_dump_json()
+
+        access_token = create_access_token(payload=JWTPayloadSchema(
+            sub=session_info,
+            is_refresh=False,
+            exp=now + access_expires,
+        ))
+        refresh_token = create_access_token(payload=JWTPayloadSchema(
+            sub=session_info,
+            is_refresh=True,
+            exp=now + refresh_expires,
+        ))
+
+        # 设置新的token
+        await RedisCURD(redis).set(
+            key=f'{RedisInitKeyConfig.ACCESS_TOKEN.key}:{session_id}',
+            value=access_token,
+            expire=int(access_expires.total_seconds())
+        )
+
+        await RedisCURD(redis).set(
+            key=f'{RedisInitKeyConfig.REFRESH_TOKEN.key}:{session_id}',
+            value=refresh_token,
+            expire=int(refresh_expires.total_seconds())
+        )
+
+        return JWTOutSchema(
+            access_token=access_token,
+            refresh_token=refresh_token,
+            expires_in=int(access_expires.total_seconds()),
+            token_type=settings.TOKEN_TYPE
+        )
+
+    @classmethod
+    async def refresh_token_service(cls, db: AsyncSession, redis: Redis, request: Request, refresh_token: RefreshTokenPayloadSchema) -> JWTOutSchema:
+        """
+        刷新访问令牌
+        
+        参数:
+        - db (AsyncSession): 数据库会话对象
+        - redis (Redis): Redis客户端对象
+        - request (Request): FastAPI请求对象
+        - refresh_token (RefreshTokenPayloadSchema): 刷新令牌数据
+            
+        返回:
+        - JWTOutSchema: 新的令牌对象
+            
+        异常:
+        - CustomException: 刷新令牌无效时抛出异常
+        """
+        token_payload: JWTPayloadSchema = decode_access_token(token = refresh_token.refresh_token)
+        if not token_payload.is_refresh:
+            raise CustomException(msg="非法凭证，请传入刷新令牌")
+        
+        # 去 Redis 查完整信息
+        session_info = json.loads(token_payload.sub)
+        session_id = session_info.get("session_id")
+        user_id = session_info.get("user_id")
+
+        if not session_id or not user_id:
+            raise CustomException(msg="非法凭证,无法获取会话编号或用户ID")
+
+        # 用户认证
+        auth = AuthSchema(db=db)
+        user = await UserCRUD(auth).get_by_id_crud(id=user_id)
+        if not user:
+            raise CustomException(msg="刷新token失败，用户不存在")
+        
+        # 记录刷新令牌时的租户信息
+        log.info(f"用户ID: {user.id}, 用户名: {user.username} 正在刷新JWT令牌")
+
+        # 设置新的 token
+        access_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+        refresh_expires = timedelta(minutes=settings.REFRESH_TOKEN_EXPIRE_MINUTES)
+        now = datetime.now()
+
+        session_info_json = json.dumps(session_info)
+
+        access_token = create_access_token(payload=JWTPayloadSchema(
+            sub=session_info_json,
+            is_refresh=False,
+            exp=now + access_expires
+        ))
+
+        refresh_token_new = create_access_token(payload=JWTPayloadSchema(
+            sub=session_info_json,
+            is_refresh=True,
+            exp=now + refresh_expires
+        ))
+        
+        # 覆盖写入 Redis
+        await RedisCURD(redis).set(
+            key=f'{RedisInitKeyConfig.ACCESS_TOKEN.key}:{session_id}',
+            value=access_token,
+            expire=int(access_expires.total_seconds())
+        )
+
+        await RedisCURD(redis).set(
+            key=f'{RedisInitKeyConfig.REFRESH_TOKEN.key}:{session_id}',
+            value=refresh_token_new,
+            expire=int(refresh_expires.total_seconds())
+        )
+        
+        return JWTOutSchema(
+            access_token=access_token,
+            refresh_token=refresh_token_new,
+            token_type=settings.TOKEN_TYPE,
+            expires_in=int(access_expires.total_seconds())
+        )
+
+    @classmethod
+    async def logout_service(cls, redis: Redis, token: LogoutPayloadSchema) -> bool:
+        """
+        退出登录
+        
+        参数:
+        - redis (Redis): Redis客户端对象
+        - token (LogoutPayloadSchema): 退出登录令牌数据
+            
+        返回:
+        - bool: 退出成功返回True
+            
+        异常:
+        - CustomException: 令牌无效时抛出异常
+        """
+        payload: JWTPayloadSchema = decode_access_token(token=token.token)
+        session_info = json.loads(payload.sub)
+        session_id = session_info.get("session_id")
+        
+        if not session_id:
+            raise CustomException(msg="非法凭证,无法获取会话编号")
+
+        # 删除Redis中的在线用户、访问令牌、刷新令牌
+        await RedisCURD(redis).delete(f"{RedisInitKeyConfig.ACCESS_TOKEN.key}:{session_id}")
+        await RedisCURD(redis).delete(f"{RedisInitKeyConfig.REFRESH_TOKEN.key}:{session_id}")
+        
+        log.info(f"用户退出登录成功,会话编号:{session_id}")
+
+        return True
+
+
+class CaptchaService:
+    """验证码服务"""
+
+    @classmethod
+    async def get_captcha_service(cls, redis: Redis) -> dict[str, CaptchaKey | CaptchaBase64]:
+        """
+        获取验证码
+        
+        参数:
+        - redis (Redis): Redis客户端对象
+            
+        返回:
+        - dict[str, CaptchaKey | CaptchaBase64]: 包含验证码key和base64图片的字典
+            
+        异常:
+        - CustomException: 验证码服务未启用时抛出异常
+        """
+        if not settings.CAPTCHA_ENABLE:
+            raise CustomException(msg="未开启验证码服务")
+
+        # 生成验证码图片和值
+        captcha_base64, captcha_value = CaptchaUtil.captcha_arithmetic()
+        captcha_key = get_random_character()
+
+        # 保存到Redis并设置过期时间
+        redis_key = f"{RedisInitKeyConfig.CAPTCHA_CODES.key}:{captcha_key}"
+        await RedisCURD(redis).set(
+            key=redis_key,
+            value=captcha_value,
+            expire=settings.CAPTCHA_EXPIRE_SECONDS
+        )
+
+        log.info(f"生成验证码成功,验证码:{captcha_value}")
+
+        # 返回验证码信息
+        return CaptchaOutSchema(
+            enable=settings.CAPTCHA_ENABLE,
+            key=CaptchaKey(captcha_key),
+            img_base=CaptchaBase64(f"data:image/png;base64,{captcha_base64}")
+        ).model_dump()
+
+    @classmethod
+    async def check_captcha_service(cls, redis: Redis, key: str, captcha: str) -> bool:
+        """
+        校验验证码
+        
+        参数:
+        - redis (Redis): Redis客户端对象
+        - key (str): 验证码key
+        - captcha (str): 用户输入的验证码
+            
+        返回:
+        - bool: 验证通过返回True
+            
+        异常:
+        - CustomException: 验证码无效或错误时抛出异常
+        """
+        if not captcha:
+            raise CustomException(msg="验证码不能为空")
+
+        # 获取Redis中存储的验证码
+        redis_key = f'{RedisInitKeyConfig.CAPTCHA_CODES.key}:{key}'
+        
+        captcha_value = await RedisCURD(redis).get(redis_key)
+        if not captcha_value:
+            log.error('验证码已过期或不存在')
+            raise CustomException(msg="验证码已过期")
+
+        # 验证码不区分大小写比对
+        if captcha.lower() != captcha_value.lower():
+            log.error(f'验证码错误,用户输入:{captcha},正确值:{captcha_value}')
+            raise CustomException(msg="验证码错误")
+
+        # 验证成功后删除验证码,避免重复使用
+        await RedisCURD(redis).delete(redis_key)
+        log.info(f'验证码校验成功,key:{key}')
+        return True
+
+
+