ai_v/venv/Lib/site-packages/werkzeug/middleware/http_proxy.py

"""
Basic HTTP Proxy
================

.. autoclass:: ProxyMiddleware

:copyright: 2007 Pallets
:license: BSD-3-Clause
"""

from __future__ import annotations

import typing as t
from http import client
from urllib.parse import quote
from urllib.parse import urlsplit

from ..datastructures import EnvironHeaders
from ..http import is_hop_by_hop_header
from ..wsgi import get_input_stream

if t.TYPE_CHECKING:
    from _typeshed.wsgi import StartResponse
    from _typeshed.wsgi import WSGIApplication
    from _typeshed.wsgi import WSGIEnvironment


class ProxyMiddleware:
    """Proxy requests under a path to an external server, routing other
    requests to the app.

    This middleware can only proxy HTTP requests, as HTTP is the only
    protocol handled by the WSGI server. Other protocols, such as
    WebSocket requests, cannot be proxied at this layer. This should
    only be used for development, in production a real proxy server
    should be used.

    The middleware takes a dict mapping a path prefix to a dict
    describing the host to be proxied to::

        app = ProxyMiddleware(app, {
            "/static/": {
                "target": "http://127.0.0.1:5001/",
            }
        })

    Each host has the following options:

    ``target``:
        The target URL to dispatch to. This is required.
    ``remove_prefix``:
        Whether to remove the prefix from the URL before dispatching it
        to the target. The default is ``False``.
    ``host``:
        ``"<auto>"`` (default):
            The host header is automatically rewritten to the URL of the
            target.
        ``None``:
            The host header is unmodified from the client request.
        Any other value:
            The host header is overwritten with the value.
    ``headers``:
        A dictionary of headers to be sent with the request to the
        target. The default is ``{}``.
    ``ssl_context``:
        A :class:`ssl.SSLContext` defining how to verify requests if the
        target is HTTPS. The default is ``None``.

    In the example above, everything under ``"/static/"`` is proxied to
    the server on port 5001. The host header is rewritten to the target,
    and the ``"/static/"`` prefix is removed from the URLs.

    :param app: The WSGI application to wrap.
    :param targets: Proxy target configurations. See description above.
    :param chunk_size: Size of chunks to read from input stream and
        write to target.
    :param timeout: Seconds before an operation to a target fails.

    .. versionadded:: 0.14
    """

    def __init__(
        self,
        app: WSGIApplication,
        targets: t.Mapping[str, dict[str, t.Any]],
        chunk_size: int = 2 << 13,
        timeout: int = 10,
    ) -> None:
        def _set_defaults(opts: dict[str, t.Any]) -> dict[str, t.Any]:
            opts.setdefault("remove_prefix", False)
            opts.setdefault("host", "<auto>")
            opts.setdefault("headers", {})
            opts.setdefault("ssl_context", None)
            return opts

        self.app = app
        self.targets = {
            f"/{k.strip('/')}/": _set_defaults(v) for k, v in targets.items()
        }
        self.chunk_size = chunk_size
        self.timeout = timeout

    def proxy_to(
        self, opts: dict[str, t.Any], path: str, prefix: str
    ) -> WSGIApplication:
        target = urlsplit(opts["target"])
        # socket can handle unicode host, but header must be ascii
        host = target.hostname.encode("idna").decode("ascii")

        def application(
            environ: WSGIEnvironment, start_response: StartResponse
        ) -> t.Iterable[bytes]:
            headers = list(EnvironHeaders(environ).items())
            headers[:] = [
                (k, v)
                for k, v in headers
                if not is_hop_by_hop_header(k)
                and k.lower() not in ("content-length", "host")
            ]
            headers.append(("Connection", "close"))

            if opts["host"] == "<auto>":
                headers.append(("Host", host))
            elif opts["host"] is None:
                headers.append(("Host", environ["HTTP_HOST"]))
            else:
                headers.append(("Host", opts["host"]))

            headers.extend(opts["headers"].items())
            remote_path = path

            if opts["remove_prefix"]:
                remote_path = remote_path[len(prefix) :].lstrip("/")
                remote_path = f"{target.path.rstrip('/')}/{remote_path}"

            content_length = environ.get("CONTENT_LENGTH")
            chunked = False

            if content_length not in ("", None):
                headers.append(("Content-Length", content_length))  # type: ignore
            elif content_length is not None:
                headers.append(("Transfer-Encoding", "chunked"))
                chunked = True

            try:
                if target.scheme == "http":
                    con = client.HTTPConnection(
                        host, target.port or 80, timeout=self.timeout
                    )
                elif target.scheme == "https":
                    con = client.HTTPSConnection(
                        host,
                        target.port or 443,
                        timeout=self.timeout,
                        context=opts["ssl_context"],
                    )
                else:
                    raise RuntimeError(
                        "Target scheme must be 'http' or 'https', got"
                        f" {target.scheme!r}."
                    )

                con.connect()
                # safe = https://url.spec.whatwg.org/#url-path-segment-string
                # as well as percent for things that are already quoted
                remote_url = quote(remote_path, safe="!$&'()*+,/:;=@%")
                querystring = environ["QUERY_STRING"]

                if querystring:
                    remote_url = f"{remote_url}?{querystring}"

                con.putrequest(environ["REQUEST_METHOD"], remote_url, skip_host=True)

                for k, v in headers:
                    if k.lower() == "connection":
                        v = "close"

                    con.putheader(k, v)

                con.endheaders()
                stream = get_input_stream(environ)

                while True:
                    data = stream.read(self.chunk_size)

                    if not data:
                        break

                    if chunked:
                        con.send(b"%x\r\n%s\r\n" % (len(data), data))
                    else:
                        con.send(data)

                resp = con.getresponse()
            except OSError:
                from ..exceptions import BadGateway

                return BadGateway()(environ, start_response)

            start_response(
                f"{resp.status} {resp.reason}",
                [
                    (k.title(), v)
                    for k, v in resp.getheaders()
                    if not is_hop_by_hop_header(k)
                ],
            )

            def read() -> t.Iterator[bytes]:
                while True:
                    try:
                        data = resp.read(self.chunk_size)
                    except OSError:
                        break

                    if not data:
                        break

                    yield data

            return read()

        return application

    def __call__(
        self, environ: WSGIEnvironment, start_response: StartResponse
    ) -> t.Iterable[bytes]:
        path = environ["PATH_INFO"]
        app = self.app

        for prefix, opts in self.targets.items():
            if path.startswith(prefix):
                app = self.proxy_to(opts, path, prefix)
                break

        return app(environ, start_response)
feat(api): 实现图像生成及后台同步功能 - 新增图像生成接口，支持试用、积分和自定义API Key模式 - 实现生成图片结果异步上传至MinIO存储，带重试机制 - 优化积分预扣除和异常退还逻辑，保障用户积分准确 - 添加获取生成历史记录接口，支持时间范围和分页 - 提供本地字典配置接口，支持模型、比例、提示模板和尺寸 - 实现图片批量上传接口，支持S3兼容对象存储 feat(admin): 增加管理员角色管理与权限分配接口 - 实现角色列表查询、角色创建、更新及删除功能 - 增加权限列表查询接口 - 实现用户角色分配接口，便于统一管理用户权限 - 增加系统字典增删查改接口，支持分类过滤和排序 - 权限控制全面覆盖管理接口，保证安全访问 feat(auth): 完善用户登录注册及权限相关接口与页面 - 实现手机号验证码发送及校验功能，保障注册安全 - 支持手机号注册、登录及退出接口，集成日志记录 - 增加修改密码功能，验证原密码后更新 - 提供动态导航菜单接口，基于权限展示不同菜单 - 实现管理界面路由及日志、角色、字典管理页面访问权限控制 - 添加系统日志查询接口，支持关键词和等级筛选 feat(app): 初始化Flask应用并配置蓝图与数据库 - 创建应用程序工厂，加载配置，初始化数据库和Redis客户端 - 注册认证、API及管理员蓝图，整合路由 - 根路由渲染主页模板 - 应用上下文中自动创建数据库表，保证运行环境准备完毕 feat(database): 提供数据库创建与迁移支持脚本 - 新增数据库创建脚本，支持自动检测是否已存在 - 添加数据库表初始化脚本，支持创建和删除所有表 - 实现RBAC权限初始化，包含基础权限和角色创建 - 新增字段手动修复脚本，添加用户API Key和积分字段 - 强制迁移脚本支持清理连接和修复表结构，初始化默认数据及角色分配 feat(config): 新增系统配置参数 - 配置数据库、Redis、Session和MinIO相关参数 - 添加AI接口地址及试用Key配置 - 集成阿里云短信服务配置及开发模式相关参数 feat(extensions): 初始化数据库、Redis和MinIO客户端 - 创建全局SQLAlchemy数据库实例和Redis客户端 - 配置基于boto3的MinIO兼容S3客户端 chore(logs): 添加示例系统日志文件 - 记录用户请求、验证码发送成功与失败的日志信息 2026-01-12 00:53:31 +08:00			`"""`
			`Basic HTTP Proxy`
			`================`

			`.. autoclass:: ProxyMiddleware`

			`:copyright: 2007 Pallets`
			`:license: BSD-3-Clause`
			`"""`

			`from __future__ import annotations`

			`import typing as t`
			`from http import client`
			`from urllib.parse import quote`
			`from urllib.parse import urlsplit`

			`from ..datastructures import EnvironHeaders`
			`from ..http import is_hop_by_hop_header`
			`from ..wsgi import get_input_stream`

			`if t.TYPE_CHECKING:`
			`from _typeshed.wsgi import StartResponse`
			`from _typeshed.wsgi import WSGIApplication`
			`from _typeshed.wsgi import WSGIEnvironment`


			`class ProxyMiddleware:`
			`"""Proxy requests under a path to an external server, routing other`
			`requests to the app.`

			`This middleware can only proxy HTTP requests, as HTTP is the only`
			`protocol handled by the WSGI server. Other protocols, such as`
			`WebSocket requests, cannot be proxied at this layer. This should`
			`only be used for development, in production a real proxy server`
			`should be used.`

			`The middleware takes a dict mapping a path prefix to a dict`
			`describing the host to be proxied to::`

			`app = ProxyMiddleware(app, {`
			`"/static/": {`
			`"target": "http://127.0.0.1:5001/",`
			`}`
			`})`

			`Each host has the following options:`

			``target``:
			`The target URL to dispatch to. This is required.`
			``remove_prefix``:
			`Whether to remove the prefix from the URL before dispatching it`
			to the target. The default is ``False``.
			``host``:
			``"<auto>"`` (default):
			`The host header is automatically rewritten to the URL of the`
			`target.`
			``None``:
			`The host header is unmodified from the client request.`
			`Any other value:`
			`The host header is overwritten with the value.`
			``headers``:
			`A dictionary of headers to be sent with the request to the`
			target. The default is ``{}``.
			``ssl_context``:
			A :class:`ssl.SSLContext` defining how to verify requests if the
			target is HTTPS. The default is ``None``.

			In the example above, everything under ``"/static/"`` is proxied to
			`the server on port 5001. The host header is rewritten to the target,`
			and the ``"/static/"`` prefix is removed from the URLs.

			`:param app: The WSGI application to wrap.`
			`:param targets: Proxy target configurations. See description above.`
			`:param chunk_size: Size of chunks to read from input stream and`
			`write to target.`
			`:param timeout: Seconds before an operation to a target fails.`

			`.. versionadded:: 0.14`
			`"""`

			`def __init__(`
			`self,`
			`app: WSGIApplication,`
			`targets: t.Mapping[str, dict[str, t.Any]],`
			`chunk_size: int = 2 << 13,`
			`timeout: int = 10,`
			`) -> None:`
			`def _set_defaults(opts: dict[str, t.Any]) -> dict[str, t.Any]:`
			`opts.setdefault("remove_prefix", False)`
			`opts.setdefault("host", "<auto>")`
			`opts.setdefault("headers", {})`
			`opts.setdefault("ssl_context", None)`
			`return opts`

			`self.app = app`
			`self.targets = {`
			`f"/{k.strip('/')}/": _set_defaults(v) for k, v in targets.items()`
			`}`
			`self.chunk_size = chunk_size`
			`self.timeout = timeout`

			`def proxy_to(`
			`self, opts: dict[str, t.Any], path: str, prefix: str`
			`) -> WSGIApplication:`
			`target = urlsplit(opts["target"])`
			`# socket can handle unicode host, but header must be ascii`
			`host = target.hostname.encode("idna").decode("ascii")`

			`def application(`
			`environ: WSGIEnvironment, start_response: StartResponse`
			`) -> t.Iterable[bytes]:`
			`headers = list(EnvironHeaders(environ).items())`
			`headers[:] = [`
			`(k, v)`
			`for k, v in headers`
			`if not is_hop_by_hop_header(k)`
			`and k.lower() not in ("content-length", "host")`
			`]`
			`headers.append(("Connection", "close"))`

			`if opts["host"] == "<auto>":`
			`headers.append(("Host", host))`
			`elif opts["host"] is None:`
			`headers.append(("Host", environ["HTTP_HOST"]))`
			`else:`
			`headers.append(("Host", opts["host"]))`

			`headers.extend(opts["headers"].items())`
			`remote_path = path`

			`if opts["remove_prefix"]:`
			`remote_path = remote_path[len(prefix) :].lstrip("/")`
			`remote_path = f"{target.path.rstrip('/')}/{remote_path}"`

			`content_length = environ.get("CONTENT_LENGTH")`
			`chunked = False`

			`if content_length not in ("", None):`
			`headers.append(("Content-Length", content_length)) # type: ignore`
			`elif content_length is not None:`
			`headers.append(("Transfer-Encoding", "chunked"))`
			`chunked = True`

			`try:`
			`if target.scheme == "http":`
			`con = client.HTTPConnection(`
			`host, target.port or 80, timeout=self.timeout`
			`)`
			`elif target.scheme == "https":`
			`con = client.HTTPSConnection(`
			`host,`
			`target.port or 443,`
			`timeout=self.timeout,`
			`context=opts["ssl_context"],`
			`)`
			`else:`
			`raise RuntimeError(`
			`"Target scheme must be 'http' or 'https', got"`
			`f" {target.scheme!r}."`
			`)`

			`con.connect()`
			`# safe = https://url.spec.whatwg.org/#url-path-segment-string`
			`# as well as percent for things that are already quoted`
			`remote_url = quote(remote_path, safe="!$&'()*+,/:;=@%")`
			`querystring = environ["QUERY_STRING"]`

			`if querystring:`
			`remote_url = f"{remote_url}?{querystring}"`

			`con.putrequest(environ["REQUEST_METHOD"], remote_url, skip_host=True)`

			`for k, v in headers:`
			`if k.lower() == "connection":`
			`v = "close"`

			`con.putheader(k, v)`

			`con.endheaders()`
			`stream = get_input_stream(environ)`

			`while True:`
			`data = stream.read(self.chunk_size)`

			`if not data:`
			`break`

			`if chunked:`
			`con.send(b"%x\r\n%s\r\n" % (len(data), data))`
			`else:`
			`con.send(data)`

			`resp = con.getresponse()`
			`except OSError:`
			`from ..exceptions import BadGateway`

			`return BadGateway()(environ, start_response)`

			`start_response(`
			`f"{resp.status} {resp.reason}",`
			`[`
			`(k.title(), v)`
			`for k, v in resp.getheaders()`
			`if not is_hop_by_hop_header(k)`
			`],`
			`)`

			`def read() -> t.Iterator[bytes]:`
			`while True:`
			`try:`
			`data = resp.read(self.chunk_size)`
			`except OSError:`
			`break`

			`if not data:`
			`break`

			`yield data`

			`return read()`

			`return application`

			`def __call__(`
			`self, environ: WSGIEnvironment, start_response: StartResponse`
			`) -> t.Iterable[bytes]:`
			`path = environ["PATH_INFO"]`
			`app = self.app`

			`for prefix, opts in self.targets.items():`
			`if path.startswith(prefix):`
			`app = self.proxy_to(opts, path, prefix)`
			`break`

			`return app(environ, start_response)`