ai_v/venv/Lib/site-packages/alibabacloud_credentials/provider/uri.py

import calendar
import json
import time
from urllib.parse import urlparse, parse_qs

from alibabacloud_credentials.provider.refreshable import Credentials, RefreshResult, RefreshCachedSupplier
from alibabacloud_credentials.http import HttpOptions
from Tea.core import TeaCore
from alibabacloud_credentials_api import ICredentialsProvider
from alibabacloud_credentials.utils import auth_util as au
from alibabacloud_credentials.utils import parameter_helper as ph
from alibabacloud_credentials.exceptions import CredentialException


def _get_stale_time(expiration: int) -> int:
    if expiration < 0:
        return int(time.mktime(time.localtime())) + 60 * 60
    return expiration - 15 * 60


class URLCredentialsProvider(ICredentialsProvider):
    DEFAULT_CONNECT_TIMEOUT = 5000
    DEFAULT_READ_TIMEOUT = 10000

    def __init__(self, *,
                 uri: str = None,
                 protocol: str = 'http',
                 http_options: HttpOptions = None):

        self._uri = uri or au.environment_credentials_uri
        if self._uri is None or self._uri == '':
            raise ValueError('uri or environment variable ALIBABA_CLOUD_CREDENTIALS_URI cannot be empty')
        self._protocol = protocol

        self._http_options = http_options if http_options is not None else HttpOptions()
        self._runtime_options = {
            'connectTimeout': self._http_options.connect_timeout if self._http_options.connect_timeout is not None else URLCredentialsProvider.DEFAULT_CONNECT_TIMEOUT,
            'readTimeout': self._http_options.read_timeout if self._http_options.read_timeout is not None else URLCredentialsProvider.DEFAULT_READ_TIMEOUT,
            'httpsProxy': self._http_options.proxy
        }
        self._credentials_cache = RefreshCachedSupplier(
            refresh_callable=self._refresh_credentials,
            refresh_callable_async=self._refresh_credentials_async,
        )

    def get_credentials(self) -> Credentials:
        return self._credentials_cache._sync_call()

    async def get_credentials_async(self) -> Credentials:
        return await self._credentials_cache._async_call()

    def _refresh_credentials(self) -> RefreshResult[Credentials]:
        r = urlparse(self._uri)
        tea_request = ph.get_new_request()
        tea_request.headers['host'] = r.hostname
        tea_request.port = r.port
        tea_request.protocol = r.scheme or self._protocol or 'http'
        tea_request.method = 'GET'
        tea_request.pathname = r.path
        for key, values in parse_qs(r.query).items():
            for value in values:
                tea_request.query[key] = value

        response = TeaCore.do_action(tea_request, self._runtime_options)

        if response.status_code != 200:
            raise CredentialException(
                f'error refreshing credentials from {self._uri},  http_code={str(response.status_code)}, result: {response.body.decode("utf-8")}')

        body = response.body.decode('utf-8')

        dic = json.loads(body)
        content_code = dic.get('Code')

        if content_code != "Success" or 'AccessKeyId' not in dic or 'AccessKeySecret' not in dic or 'SecurityToken' not in dic or 'Expiration' not in dic:
            raise CredentialException(
                f'error retrieving credentials from {self._uri} result: {response.body.decode("utf-8")}')

        # 先转换为时间数组
        time_array = time.strptime(dic.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')
        # 转换为时间戳
        expiration = calendar.timegm(time_array)
        credentials = Credentials(
            access_key_id=dic.get('AccessKeyId'),
            access_key_secret=dic.get('AccessKeySecret'),
            security_token=dic.get('SecurityToken'),
            expiration=expiration,
            provider_name=self.get_provider_name()
        )
        return RefreshResult(value=credentials,
                             stale_time=_get_stale_time(expiration))

    async def _refresh_credentials_async(self) -> RefreshResult[Credentials]:
        r = urlparse(self._uri)
        tea_request = ph.get_new_request()
        tea_request.headers['host'] = r.hostname
        tea_request.port = r.port
        tea_request.protocol = r.scheme or self._protocol or 'http'
        tea_request.method = 'GET'
        tea_request.pathname = r.path
        for key, values in parse_qs(r.query).items():
            for value in values:
                tea_request.query[key] = value

        response = await TeaCore.async_do_action(tea_request, self._runtime_options)

        if response.status_code != 200:
            raise CredentialException(
                f'error refreshing credentials from {self._uri},  http_code={str(response.status_code)}, result: {response.body.decode("utf-8")}')

        body = response.body.decode('utf-8')

        dic = json.loads(body)
        content_code = dic.get('Code')

        if content_code != "Success" or 'AccessKeyId' not in dic or 'AccessKeySecret' not in dic or 'SecurityToken' not in dic or 'Expiration' not in dic:
            raise CredentialException(
                f'error retrieving credentials from {self._uri} result: {response.body.decode("utf-8")}')

        # 先转换为时间数组
        time_array = time.strptime(dic.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')
        # 转换为时间戳
        expiration = calendar.timegm(time_array)
        credentials = Credentials(
            access_key_id=dic.get('AccessKeyId'),
            access_key_secret=dic.get('AccessKeySecret'),
            security_token=dic.get('SecurityToken'),
            expiration=expiration,
            provider_name=self.get_provider_name()
        )
        return RefreshResult(value=credentials,
                             stale_time=_get_stale_time(expiration))

    def get_provider_name(self) -> str:
        return 'credential_uri'
feat(api): 实现图像生成及后台同步功能 - 新增图像生成接口，支持试用、积分和自定义API Key模式 - 实现生成图片结果异步上传至MinIO存储，带重试机制 - 优化积分预扣除和异常退还逻辑，保障用户积分准确 - 添加获取生成历史记录接口，支持时间范围和分页 - 提供本地字典配置接口，支持模型、比例、提示模板和尺寸 - 实现图片批量上传接口，支持S3兼容对象存储 feat(admin): 增加管理员角色管理与权限分配接口 - 实现角色列表查询、角色创建、更新及删除功能 - 增加权限列表查询接口 - 实现用户角色分配接口，便于统一管理用户权限 - 增加系统字典增删查改接口，支持分类过滤和排序 - 权限控制全面覆盖管理接口，保证安全访问 feat(auth): 完善用户登录注册及权限相关接口与页面 - 实现手机号验证码发送及校验功能，保障注册安全 - 支持手机号注册、登录及退出接口，集成日志记录 - 增加修改密码功能，验证原密码后更新 - 提供动态导航菜单接口，基于权限展示不同菜单 - 实现管理界面路由及日志、角色、字典管理页面访问权限控制 - 添加系统日志查询接口，支持关键词和等级筛选 feat(app): 初始化Flask应用并配置蓝图与数据库 - 创建应用程序工厂，加载配置，初始化数据库和Redis客户端 - 注册认证、API及管理员蓝图，整合路由 - 根路由渲染主页模板 - 应用上下文中自动创建数据库表，保证运行环境准备完毕 feat(database): 提供数据库创建与迁移支持脚本 - 新增数据库创建脚本，支持自动检测是否已存在 - 添加数据库表初始化脚本，支持创建和删除所有表 - 实现RBAC权限初始化，包含基础权限和角色创建 - 新增字段手动修复脚本，添加用户API Key和积分字段 - 强制迁移脚本支持清理连接和修复表结构，初始化默认数据及角色分配 feat(config): 新增系统配置参数 - 配置数据库、Redis、Session和MinIO相关参数 - 添加AI接口地址及试用Key配置 - 集成阿里云短信服务配置及开发模式相关参数 feat(extensions): 初始化数据库、Redis和MinIO客户端 - 创建全局SQLAlchemy数据库实例和Redis客户端 - 配置基于boto3的MinIO兼容S3客户端 chore(logs): 添加示例系统日志文件 - 记录用户请求、验证码发送成功与失败的日志信息 2026-01-12 00:53:31 +08:00			`import calendar`
			`import json`
			`import time`
			`from urllib.parse import urlparse, parse_qs`

			`from alibabacloud_credentials.provider.refreshable import Credentials, RefreshResult, RefreshCachedSupplier`
			`from alibabacloud_credentials.http import HttpOptions`
			`from Tea.core import TeaCore`
			`from alibabacloud_credentials_api import ICredentialsProvider`
			`from alibabacloud_credentials.utils import auth_util as au`
			`from alibabacloud_credentials.utils import parameter_helper as ph`
			`from alibabacloud_credentials.exceptions import CredentialException`


			`def _get_stale_time(expiration: int) -> int:`
			`if expiration < 0:`
			`return int(time.mktime(time.localtime())) + 60 * 60`
			`return expiration - 15 * 60`


			`class URLCredentialsProvider(ICredentialsProvider):`
			`DEFAULT_CONNECT_TIMEOUT = 5000`
			`DEFAULT_READ_TIMEOUT = 10000`

			`def __init__(self, *,`
			`uri: str = None,`
			`protocol: str = 'http',`
			`http_options: HttpOptions = None):`

			`self._uri = uri or au.environment_credentials_uri`
			`if self._uri is None or self._uri == '':`
			`raise ValueError('uri or environment variable ALIBABA_CLOUD_CREDENTIALS_URI cannot be empty')`
			`self._protocol = protocol`

			`self._http_options = http_options if http_options is not None else HttpOptions()`
			`self._runtime_options = {`
			`'connectTimeout': self._http_options.connect_timeout if self._http_options.connect_timeout is not None else URLCredentialsProvider.DEFAULT_CONNECT_TIMEOUT,`
			`'readTimeout': self._http_options.read_timeout if self._http_options.read_timeout is not None else URLCredentialsProvider.DEFAULT_READ_TIMEOUT,`
			`'httpsProxy': self._http_options.proxy`
			`}`
			`self._credentials_cache = RefreshCachedSupplier(`
			`refresh_callable=self._refresh_credentials,`
			`refresh_callable_async=self._refresh_credentials_async,`
			`)`

			`def get_credentials(self) -> Credentials:`
			`return self._credentials_cache._sync_call()`

			`async def get_credentials_async(self) -> Credentials:`
			`return await self._credentials_cache._async_call()`

			`def _refresh_credentials(self) -> RefreshResult[Credentials]:`
			`r = urlparse(self._uri)`
			`tea_request = ph.get_new_request()`
			`tea_request.headers['host'] = r.hostname`
			`tea_request.port = r.port`
			`tea_request.protocol = r.scheme or self._protocol or 'http'`
			`tea_request.method = 'GET'`
			`tea_request.pathname = r.path`
			`for key, values in parse_qs(r.query).items():`
			`for value in values:`
			`tea_request.query[key] = value`

			`response = TeaCore.do_action(tea_request, self._runtime_options)`

			`if response.status_code != 200:`
			`raise CredentialException(`
			`f'error refreshing credentials from {self._uri}, http_code={str(response.status_code)}, result: {response.body.decode("utf-8")}')`

			`body = response.body.decode('utf-8')`

			`dic = json.loads(body)`
			`content_code = dic.get('Code')`

			`if content_code != "Success" or 'AccessKeyId' not in dic or 'AccessKeySecret' not in dic or 'SecurityToken' not in dic or 'Expiration' not in dic:`
			`raise CredentialException(`
			`f'error retrieving credentials from {self._uri} result: {response.body.decode("utf-8")}')`

			`# 先转换为时间数组`
			`time_array = time.strptime(dic.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')`
			`# 转换为时间戳`
			`expiration = calendar.timegm(time_array)`
			`credentials = Credentials(`
			`access_key_id=dic.get('AccessKeyId'),`
			`access_key_secret=dic.get('AccessKeySecret'),`
			`security_token=dic.get('SecurityToken'),`
			`expiration=expiration,`
			`provider_name=self.get_provider_name()`
			`)`
			`return RefreshResult(value=credentials,`
			`stale_time=_get_stale_time(expiration))`

			`async def _refresh_credentials_async(self) -> RefreshResult[Credentials]:`
			`r = urlparse(self._uri)`
			`tea_request = ph.get_new_request()`
			`tea_request.headers['host'] = r.hostname`
			`tea_request.port = r.port`
			`tea_request.protocol = r.scheme or self._protocol or 'http'`
			`tea_request.method = 'GET'`
			`tea_request.pathname = r.path`
			`for key, values in parse_qs(r.query).items():`
			`for value in values:`
			`tea_request.query[key] = value`

			`response = await TeaCore.async_do_action(tea_request, self._runtime_options)`

			`if response.status_code != 200:`
			`raise CredentialException(`
			`f'error refreshing credentials from {self._uri}, http_code={str(response.status_code)}, result: {response.body.decode("utf-8")}')`

			`body = response.body.decode('utf-8')`

			`dic = json.loads(body)`
			`content_code = dic.get('Code')`

			`if content_code != "Success" or 'AccessKeyId' not in dic or 'AccessKeySecret' not in dic or 'SecurityToken' not in dic or 'Expiration' not in dic:`
			`raise CredentialException(`
			`f'error retrieving credentials from {self._uri} result: {response.body.decode("utf-8")}')`

			`# 先转换为时间数组`
			`time_array = time.strptime(dic.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')`
			`# 转换为时间戳`
			`expiration = calendar.timegm(time_array)`
			`credentials = Credentials(`
			`access_key_id=dic.get('AccessKeyId'),`
			`access_key_secret=dic.get('AccessKeySecret'),`
			`security_token=dic.get('SecurityToken'),`
			`expiration=expiration,`
			`provider_name=self.get_provider_name()`
			`)`
			`return RefreshResult(value=credentials,`
			`stale_time=_get_stale_time(expiration))`

			`def get_provider_name(self) -> str:`
			`return 'credential_uri'`