24024
af7c11d7f9
- 新增图像生成接口,支持试用、积分和自定义API Key模式 - 实现生成图片结果异步上传至MinIO存储,带重试机制 - 优化积分预扣除和异常退还逻辑,保障用户积分准确 - 添加获取生成历史记录接口,支持时间范围和分页 - 提供本地字典配置接口,支持模型、比例、提示模板和尺寸 - 实现图片批量上传接口,支持S3兼容对象存储 feat(admin): 增加管理员角色管理与权限分配接口 - 实现角色列表查询、角色创建、更新及删除功能 - 增加权限列表查询接口 - 实现用户角色分配接口,便于统一管理用户权限 - 增加系统字典增删查改接口,支持分类过滤和排序 - 权限控制全面覆盖管理接口,保证安全访问 feat(auth): 完善用户登录注册及权限相关接口与页面 - 实现手机号验证码发送及校验功能,保障注册安全 - 支持手机号注册、登录及退出接口,集成日志记录 - 增加修改密码功能,验证原密码后更新 - 提供动态导航菜单接口,基于权限展示不同菜单 - 实现管理界面路由及日志、角色、字典管理页面访问权限控制 - 添加系统日志查询接口,支持关键词和等级筛选 feat(app): 初始化Flask应用并配置蓝图与数据库 - 创建应用程序工厂,加载配置,初始化数据库和Redis客户端 - 注册认证、API及管理员蓝图,整合路由 - 根路由渲染主页模板 - 应用上下文中自动创建数据库表,保证运行环境准备完毕 feat(database): 提供数据库创建与迁移支持脚本 - 新增数据库创建脚本,支持自动检测是否已存在 - 添加数据库表初始化脚本,支持创建和删除所有表 - 实现RBAC权限初始化,包含基础权限和角色创建 - 新增字段手动修复脚本,添加用户API Key和积分字段 - 强制迁移脚本支持清理连接和修复表结构,初始化默认数据及角色分配 feat(config): 新增系统配置参数 - 配置数据库、Redis、Session和MinIO相关参数 - 添加AI接口地址及试用Key配置 - 集成阿里云短信服务配置及开发模式相关参数 feat(extensions): 初始化数据库、Redis和MinIO客户端 - 创建全局SQLAlchemy数据库实例和Redis客户端 - 配置基于boto3的MinIO兼容S3客户端 chore(logs): 添加示例系统日志文件 - 记录用户请求、验证码发送成功与失败的日志信息
170 lines
5.0 KiB
Python
170 lines
5.0 KiB
Python
# This file is dual licensed under the terms of the Apache License, Version
|
|
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
# for complete details.
|
|
|
|
from __future__ import annotations
|
|
|
|
import abc
|
|
|
|
from cryptography import utils
|
|
from cryptography.hazmat.primitives.hashes import HashAlgorithm
|
|
|
|
# This exists to break an import cycle. These classes are normally accessible
|
|
# from the serialization module.
|
|
|
|
|
|
class PBES(utils.Enum):
|
|
PBESv1SHA1And3KeyTripleDESCBC = "PBESv1 using SHA1 and 3-Key TripleDES"
|
|
PBESv2SHA256AndAES256CBC = "PBESv2 using SHA256 PBKDF2 and AES256 CBC"
|
|
|
|
|
|
class Encoding(utils.Enum):
|
|
PEM = "PEM"
|
|
DER = "DER"
|
|
OpenSSH = "OpenSSH"
|
|
Raw = "Raw"
|
|
X962 = "ANSI X9.62"
|
|
SMIME = "S/MIME"
|
|
|
|
|
|
class PrivateFormat(utils.Enum):
|
|
PKCS8 = "PKCS8"
|
|
TraditionalOpenSSL = "TraditionalOpenSSL"
|
|
Raw = "Raw"
|
|
OpenSSH = "OpenSSH"
|
|
PKCS12 = "PKCS12"
|
|
|
|
def encryption_builder(self) -> KeySerializationEncryptionBuilder:
|
|
if self not in (PrivateFormat.OpenSSH, PrivateFormat.PKCS12):
|
|
raise ValueError(
|
|
"encryption_builder only supported with PrivateFormat.OpenSSH"
|
|
" and PrivateFormat.PKCS12"
|
|
)
|
|
return KeySerializationEncryptionBuilder(self)
|
|
|
|
|
|
class PublicFormat(utils.Enum):
|
|
SubjectPublicKeyInfo = "X.509 subjectPublicKeyInfo with PKCS#1"
|
|
PKCS1 = "Raw PKCS#1"
|
|
OpenSSH = "OpenSSH"
|
|
Raw = "Raw"
|
|
CompressedPoint = "X9.62 Compressed Point"
|
|
UncompressedPoint = "X9.62 Uncompressed Point"
|
|
|
|
|
|
class ParameterFormat(utils.Enum):
|
|
PKCS3 = "PKCS3"
|
|
|
|
|
|
class KeySerializationEncryption(metaclass=abc.ABCMeta):
|
|
pass
|
|
|
|
|
|
class BestAvailableEncryption(KeySerializationEncryption):
|
|
def __init__(self, password: bytes):
|
|
if not isinstance(password, bytes) or len(password) == 0:
|
|
raise ValueError("Password must be 1 or more bytes.")
|
|
|
|
self.password = password
|
|
|
|
|
|
class NoEncryption(KeySerializationEncryption):
|
|
pass
|
|
|
|
|
|
class KeySerializationEncryptionBuilder:
|
|
def __init__(
|
|
self,
|
|
format: PrivateFormat,
|
|
*,
|
|
_kdf_rounds: int | None = None,
|
|
_hmac_hash: HashAlgorithm | None = None,
|
|
_key_cert_algorithm: PBES | None = None,
|
|
) -> None:
|
|
self._format = format
|
|
|
|
self._kdf_rounds = _kdf_rounds
|
|
self._hmac_hash = _hmac_hash
|
|
self._key_cert_algorithm = _key_cert_algorithm
|
|
|
|
def kdf_rounds(self, rounds: int) -> KeySerializationEncryptionBuilder:
|
|
if self._kdf_rounds is not None:
|
|
raise ValueError("kdf_rounds already set")
|
|
|
|
if not isinstance(rounds, int):
|
|
raise TypeError("kdf_rounds must be an integer")
|
|
|
|
if rounds < 1:
|
|
raise ValueError("kdf_rounds must be a positive integer")
|
|
|
|
return KeySerializationEncryptionBuilder(
|
|
self._format,
|
|
_kdf_rounds=rounds,
|
|
_hmac_hash=self._hmac_hash,
|
|
_key_cert_algorithm=self._key_cert_algorithm,
|
|
)
|
|
|
|
def hmac_hash(
|
|
self, algorithm: HashAlgorithm
|
|
) -> KeySerializationEncryptionBuilder:
|
|
if self._format is not PrivateFormat.PKCS12:
|
|
raise TypeError(
|
|
"hmac_hash only supported with PrivateFormat.PKCS12"
|
|
)
|
|
|
|
if self._hmac_hash is not None:
|
|
raise ValueError("hmac_hash already set")
|
|
return KeySerializationEncryptionBuilder(
|
|
self._format,
|
|
_kdf_rounds=self._kdf_rounds,
|
|
_hmac_hash=algorithm,
|
|
_key_cert_algorithm=self._key_cert_algorithm,
|
|
)
|
|
|
|
def key_cert_algorithm(
|
|
self, algorithm: PBES
|
|
) -> KeySerializationEncryptionBuilder:
|
|
if self._format is not PrivateFormat.PKCS12:
|
|
raise TypeError(
|
|
"key_cert_algorithm only supported with "
|
|
"PrivateFormat.PKCS12"
|
|
)
|
|
if self._key_cert_algorithm is not None:
|
|
raise ValueError("key_cert_algorithm already set")
|
|
return KeySerializationEncryptionBuilder(
|
|
self._format,
|
|
_kdf_rounds=self._kdf_rounds,
|
|
_hmac_hash=self._hmac_hash,
|
|
_key_cert_algorithm=algorithm,
|
|
)
|
|
|
|
def build(self, password: bytes) -> KeySerializationEncryption:
|
|
if not isinstance(password, bytes) or len(password) == 0:
|
|
raise ValueError("Password must be 1 or more bytes.")
|
|
|
|
return _KeySerializationEncryption(
|
|
self._format,
|
|
password,
|
|
kdf_rounds=self._kdf_rounds,
|
|
hmac_hash=self._hmac_hash,
|
|
key_cert_algorithm=self._key_cert_algorithm,
|
|
)
|
|
|
|
|
|
class _KeySerializationEncryption(KeySerializationEncryption):
|
|
def __init__(
|
|
self,
|
|
format: PrivateFormat,
|
|
password: bytes,
|
|
*,
|
|
kdf_rounds: int | None,
|
|
hmac_hash: HashAlgorithm | None,
|
|
key_cert_algorithm: PBES | None,
|
|
):
|
|
self._format = format
|
|
self.password = password
|
|
|
|
self._kdf_rounds = kdf_rounds
|
|
self._hmac_hash = hmac_hash
|
|
self._key_cert_algorithm = key_cert_algorithm
|