24024
af7c11d7f9
- 新增图像生成接口,支持试用、积分和自定义API Key模式 - 实现生成图片结果异步上传至MinIO存储,带重试机制 - 优化积分预扣除和异常退还逻辑,保障用户积分准确 - 添加获取生成历史记录接口,支持时间范围和分页 - 提供本地字典配置接口,支持模型、比例、提示模板和尺寸 - 实现图片批量上传接口,支持S3兼容对象存储 feat(admin): 增加管理员角色管理与权限分配接口 - 实现角色列表查询、角色创建、更新及删除功能 - 增加权限列表查询接口 - 实现用户角色分配接口,便于统一管理用户权限 - 增加系统字典增删查改接口,支持分类过滤和排序 - 权限控制全面覆盖管理接口,保证安全访问 feat(auth): 完善用户登录注册及权限相关接口与页面 - 实现手机号验证码发送及校验功能,保障注册安全 - 支持手机号注册、登录及退出接口,集成日志记录 - 增加修改密码功能,验证原密码后更新 - 提供动态导航菜单接口,基于权限展示不同菜单 - 实现管理界面路由及日志、角色、字典管理页面访问权限控制 - 添加系统日志查询接口,支持关键词和等级筛选 feat(app): 初始化Flask应用并配置蓝图与数据库 - 创建应用程序工厂,加载配置,初始化数据库和Redis客户端 - 注册认证、API及管理员蓝图,整合路由 - 根路由渲染主页模板 - 应用上下文中自动创建数据库表,保证运行环境准备完毕 feat(database): 提供数据库创建与迁移支持脚本 - 新增数据库创建脚本,支持自动检测是否已存在 - 添加数据库表初始化脚本,支持创建和删除所有表 - 实现RBAC权限初始化,包含基础权限和角色创建 - 新增字段手动修复脚本,添加用户API Key和积分字段 - 强制迁移脚本支持清理连接和修复表结构,初始化默认数据及角色分配 feat(config): 新增系统配置参数 - 配置数据库、Redis、Session和MinIO相关参数 - 添加AI接口地址及试用Key配置 - 集成阿里云短信服务配置及开发模式相关参数 feat(extensions): 初始化数据库、Redis和MinIO客户端 - 创建全局SQLAlchemy数据库实例和Redis客户端 - 配置基于boto3的MinIO兼容S3客户端 chore(logs): 添加示例系统日志文件 - 记录用户请求、验证码发送成功与失败的日志信息
237 lines
7.7 KiB
Python
237 lines
7.7 KiB
Python
"""
|
|
Basic HTTP Proxy
|
|
================
|
|
|
|
.. autoclass:: ProxyMiddleware
|
|
|
|
:copyright: 2007 Pallets
|
|
:license: BSD-3-Clause
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import typing as t
|
|
from http import client
|
|
from urllib.parse import quote
|
|
from urllib.parse import urlsplit
|
|
|
|
from ..datastructures import EnvironHeaders
|
|
from ..http import is_hop_by_hop_header
|
|
from ..wsgi import get_input_stream
|
|
|
|
if t.TYPE_CHECKING:
|
|
from _typeshed.wsgi import StartResponse
|
|
from _typeshed.wsgi import WSGIApplication
|
|
from _typeshed.wsgi import WSGIEnvironment
|
|
|
|
|
|
class ProxyMiddleware:
|
|
"""Proxy requests under a path to an external server, routing other
|
|
requests to the app.
|
|
|
|
This middleware can only proxy HTTP requests, as HTTP is the only
|
|
protocol handled by the WSGI server. Other protocols, such as
|
|
WebSocket requests, cannot be proxied at this layer. This should
|
|
only be used for development, in production a real proxy server
|
|
should be used.
|
|
|
|
The middleware takes a dict mapping a path prefix to a dict
|
|
describing the host to be proxied to::
|
|
|
|
app = ProxyMiddleware(app, {
|
|
"/static/": {
|
|
"target": "http://127.0.0.1:5001/",
|
|
}
|
|
})
|
|
|
|
Each host has the following options:
|
|
|
|
``target``:
|
|
The target URL to dispatch to. This is required.
|
|
``remove_prefix``:
|
|
Whether to remove the prefix from the URL before dispatching it
|
|
to the target. The default is ``False``.
|
|
``host``:
|
|
``"<auto>"`` (default):
|
|
The host header is automatically rewritten to the URL of the
|
|
target.
|
|
``None``:
|
|
The host header is unmodified from the client request.
|
|
Any other value:
|
|
The host header is overwritten with the value.
|
|
``headers``:
|
|
A dictionary of headers to be sent with the request to the
|
|
target. The default is ``{}``.
|
|
``ssl_context``:
|
|
A :class:`ssl.SSLContext` defining how to verify requests if the
|
|
target is HTTPS. The default is ``None``.
|
|
|
|
In the example above, everything under ``"/static/"`` is proxied to
|
|
the server on port 5001. The host header is rewritten to the target,
|
|
and the ``"/static/"`` prefix is removed from the URLs.
|
|
|
|
:param app: The WSGI application to wrap.
|
|
:param targets: Proxy target configurations. See description above.
|
|
:param chunk_size: Size of chunks to read from input stream and
|
|
write to target.
|
|
:param timeout: Seconds before an operation to a target fails.
|
|
|
|
.. versionadded:: 0.14
|
|
"""
|
|
|
|
def __init__(
|
|
self,
|
|
app: WSGIApplication,
|
|
targets: t.Mapping[str, dict[str, t.Any]],
|
|
chunk_size: int = 2 << 13,
|
|
timeout: int = 10,
|
|
) -> None:
|
|
def _set_defaults(opts: dict[str, t.Any]) -> dict[str, t.Any]:
|
|
opts.setdefault("remove_prefix", False)
|
|
opts.setdefault("host", "<auto>")
|
|
opts.setdefault("headers", {})
|
|
opts.setdefault("ssl_context", None)
|
|
return opts
|
|
|
|
self.app = app
|
|
self.targets = {
|
|
f"/{k.strip('/')}/": _set_defaults(v) for k, v in targets.items()
|
|
}
|
|
self.chunk_size = chunk_size
|
|
self.timeout = timeout
|
|
|
|
def proxy_to(
|
|
self, opts: dict[str, t.Any], path: str, prefix: str
|
|
) -> WSGIApplication:
|
|
target = urlsplit(opts["target"])
|
|
# socket can handle unicode host, but header must be ascii
|
|
host = target.hostname.encode("idna").decode("ascii")
|
|
|
|
def application(
|
|
environ: WSGIEnvironment, start_response: StartResponse
|
|
) -> t.Iterable[bytes]:
|
|
headers = list(EnvironHeaders(environ).items())
|
|
headers[:] = [
|
|
(k, v)
|
|
for k, v in headers
|
|
if not is_hop_by_hop_header(k)
|
|
and k.lower() not in ("content-length", "host")
|
|
]
|
|
headers.append(("Connection", "close"))
|
|
|
|
if opts["host"] == "<auto>":
|
|
headers.append(("Host", host))
|
|
elif opts["host"] is None:
|
|
headers.append(("Host", environ["HTTP_HOST"]))
|
|
else:
|
|
headers.append(("Host", opts["host"]))
|
|
|
|
headers.extend(opts["headers"].items())
|
|
remote_path = path
|
|
|
|
if opts["remove_prefix"]:
|
|
remote_path = remote_path[len(prefix) :].lstrip("/")
|
|
remote_path = f"{target.path.rstrip('/')}/{remote_path}"
|
|
|
|
content_length = environ.get("CONTENT_LENGTH")
|
|
chunked = False
|
|
|
|
if content_length not in ("", None):
|
|
headers.append(("Content-Length", content_length)) # type: ignore
|
|
elif content_length is not None:
|
|
headers.append(("Transfer-Encoding", "chunked"))
|
|
chunked = True
|
|
|
|
try:
|
|
if target.scheme == "http":
|
|
con = client.HTTPConnection(
|
|
host, target.port or 80, timeout=self.timeout
|
|
)
|
|
elif target.scheme == "https":
|
|
con = client.HTTPSConnection(
|
|
host,
|
|
target.port or 443,
|
|
timeout=self.timeout,
|
|
context=opts["ssl_context"],
|
|
)
|
|
else:
|
|
raise RuntimeError(
|
|
"Target scheme must be 'http' or 'https', got"
|
|
f" {target.scheme!r}."
|
|
)
|
|
|
|
con.connect()
|
|
# safe = https://url.spec.whatwg.org/#url-path-segment-string
|
|
# as well as percent for things that are already quoted
|
|
remote_url = quote(remote_path, safe="!$&'()*+,/:;=@%")
|
|
querystring = environ["QUERY_STRING"]
|
|
|
|
if querystring:
|
|
remote_url = f"{remote_url}?{querystring}"
|
|
|
|
con.putrequest(environ["REQUEST_METHOD"], remote_url, skip_host=True)
|
|
|
|
for k, v in headers:
|
|
if k.lower() == "connection":
|
|
v = "close"
|
|
|
|
con.putheader(k, v)
|
|
|
|
con.endheaders()
|
|
stream = get_input_stream(environ)
|
|
|
|
while True:
|
|
data = stream.read(self.chunk_size)
|
|
|
|
if not data:
|
|
break
|
|
|
|
if chunked:
|
|
con.send(b"%x\r\n%s\r\n" % (len(data), data))
|
|
else:
|
|
con.send(data)
|
|
|
|
resp = con.getresponse()
|
|
except OSError:
|
|
from ..exceptions import BadGateway
|
|
|
|
return BadGateway()(environ, start_response)
|
|
|
|
start_response(
|
|
f"{resp.status} {resp.reason}",
|
|
[
|
|
(k.title(), v)
|
|
for k, v in resp.getheaders()
|
|
if not is_hop_by_hop_header(k)
|
|
],
|
|
)
|
|
|
|
def read() -> t.Iterator[bytes]:
|
|
while True:
|
|
try:
|
|
data = resp.read(self.chunk_size)
|
|
except OSError:
|
|
break
|
|
|
|
if not data:
|
|
break
|
|
|
|
yield data
|
|
|
|
return read()
|
|
|
|
return application
|
|
|
|
def __call__(
|
|
self, environ: WSGIEnvironment, start_response: StartResponse
|
|
) -> t.Iterable[bytes]:
|
|
path = environ["PATH_INFO"]
|
|
app = self.app
|
|
|
|
for prefix, opts in self.targets.items():
|
|
if path.startswith(prefix):
|
|
app = self.proxy_to(opts, path, prefix)
|
|
break
|
|
|
|
return app(environ, start_response)
|