240241002/ai_v
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d4b28a731a
ai_v/venv/Lib/site-packages/alibabacloud_credentials/provider/oauth.py
24024 af7c11d7f9 feat(api): 实现图像生成及后台同步功能 
- 新增图像生成接口,支持试用、积分和自定义API Key模式
- 实现生成图片结果异步上传至MinIO存储,带重试机制
- 优化积分预扣除和异常退还逻辑,保障用户积分准确
- 添加获取生成历史记录接口,支持时间范围和分页
- 提供本地字典配置接口,支持模型、比例、提示模板和尺寸
- 实现图片批量上传接口,支持S3兼容对象存储

feat(admin): 增加管理员角色管理与权限分配接口

- 实现角色列表查询、角色创建、更新及删除功能
- 增加权限列表查询接口
- 实现用户角色分配接口,便于统一管理用户权限
- 增加系统字典增删查改接口,支持分类过滤和排序
- 权限控制全面覆盖管理接口,保证安全访问

feat(auth): 完善用户登录注册及权限相关接口与页面

- 实现手机号验证码发送及校验功能,保障注册安全
- 支持手机号注册、登录及退出接口,集成日志记录
- 增加修改密码功能,验证原密码后更新
- 提供动态导航菜单接口,基于权限展示不同菜单
- 实现管理界面路由及日志、角色、字典管理页面访问权限控制
- 添加系统日志查询接口,支持关键词和等级筛选

feat(app): 初始化Flask应用并配置蓝图与数据库

- 创建应用程序工厂,加载配置,初始化数据库和Redis客户端
- 注册认证、API及管理员蓝图,整合路由
- 根路由渲染主页模板
- 应用上下文中自动创建数据库表,保证运行环境准备完毕

feat(database): 提供数据库创建与迁移支持脚本

- 新增数据库创建脚本,支持自动检测是否已存在
- 添加数据库表初始化脚本,支持创建和删除所有表
- 实现RBAC权限初始化,包含基础权限和角色创建
- 新增字段手动修复脚本,添加用户API Key和积分字段
- 强制迁移脚本支持清理连接和修复表结构,初始化默认数据及角色分配

feat(config): 新增系统配置参数

- 配置数据库、Redis、Session和MinIO相关参数
- 添加AI接口地址及试用Key配置
- 集成阿里云短信服务配置及开发模式相关参数

feat(extensions): 初始化数据库、Redis和MinIO客户端

- 创建全局SQLAlchemy数据库实例和Redis客户端
- 配置基于boto3的MinIO兼容S3客户端

chore(logs): 添加示例系统日志文件

- 记录用户请求、验证码发送成功与失败的日志信息
2026-01-12 00:53:31 +08:00

288 lines
12 KiB
Python
Raw Blame History

import calendar
import json
import logging
import time
from urllib.parse import urlparse, urlencode
from typing import Callable, Optional
from alibabacloud_credentials.provider.refreshable import Credentials, RefreshResult, RefreshCachedSupplier
from alibabacloud_credentials.http import HttpOptions
from Tea.core import TeaCore
from alibabacloud_credentials_api import ICredentialsProvider
from alibabacloud_credentials.utils import parameter_helper as ph
from alibabacloud_credentials.exceptions import CredentialException
log = logging.getLogger('credentials')
log.setLevel(logging.INFO)
ch = logging.StreamHandler()
log.addHandler(ch)
# OAuth 令牌更新回调函数类型
OAuthTokenUpdateCallback = Callable[[str, str, str, str, str, int, int], None]
OAuthTokenUpdateCallbackAsync = Callable[[str, str, str, str, str, int, int], None]
def _get_stale_time(expiration: int) -> int:
if expiration < 0:
return int(time.mktime(time.localtime())) + 60 * 60
return expiration - 15 * 60
class OAuthCredentialsProvider(ICredentialsProvider):
DEFAULT_CONNECT_TIMEOUT = 5000
DEFAULT_READ_TIMEOUT = 10000
def __init__(self, *,
client_id: str = None,
sign_in_url: str = None,
access_token: str = None,
access_token_expire: int = 0,
refresh_token: str = None,
http_options: HttpOptions = None,
token_update_callback: Optional[OAuthTokenUpdateCallback] = None,
token_update_callback_async: Optional[OAuthTokenUpdateCallbackAsync] = None):
if not client_id:
raise ValueError('the ClientId is empty')
if not sign_in_url:
raise ValueError('the url for sign-in is empty')
if not refresh_token:
raise ValueError('OAuth access token is empty or expired, please re-login with cli')
self._client_id = client_id
self._sign_in_url = sign_in_url
self._access_token = access_token
self._access_token_expire = access_token_expire
self._refresh_token = refresh_token
self._token_update_callback = token_update_callback
self._token_update_callback_async = token_update_callback_async
self._http_options = http_options if http_options is not None else HttpOptions()
self._runtime_options = {
'connectTimeout': self._http_options.connect_timeout if self._http_options.connect_timeout is not None else OAuthCredentialsProvider.DEFAULT_CONNECT_TIMEOUT,
'readTimeout': self._http_options.read_timeout if self._http_options.read_timeout is not None else OAuthCredentialsProvider.DEFAULT_READ_TIMEOUT,
'httpsProxy': self._http_options.proxy
}
self._credentials_cache = RefreshCachedSupplier(
refresh_callable=self._refresh_credentials,
refresh_callable_async=self._refresh_credentials_async,
)
def get_credentials(self) -> Credentials:
return self._credentials_cache._sync_call()
async def get_credentials_async(self) -> Credentials:
return await self._credentials_cache._async_call()
def _try_refresh_oauth_token(self) -> None:
current_time = int(time.mktime(time.localtime()))
# 构建刷新令牌请求
r = urlparse(self._sign_in_url)
tea_request = ph.get_new_request()
tea_request.headers['host'] = r.hostname
tea_request.port = r.port
tea_request.protocol = r.scheme
tea_request.method = 'POST'
tea_request.pathname = '/v1/token'
# 设置请求体
body_data = {
'grant_type': 'refresh_token',
'refresh_token': self._refresh_token,
'client_id': self._client_id,
'Timestamp': ph.get_iso_8061_date()
}
tea_request.body = urlencode(body_data)
tea_request.headers['Content-Type'] = 'application/x-www-form-urlencoded'
response = TeaCore.do_action(tea_request, self._runtime_options)
if response.status_code != 200:
raise CredentialException(f"failed to refresh OAuth token, status code: {response.status_code}, response: {response.body.decode('utf-8')}")
# 解析响应
dic = json.loads(response.body.decode('utf-8'))
if 'access_token' not in dic or 'refresh_token' not in dic:
raise CredentialException(f"failed to refresh OAuth token: {response.body.decode('utf-8')}")
# 更新令牌
new_access_token = dic.get('access_token')
new_refresh_token = dic.get('refresh_token')
expires_in = dic.get('expires_in', 3600)
new_access_token_expire = current_time + expires_in
self._access_token = new_access_token
self._refresh_token = new_refresh_token
self._access_token_expire = new_access_token_expire
async def _try_refresh_oauth_token_async(self) -> None:
current_time = int(time.mktime(time.localtime()))
# 构建刷新令牌请求
r = urlparse(self._sign_in_url)
tea_request = ph.get_new_request()
tea_request.headers['host'] = r.hostname
tea_request.port = r.port
tea_request.protocol = r.scheme
tea_request.method = 'POST'
tea_request.pathname = '/v1/token'
# 设置请求体
body_data = {
'grant_type': 'refresh_token',
'refresh_token': self._refresh_token,
'client_id': self._client_id,
'Timestamp': ph.get_iso_8061_date()
}
tea_request.body = urlencode(body_data)
tea_request.headers['Content-Type'] = 'application/x-www-form-urlencoded'
response = await TeaCore.async_do_action(tea_request, self._runtime_options)
if response.status_code != 200:
raise CredentialException(f"failed to refresh OAuth token, status code: {response.status_code}, response: {response.body.decode('utf-8')}")
# 解析响应
dic = json.loads(response.body.decode('utf-8'))
if 'access_token' not in dic or 'refresh_token' not in dic:
raise CredentialException(f"failed to refresh OAuth token: {response.body.decode('utf-8')}")
# 更新令牌
new_access_token = dic.get('access_token')
new_refresh_token = dic.get('refresh_token')
expires_in = dic.get('expires_in', 3600)
new_access_token_expire = current_time + expires_in
self._access_token = new_access_token
self._refresh_token = new_refresh_token
self._access_token_expire = new_access_token_expire
def _refresh_credentials(self) -> RefreshResult[Credentials]:
if self._access_token is None or self._access_token_expire <= 0 or self._access_token_expire - int(
time.mktime(time.localtime())) <= 180:
self._try_refresh_oauth_token()
r = urlparse(self._sign_in_url)
tea_request = ph.get_new_request()
tea_request.headers['host'] = r.hostname
tea_request.port = r.port
tea_request.protocol = r.scheme
tea_request.method = 'POST'
tea_request.pathname = '/v1/exchange'
tea_request.headers['Content-Type'] = 'application/json'
tea_request.headers['Authorization'] = f'Bearer {self._access_token}'
response = TeaCore.do_action(tea_request, self._runtime_options)
if response.status_code != 200:
raise CredentialException(
f"error refreshing credentials from OAuth, http_code: {response.status_code}, result: {response.body.decode('utf-8')}")
dic = json.loads(response.body.decode('utf-8'))
if 'error' in dic:
raise CredentialException(
f"error retrieving credentials from OAuth result: {response.body.decode('utf-8')}")
if 'AccessKeyId' not in dic or 'AccessKeySecret' not in dic or 'SecurityToken' not in dic:
raise CredentialException(
f"error retrieving credentials from OAuth result: {response.body.decode('utf-8')}")
# 先转换为时间数组
time_array = time.strptime(dic.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')
# 转换为时间戳
expiration = calendar.timegm(time_array)
credentials = Credentials(
access_key_id=dic.get('AccessKeyId'),
access_key_secret=dic.get('AccessKeySecret'),
security_token=dic.get('SecurityToken'),
expiration=expiration,
provider_name=self.get_provider_name()
)
# 调用令牌更新回调函数
if self._token_update_callback:
try:
self._token_update_callback(
self._refresh_token,
self._access_token,
credentials.get_access_key_id(),
credentials.get_access_key_secret(),
credentials.get_security_token(),
self._access_token_expire,
expiration
)
except Exception as e:
log.warning(f'failed to update OAuth tokens in config file: {e}')
return RefreshResult(value=credentials,
stale_time=_get_stale_time(expiration))
async def _refresh_credentials_async(self) -> RefreshResult[Credentials]:
if self._access_token is None or self._access_token_expire <= 0 or self._access_token_expire - int(
time.mktime(time.localtime())) <= 180:
await self._try_refresh_oauth_token_async()
r = urlparse(self._sign_in_url)
tea_request = ph.get_new_request()
tea_request.headers['host'] = r.hostname
tea_request.port = r.port
tea_request.protocol = r.scheme
tea_request.method = 'POST'
tea_request.pathname = '/v1/exchange'
tea_request.headers['Content-Type'] = 'application/json'
tea_request.headers['Authorization'] = f'Bearer {self._access_token}'
response = await TeaCore.async_do_action(tea_request, self._runtime_options)
if response.status_code != 200:
raise CredentialException(
f"error refreshing credentials from OAuth, http_code: {response.status_code}, result: {response.body.decode('utf-8')}")
dic = json.loads(response.body.decode('utf-8'))
if 'error' in dic:
raise CredentialException(
f"error retrieving credentials from OAuth result: {response.body.decode('utf-8')}")
if 'AccessKeyId' not in dic or 'AccessKeySecret' not in dic or 'SecurityToken' not in dic:
raise CredentialException(
f"error retrieving credentials from OAuth result: {response.body.decode('utf-8')}")
# 先转换为时间数组
time_array = time.strptime(dic.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')
# 转换为时间戳
expiration = calendar.timegm(time_array)
credentials = Credentials(
access_key_id=dic.get('AccessKeyId'),
access_key_secret=dic.get('AccessKeySecret'),
security_token=dic.get('SecurityToken'),
expiration=expiration,
provider_name=self.get_provider_name()
)
if self._token_update_callback_async:
try:
await self._token_update_callback_async(
self._refresh_token,
self._access_token,
credentials.get_access_key_id(),
credentials.get_access_key_secret(),
credentials.get_security_token(),
self._access_token_expire,
expiration
)
except Exception as e:
log.warning(f'failed to update OAuth tokens in config file: {e}')
return RefreshResult(value=credentials,
stale_time=_get_stale_time(expiration))
def _get_client_id(self) -> str:
"""获取客户端ID"""
return self._client_id
def get_provider_name(self) -> str:
return 'oauth'
Reference in New Issue View Git Blame Copy Permalink