2023-02-28 13:52:51 +08:00
|
|
|
from typing import List
|
|
|
|
|
|
|
|
|
|
from jose import jwt
|
|
|
|
|
from datetime import datetime, timedelta
|
|
|
|
|
from fastapi import Header, HTTPException
|
|
|
|
|
from Schemas.UserSchemas import TokenData
|
|
|
|
|
|
|
|
|
|
SECRET_KEY = "MADASDZXC255f"
|
|
|
|
|
ALGORITHM = "HS256"
|
|
|
|
|
|
|
|
|
|
|
2023-06-30 13:39:24 +08:00
|
|
|
def create_token(data: dict, secret_key=SECRET_KEY, algorithm=ALGORITHM, expires_delta: timedelta = timedelta(days=7)):
|
2023-02-28 13:52:51 +08:00
|
|
|
# 设置加密数据
|
|
|
|
|
to_encode_body = dict()
|
|
|
|
|
to_encode_body.update(data.copy())
|
|
|
|
|
# 设置过期时间
|
|
|
|
|
if expires_delta:
|
|
|
|
|
expire = datetime.utcnow() + expires_delta
|
|
|
|
|
to_encode_body.update({"exp": expire})
|
|
|
|
|
# Token编码
|
|
|
|
|
encoded_jwt = jwt.encode(to_encode_body, secret_key, algorithm=algorithm)
|
|
|
|
|
return encoded_jwt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def decode_token(token: str, secret_key: str, algorithms: List[str] = ['HS256']):
|
|
|
|
|
payload = jwt.decode(token, secret_key, algorithms=algorithms)
|
|
|
|
|
return payload
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Token:
|
|
|
|
|
SECRET_KEY = SECRET_KEY
|
|
|
|
|
ALGORITHM = ALGORITHM
|
|
|
|
|
|
|
|
|
|
@classmethod
|
2023-06-30 13:39:24 +08:00
|
|
|
def create_token(cls, data: dict, expires_delta: timedelta = timedelta(days=7)):
|
2023-02-28 13:52:51 +08:00
|
|
|
return create_token(data, cls.SECRET_KEY, cls.ALGORITHM, expires_delta)
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def decode_token(cls, token: str):
|
|
|
|
|
payload = decode_token(token, cls.SECRET_KEY, algorithms=[cls.ALGORITHM])
|
|
|
|
|
return payload
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def token_data_depend(Authorization: str = Header(None)) -> TokenData:
|
|
|
|
|
try:
|
2023-03-09 16:33:39 +08:00
|
|
|
# print(Authorization, "Authorization")
|
2023-03-02 15:19:14 +08:00
|
|
|
jwt_token = Authorization.split(" ")[-1]
|
2023-02-28 13:52:51 +08:00
|
|
|
payload = Token.decode_token(jwt_token)
|
|
|
|
|
token_data = TokenData(**payload)
|
2023-03-03 10:01:21 +08:00
|
|
|
print(token_data, "token_data")
|
2023-02-28 13:52:51 +08:00
|
|
|
return token_data
|
|
|
|
|
except Exception as e:
|
|
|
|
|
print(e)
|
|
|
|
|
raise HTTPException(status_code=403, detail="无权限的操作")
|
|
|
|
|
|
|
|
|
|
|
2023-03-06 09:45:17 +08:00
|
|
|
def registered_depend(Authorization: str = Header(None)) -> TokenData:
|
|
|
|
|
token_data = token_data_depend(Authorization)
|
2023-03-28 10:38:05 +08:00
|
|
|
# if not token_data.registered:
|
|
|
|
|
# raise HTTPException(status_code=403, detail="未绑定邮箱,无法进行该操作")
|
2023-03-06 09:45:17 +08:00
|
|
|
return token_data
|
|
|
|
|
|
|
|
|
|
|
2023-02-28 13:52:51 +08:00
|
|
|
# 管理员token验证
|
|
|
|
|
def admin_auth_token_depend(Authorization: str = Header(None)) -> TokenData:
|
|
|
|
|
try:
|
|
|
|
|
_, token = Authorization.split(" ")
|
|
|
|
|
token_data: TokenData = token_data_depend(Authorization)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
print(e)
|
|
|
|
|
raise HTTPException(status_code=403, detail="非管理员,无权限的操作")
|
|
|
|
|
if token_data.role != 'admin':
|
|
|
|
|
print(token_data)
|
|
|
|
|
raise HTTPException(status_code=403, detail="非管理员,无权限的操作")
|
|
|
|
|
return token_data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 应用服务对用户模块的请求验证
|
|
|
|
|
# 接口需要的权限列表
|
2023-03-01 16:04:43 +08:00
|
|
|
def get_auth_rule_check_depend(requisite_rules=[], contains_rules=[]):
|
2023-02-28 13:52:51 +08:00
|
|
|
"""
|
|
|
|
|
接口需要的权限列表验证
|
|
|
|
|
:param requisite_rules: 必须的权限规则id
|
|
|
|
|
:param contains_rules: 权限只包含其中一个即可授权的权限列表
|
|
|
|
|
:return:
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def auth_rule_check_depend(Authorization: str = Header(None)):
|
|
|
|
|
try:
|
|
|
|
|
_, jwt_token = Authorization.split(" ")
|
|
|
|
|
payload = Token.decode_token(jwt_token)
|
|
|
|
|
token_data = TokenData(**payload)
|
2023-03-01 16:04:43 +08:00
|
|
|
if not check_auth(token_data.auth_data, requisite_rules, contains_rules):
|
2023-02-28 13:52:51 +08:00
|
|
|
raise HTTPException(status_code=403, detail="无权限的操作")
|
|
|
|
|
return token_data
|
|
|
|
|
except Exception as e:
|
|
|
|
|
print(e)
|
|
|
|
|
raise HTTPException(status_code=403, detail="无权限的操作")
|
|
|
|
|
|
|
|
|
|
return auth_rule_check_depend
|
|
|
|
|
|
|
|
|
|
|
2023-03-03 10:01:21 +08:00
|
|
|
def check_auth(auth_data, requisite_rules=[], contains_rules=[]):
|
2023-02-28 13:52:51 +08:00
|
|
|
auth_rule_id_list = []
|
|
|
|
|
if auth_data:
|
|
|
|
|
auth_rule_id_list = [int(item) for item in auth_data.split(',')]
|
|
|
|
|
pass
|
|
|
|
|
if contains_rules:
|
|
|
|
|
contains_rules_checked = False
|
|
|
|
|
for item in auth_rule_id_list:
|
|
|
|
|
if item in contains_rules:
|
|
|
|
|
contains_rules_checked = True
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
contains_rules_checked = True
|
|
|
|
|
|
|
|
|
|
if requisite_rules:
|
|
|
|
|
requisite_rules_checked = True
|
|
|
|
|
for item in requisite_rules:
|
|
|
|
|
if item not in auth_rule_id_list:
|
|
|
|
|
requisite_rules_checked = False
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
requisite_rules_checked = True
|
|
|
|
|
return contains_rules_checked and requisite_rules_checked
|
