From 9afaa954b449150e020b61281df902bcd0685161 Mon Sep 17 00:00:00 2001 From: P3ngSaM <61768364+P3ngSaM@users.noreply.github.com> Date: Fri, 18 Nov 2022 16:47:47 +0800 Subject: [PATCH] =?UTF-8?q?changes=20=E6=8E=A5=E5=8F=A3=E6=B7=BB=E5=8A=A0t?= =?UTF-8?q?oken?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- APPData/Router/BalanceSheetRouter.py | 4 +- APPData/Router/BusinessRouter.py | 4 +- APPData/Router/CashFlowStatementRouter.py | 4 +- APPData/Router/CompanyRouter.py | 4 +- APPData/Router/DishonestRouter.py | 4 +- APPData/Router/IncomeSheetRouter.py | 4 +- APPData/Router/LawsuitRouter.py | 4 +- APPData/Router/MacroDataRouter.py | 4 +- APPData/Router/QuerySummaryRouter.py | 4 +- APPData/Router/ShareholderRouter.py | 4 +- Utils/AccessControl/AccessUtil.py | 78 +++++++++++++--------- Utils/AccessControl/model.conf | 15 ----- Utils/AccessControl/policy_index_store.csv | 0 Utils/Authentication/Config.py | 2 - Utils/Authentication/TokenUtil.py | 25 ++----- 15 files changed, 79 insertions(+), 81 deletions(-) delete mode 100644 Utils/AccessControl/model.conf delete mode 100644 Utils/AccessControl/policy_index_store.csv diff --git a/APPData/Router/BalanceSheetRouter.py b/APPData/Router/BalanceSheetRouter.py index e49fd90..dbca80b 100644 --- a/APPData/Router/BalanceSheetRouter.py +++ b/APPData/Router/BalanceSheetRouter.py @@ -5,13 +5,15 @@ from fastapi import APIRouter, Depends, UploadFile, File, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, BalanceCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db from Utils.TycApi.CommonUtil import CommonUtils router = APIRouter( tags=["资产负债表"], - prefix="/api/balance_sheet" + prefix="/api/balance_sheet", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/BusinessRouter.py b/APPData/Router/BusinessRouter.py index 8a0e46e..7c225db 100644 --- a/APPData/Router/BusinessRouter.py +++ b/APPData/Router/BusinessRouter.py @@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, BusinessCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db from Utils.TycApi.Business import get_tyc_data @@ -11,7 +12,8 @@ from Utils.TycApi.Configure import DB_GSBJ router = APIRouter( tags=["工商信息"], - prefix="/api/business" + prefix="/api/business", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/CashFlowStatementRouter.py b/APPData/Router/CashFlowStatementRouter.py index 514c7e5..31b6e18 100644 --- a/APPData/Router/CashFlowStatementRouter.py +++ b/APPData/Router/CashFlowStatementRouter.py @@ -5,13 +5,15 @@ from fastapi import APIRouter, Depends, UploadFile, File, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, CashFlowCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db from Utils.TycApi.CommonUtil import CommonUtils router = APIRouter( tags=["现金流量表"], - prefix="/api/cash_flow_statement" + prefix="/api/cash_flow_statement", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/CompanyRouter.py b/APPData/Router/CompanyRouter.py index cfddeec..87e8ef9 100644 --- a/APPData/Router/CompanyRouter.py +++ b/APPData/Router/CompanyRouter.py @@ -3,11 +3,13 @@ from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud from APPData.Schemas import CompanySchemas +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.SqlAlchemyUtils import get_db router = APIRouter( tags=["企业管理"], - prefix="/api/company" + prefix="/api/company", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/DishonestRouter.py b/APPData/Router/DishonestRouter.py index 30582b5..9b938c9 100644 --- a/APPData/Router/DishonestRouter.py +++ b/APPData/Router/DishonestRouter.py @@ -2,6 +2,7 @@ from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, DishonestCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db @@ -11,7 +12,8 @@ from Utils.TycApi.Dishonest import get_tyc_data router = APIRouter( tags=["失信人"], - prefix="/api/dishonest" + prefix="/api/dishonest", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/IncomeSheetRouter.py b/APPData/Router/IncomeSheetRouter.py index 8cf6155..f281d76 100644 --- a/APPData/Router/IncomeSheetRouter.py +++ b/APPData/Router/IncomeSheetRouter.py @@ -5,13 +5,15 @@ from fastapi import APIRouter, Depends, UploadFile, File, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, IncomeCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db from Utils.TycApi.CommonUtil import CommonUtils router = APIRouter( tags=["利润表"], - prefix="/api/income_sheet" + prefix="/api/income_sheet", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/LawsuitRouter.py b/APPData/Router/LawsuitRouter.py index f966af1..91bfee8 100644 --- a/APPData/Router/LawsuitRouter.py +++ b/APPData/Router/LawsuitRouter.py @@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, LawsuitCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db from Utils.TycApi.CommonUtil import CommonUtils @@ -11,7 +12,8 @@ from Utils.TycApi.Lawsuit import get_tyc_data router = APIRouter( tags=["法律诉讼"], - prefix="/api/lawsuit" + prefix="/api/lawsuit", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/MacroDataRouter.py b/APPData/Router/MacroDataRouter.py index 6eac6e6..5c97a5e 100644 --- a/APPData/Router/MacroDataRouter.py +++ b/APPData/Router/MacroDataRouter.py @@ -6,12 +6,14 @@ from sqlalchemy.orm import Session from APPData.Crud import MacroDataCrud from APPData.Schemas import CompanySchemas +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db router = APIRouter( tags=["宏观数据"], - prefix="/api/macro_data" + prefix="/api/macro_data", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/QuerySummaryRouter.py b/APPData/Router/QuerySummaryRouter.py index 4feebb6..af783a8 100644 --- a/APPData/Router/QuerySummaryRouter.py +++ b/APPData/Router/QuerySummaryRouter.py @@ -3,11 +3,13 @@ from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud from APPData.Schemas import CompanySchemas +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.SqlAlchemyUtils import get_db router = APIRouter( tags=["查询汇总"], - prefix="/api/query" + prefix="/api/query", + dependencies=[Depends(rbac)] ) diff --git a/APPData/Router/ShareholderRouter.py b/APPData/Router/ShareholderRouter.py index 3d53520..b8675b7 100644 --- a/APPData/Router/ShareholderRouter.py +++ b/APPData/Router/ShareholderRouter.py @@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.orm import Session from APPData.Crud import CompanyCrud, ShareholderCrud +from Utils.AccessControl.AccessUtil import rbac from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb from Utils.DataBase.SqlAlchemyUtils import get_db from Utils.TycApi.CommonUtil import CommonUtils @@ -11,7 +12,8 @@ from Utils.TycApi.Shareholder import get_shareholer_data router = APIRouter( tags=["股东信息"], - prefix="/api/shareholder" + prefix="/api/shareholder", + dependencies=[Depends(rbac)] ) diff --git a/Utils/AccessControl/AccessUtil.py b/Utils/AccessControl/AccessUtil.py index 65da2e3..726397d 100644 --- a/Utils/AccessControl/AccessUtil.py +++ b/Utils/AccessControl/AccessUtil.py @@ -1,46 +1,58 @@ -import os -from typing import Optional +import re +import requests -import casbin -from fastapi import HTTPException, Header +from typing import Optional +from fastapi import HTTPException, Header, Request from Utils.Authentication.TokenUtil import decode_token -def ac_admin(token: Optional[str] = Header(...)): - +def get_user_info(token: str): + """ + 从token中解析用户信息 + """ user_info = decode_token(token).get("user_info") - if not user_info: - raise HTTPException(status_code=400, detail="Invalid Token") + raise HTTPException(status_code=401, detail="Invalid Token") + return user_info + +def get_role_access_policy(name: str, token: str): + """ + 获取用户的访问权限 + """ + url = "http://test.fecribd.com/api/user/role/role_access_policy/view?name={}" + url = url.format(name) + headers = {"token": token} + res = requests.post(url=url, headers=headers) + return res.json() + + +def ac(token: Optional[str] = Header(...)): + get_user_info(token) + return True + + +def rbac(request: Request, token: Optional[str] = Header(None)): + + # 获取用户角色 + user_info = get_user_info(token) role = user_info.get("role") - e = casbin.Enforcer( - os.getcwd() + r"\Utils\AccessControl\model.conf", - os.getcwd() + r"\Utils\AccessControl\policy_index_store.csv" - ) + # 管理员权限 + if role == "管理员": + return True - sub = role - obj = "" - act = "" + # 获取角色权限 + raps = get_role_access_policy(name=role, token=token) - if not e.enforce(sub, obj, act): - raise HTTPException(status_code=400, detail="No Access") + # 权限匹配成功 + for rap in raps: + p_obj = rap.get("obj") + r_obj = request.url.__str__() + m = re.search(p_obj, r_obj) + if m: + return True - # if role != "admin": - # raise HTTPException(status_code=400, detail="No Access") - - -# def ac_index_store(request: Request, token: Optional[str] = Header(...)): -# e = casbin.Enforcer( -# os.getcwd() + r"\Utils\AccessControl\model.conf", -# os.getcwd() + r"\Utils\AccessControl\policy_index_store.csv" -# ) -# -# sub = decode_token(token).get("role") -# obj = request.url.__str__().split(request.base_url.__str__()[:-1])[-1].split("?")[0] -# act = request.method -# -# if not e.enforce(sub, obj, act): -# raise HTTPException(status_code=400, detail="No Access") + # 权限匹配失败 + raise HTTPException(status_code=202, detail="No Access") diff --git a/Utils/AccessControl/model.conf b/Utils/AccessControl/model.conf deleted file mode 100644 index b0665ab..0000000 --- a/Utils/AccessControl/model.conf +++ /dev/null @@ -1,15 +0,0 @@ -[request_definition] -r = sub, obj, act - -[policy_definition] -p = sub, obj, act - -[role_definition] -g = _, _ -g2 = _, _ - -[policy_effect] -e = some(where (p.eft == allow)) - -[matchers] -m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act || r.sub == "管理员" \ No newline at end of file diff --git a/Utils/AccessControl/policy_index_store.csv b/Utils/AccessControl/policy_index_store.csv deleted file mode 100644 index e69de29..0000000 diff --git a/Utils/Authentication/Config.py b/Utils/Authentication/Config.py index 55874c3..d94e2fb 100644 --- a/Utils/Authentication/Config.py +++ b/Utils/Authentication/Config.py @@ -1,4 +1,2 @@ SECRET_KEY = "HpGXrdwbL73ZPgQC" ALGORITHM = "HS256" -ACCESS_TOKEN_EXPIRE_MINUTES = 30 -REFRESH_TOKEN_EXPIRE_DAYS = 1 diff --git a/Utils/Authentication/TokenUtil.py b/Utils/Authentication/TokenUtil.py index 69219be..3d9bb60 100644 --- a/Utils/Authentication/TokenUtil.py +++ b/Utils/Authentication/TokenUtil.py @@ -1,34 +1,17 @@ -from typing import Union - import jwt -from datetime import datetime, timedelta +from jwt import PyJWTError from fastapi import HTTPException from Utils.Authentication import Config -def create_token(key: str, data: Union[str, dict], expires_delta: timedelta): - - # 设置加密数据 - to_encode_body = dict() - to_encode_body.update({key: data.copy()}) - - # 设置过期时间 - expire = datetime.utcnow() + expires_delta - to_encode_body.update({"exp": expire}) - - # Token编码 - encoded_jwt = jwt.encode(to_encode_body, Config.SECRET_KEY, algorithm=Config.ALGORITHM) - - return encoded_jwt - - def decode_token(token: str): + try: payload = jwt.decode(token, Config.SECRET_KEY, algorithms=[Config.ALGORITHM]) except jwt.exceptions.ExpiredSignatureError: - raise HTTPException(status_code=201, detail="Token Has Expired") - except jwt.PyJWTError: + raise HTTPException(status_code=401, detail="Token Has Expired") + except PyJWTError: raise HTTPException(status_code=401, detail="Invalid Token") return payload