changes 接口添加token

APPData/Router/BalanceSheetRouter.py

@@ -5,13 +5,15 @@ from fastapi import APIRouter, Depends, UploadFile, File, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, BalanceCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 from Utils.TycApi.CommonUtil import CommonUtils
 
 router = APIRouter(
     tags=["资产负债表"],
-    prefix="/api/balance_sheet"
+    prefix="/api/balance_sheet",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/BusinessRouter.py

@@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, BusinessCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 from Utils.TycApi.Business import get_tyc_data
@@ -11,7 +12,8 @@ from Utils.TycApi.Configure import DB_GSBJ
 
 router = APIRouter(
     tags=["工商信息"],
-    prefix="/api/business"
+    prefix="/api/business",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/CashFlowStatementRouter.py

@@ -5,13 +5,15 @@ from fastapi import APIRouter, Depends, UploadFile, File, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, CashFlowCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 from Utils.TycApi.CommonUtil import CommonUtils
 
 router = APIRouter(
     tags=["现金流量表"],
-    prefix="/api/cash_flow_statement"
+    prefix="/api/cash_flow_statement",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/CompanyRouter.py

@@ -3,11 +3,13 @@ from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud
 from APPData.Schemas import CompanySchemas
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.SqlAlchemyUtils import get_db
 
 router = APIRouter(
     tags=["企业管理"],
-    prefix="/api/company"
+    prefix="/api/company",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/DishonestRouter.py

@@ -2,6 +2,7 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, DishonestCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 
@@ -11,7 +12,8 @@ from Utils.TycApi.Dishonest import get_tyc_data
 
 router = APIRouter(
     tags=["失信人"],
-    prefix="/api/dishonest"
+    prefix="/api/dishonest",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/IncomeSheetRouter.py

@@ -5,13 +5,15 @@ from fastapi import APIRouter, Depends, UploadFile, File, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, IncomeCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 from Utils.TycApi.CommonUtil import CommonUtils
 
 router = APIRouter(
     tags=["利润表"],
-    prefix="/api/income_sheet"
+    prefix="/api/income_sheet",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/LawsuitRouter.py

@@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, LawsuitCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 from Utils.TycApi.CommonUtil import CommonUtils
@@ -11,7 +12,8 @@ from Utils.TycApi.Lawsuit import get_tyc_data
 
 router = APIRouter(
     tags=["法律诉讼"],
-    prefix="/api/lawsuit"
+    prefix="/api/lawsuit",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/MacroDataRouter.py

@@ -6,12 +6,14 @@ from sqlalchemy.orm import Session
 
 from APPData.Crud import MacroDataCrud
 from APPData.Schemas import CompanySchemas
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 
 router = APIRouter(
     tags=["宏观数据"],
-    prefix="/api/macro_data"
+    prefix="/api/macro_data",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/QuerySummaryRouter.py

@@ -3,11 +3,13 @@ from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud
 from APPData.Schemas import CompanySchemas
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.SqlAlchemyUtils import get_db
 
 router = APIRouter(
     tags=["查询汇总"],
-    prefix="/api/query"
+    prefix="/api/query",
+    dependencies=[Depends(rbac)]
 )
 
 

APPData/Router/ShareholderRouter.py

@@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 
 from APPData.Crud import CompanyCrud, ShareholderCrud
+from Utils.AccessControl.AccessUtil import rbac
 from Utils.DataBase.MongoHelperUtils import get_mongodb, get_tyc_mongodb
 from Utils.DataBase.SqlAlchemyUtils import get_db
 from Utils.TycApi.CommonUtil import CommonUtils
@@ -11,7 +12,8 @@ from Utils.TycApi.Shareholder import get_shareholer_data
 
 router = APIRouter(
     tags=["股东信息"],
-    prefix="/api/shareholder"
+    prefix="/api/shareholder",
+    dependencies=[Depends(rbac)]
 )
 
 

Utils/AccessControl/AccessUtil.py

@@ -1,46 +1,58 @@
-import os
-from typing import Optional
+import re
+import requests
 
-import casbin
-from fastapi import HTTPException, Header
+from typing import Optional
+from fastapi import HTTPException, Header, Request
 
 from Utils.Authentication.TokenUtil import decode_token
 
 
-def ac_admin(token: Optional[str] = Header(...)):
-
+def get_user_info(token: str):
+    """
+    从token中解析用户信息
+    """
     user_info = decode_token(token).get("user_info")
-
     if not user_info:
-        raise HTTPException(status_code=400, detail="Invalid Token")
+        raise HTTPException(status_code=401, detail="Invalid Token")
+    return user_info
 
+
+def get_role_access_policy(name: str, token: str):
+    """
+    获取用户的访问权限
+    """
+    url = "http://test.fecribd.com/api/user/role/role_access_policy/view?name={}"
+    url = url.format(name)
+    headers = {"token": token}
+    res = requests.post(url=url, headers=headers)
+    return res.json()
+
+
+def ac(token: Optional[str] = Header(...)):
+    get_user_info(token)
+    return True
+
+
+def rbac(request: Request, token: Optional[str] = Header(None)):
+
+    # 获取用户角色
+    user_info = get_user_info(token)
     role = user_info.get("role")
 
-    e = casbin.Enforcer(
-        os.getcwd() + r"\Utils\AccessControl\model.conf",
-        os.getcwd() + r"\Utils\AccessControl\policy_index_store.csv"
-    )
+    # 管理员权限
+    if role == "管理员":
+        return True
 
-    sub = role
-    obj = ""
-    act = ""
+    # 获取角色权限
+    raps = get_role_access_policy(name=role, token=token)
 
-    if not e.enforce(sub, obj, act):
-        raise HTTPException(status_code=400, detail="No Access")
+    # 权限匹配成功
+    for rap in raps:
+        p_obj = rap.get("obj")
+        r_obj = request.url.__str__()
+        m = re.search(p_obj, r_obj)
+        if m:
+            return True
 
-    # if role != "admin":
-    #     raise HTTPException(status_code=400, detail="No Access")
-
-
-# def ac_index_store(request: Request, token: Optional[str] = Header(...)):
-#     e = casbin.Enforcer(
-#         os.getcwd() + r"\Utils\AccessControl\model.conf",
-#         os.getcwd() + r"\Utils\AccessControl\policy_index_store.csv"
-#     )
-#
-#     sub = decode_token(token).get("role")
-#     obj = request.url.__str__().split(request.base_url.__str__()[:-1])[-1].split("?")[0]
-#     act = request.method
-#
-#     if not e.enforce(sub, obj, act):
-#         raise HTTPException(status_code=400, detail="No Access")
+    # 权限匹配失败
+    raise HTTPException(status_code=202, detail="No Access")

Utils/AccessControl/model.conf

@@ -1,15 +0,0 @@
-[request_definition]
-r = sub, obj, act
-
-[policy_definition]
-p = sub, obj, act
-
-[role_definition]
-g = _, _
-g2 = _, _
-
-[policy_effect]
-e = some(where (p.eft == allow))
-
-[matchers]
-m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act || r.sub == "管理员"

Utils/Authentication/Config.py

@@ -1,4 +1,2 @@
 SECRET_KEY = "HpGXrdwbL73ZPgQC"
 ALGORITHM = "HS256"
-ACCESS_TOKEN_EXPIRE_MINUTES = 30
-REFRESH_TOKEN_EXPIRE_DAYS = 1

Utils/Authentication/TokenUtil.py

@@ -1,34 +1,17 @@
-from typing import Union
-
 import jwt
 
-from datetime import datetime, timedelta
+from jwt import PyJWTError
 from fastapi import HTTPException
 
 from Utils.Authentication import Config
 
 
-def create_token(key: str, data: Union[str, dict], expires_delta: timedelta):
-
-    # 设置加密数据
-    to_encode_body = dict()
-    to_encode_body.update({key: data.copy()})
-
-    # 设置过期时间
-    expire = datetime.utcnow() + expires_delta
-    to_encode_body.update({"exp": expire})
-
-    # Token编码
-    encoded_jwt = jwt.encode(to_encode_body, Config.SECRET_KEY, algorithm=Config.ALGORITHM)
-
-    return encoded_jwt
-
-
 def decode_token(token: str):
+
     try:
         payload = jwt.decode(token, Config.SECRET_KEY, algorithms=[Config.ALGORITHM])
     except jwt.exceptions.ExpiredSignatureError:
-        raise HTTPException(status_code=201, detail="Token Has Expired")
-    except jwt.PyJWTError:
+        raise HTTPException(status_code=401, detail="Token Has Expired")
+    except PyJWTError:
         raise HTTPException(status_code=401, detail="Invalid Token")
     return payload