wd-smebiz-client/utils/auth_utils.py

from typing import List, TypeVar, Generic, Union, Optional, Type
from jose import jwt
from datetime import datetime, timedelta
from fastapi import Header, HTTPException
from pydantic import BaseModel


class TokenDataModel(BaseModel):
    email: str
    name: Optional[str]
    registered: Optional[bool]
    auth_data: Optional[str]
    department: Optional[str]
    post: Union[str]


TokenDataType = TypeVar("TokenDataType", bound=BaseModel)


def create_token(data: dict, secret_key, algorithm, expires_delta: timedelta = timedelta(days=3)):
    # 设置加密数据
    to_encode_body = dict()
    to_encode_body.update(data.copy())
    # 设置过期时间
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
        to_encode_body.update({"exp": expire})
    # Token编码
    encoded_jwt = jwt.encode(to_encode_body, secret_key, algorithm=algorithm)
    return encoded_jwt


def decode_token(token: str, secret_key: str, algorithms: List[str] = ['HS256']):
    payload = jwt.decode(token, secret_key, algorithms=algorithms)
    return payload


class AuthUtil(Generic[TokenDataType]):
    def __init__(self, secret_key="MADASDZXC255f", algorithm="HS256",
                 tokenDataModel: Type[TokenDataType] = TokenDataModel):
        self.secret_key = secret_key
        self.algorithm = algorithm
        self.tokenDataModel = tokenDataModel

    def create_token(self, data: dict, expires_delta: timedelta = timedelta(days=3)):
        return create_token(data, self.secret_key, self.algorithm, expires_delta)

    def decode_token(self, token: str):
        payload = decode_token(token, self.secret_key, algorithms=[self.algorithm])
        return payload

    def token_data_depend(self, authorization: str = Header(None)) -> TokenDataType:
        try:
            jwt_token = authorization.split(" ")[-1]
            payload = self.decode_token(jwt_token)
            token_data = self.tokenDataModel(**payload)
            return token_data
        except Exception as e:
            print(e)
            raise HTTPException(status_code=403, detail="无权限的操作")

    # 应用服务对用户模块的请求验证
    # 接口需要的权限列表
    def get_auth_rule_check_depend(self, requisite_rules=[], contains_rules=[]):
        """
        接口需要的权限列表验证
        :param requisite_rules: 必须的权限规则id
        :param contains_rules: 权限只包含其中一个即可授权的权限列表
        :return:
        """

        def auth_rule_check_depend(authorization: str = Header(None)):
            try:
                jwt_token = authorization.split(" ")[-1]
                payload = self.decode_token(jwt_token)
                token_data = self.tokenDataModel(**payload)
                if not check_auth(token_data.auth_data, requisite_rules, contains_rules):
                    raise HTTPException(status_code=403, detail="无权限的操作")
                return token_data
            except Exception as e:
                print(e)
                raise HTTPException(status_code=403, detail="无权限的操作")

        return auth_rule_check_depend


def check_auth(auth_data, requisite_rules=[], contains_rules=[]):
    auth_rule_id_list = []
    if auth_data:
        auth_rule_id_list = [int(item) for item in auth_data.split(',')]
        pass
    if contains_rules:
        contains_rules_checked = False
        for item in auth_rule_id_list:
            if item in contains_rules:
                contains_rules_checked = True
                break
    else:
        contains_rules_checked = True

    if requisite_rules:
        requisite_rules_checked = True
        for item in requisite_rules:
            if item not in auth_rule_id_list:
                requisite_rules_checked = False
                break
    else:
        requisite_rules_checked = True
    return contains_rules_checked and requisite_rules_checked
初始化项目 2023-09-11 10:37:07 +08:00			`from typing import List, TypeVar, Generic, Union, Optional, Type`
			`from jose import jwt`
			`from datetime import datetime, timedelta`
			`from fastapi import Header, HTTPException`
			`from pydantic import BaseModel`


			`class TokenDataModel(BaseModel):`
			`email: str`
			`name: Optional[str]`
			`registered: Optional[bool]`
			`auth_data: Optional[str]`
			`department: Optional[str]`
			`post: Union[str]`


			`TokenDataType = TypeVar("TokenDataType", bound=BaseModel)`


			`def create_token(data: dict, secret_key, algorithm, expires_delta: timedelta = timedelta(days=3)):`
			`# 设置加密数据`
			`to_encode_body = dict()`
			`to_encode_body.update(data.copy())`
			`# 设置过期时间`
			`if expires_delta:`
			`expire = datetime.utcnow() + expires_delta`
			`to_encode_body.update({"exp": expire})`
			`# Token编码`
			`encoded_jwt = jwt.encode(to_encode_body, secret_key, algorithm=algorithm)`
			`return encoded_jwt`


			`def decode_token(token: str, secret_key: str, algorithms: List[str] = ['HS256']):`
			`payload = jwt.decode(token, secret_key, algorithms=algorithms)`
			`return payload`


			`class AuthUtil(Generic[TokenDataType]):`
			`def __init__(self, secret_key="MADASDZXC255f", algorithm="HS256",`
			`tokenDataModel: Type[TokenDataType] = TokenDataModel):`
			`self.secret_key = secret_key`
			`self.algorithm = algorithm`
			`self.tokenDataModel = tokenDataModel`

			`def create_token(self, data: dict, expires_delta: timedelta = timedelta(days=3)):`
			`return create_token(data, self.secret_key, self.algorithm, expires_delta)`

			`def decode_token(self, token: str):`
			`payload = decode_token(token, self.secret_key, algorithms=[self.algorithm])`
			`return payload`

			`def token_data_depend(self, authorization: str = Header(None)) -> TokenDataType:`
			`try:`
			`jwt_token = authorization.split(" ")[-1]`
			`payload = self.decode_token(jwt_token)`
			`token_data = self.tokenDataModel(**payload)`
			`return token_data`
			`except Exception as e:`
			`print(e)`
			`raise HTTPException(status_code=403, detail="无权限的操作")`

			`# 应用服务对用户模块的请求验证`
			`# 接口需要的权限列表`
			`def get_auth_rule_check_depend(self, requisite_rules=[], contains_rules=[]):`
			`"""`
			`接口需要的权限列表验证`
			`:param requisite_rules: 必须的权限规则id`
			`:param contains_rules: 权限只包含其中一个即可授权的权限列表`
			`:return:`
			`"""`

			`def auth_rule_check_depend(authorization: str = Header(None)):`
			`try:`
			`jwt_token = authorization.split(" ")[-1]`
			`payload = self.decode_token(jwt_token)`
			`token_data = self.tokenDataModel(**payload)`
			`if not check_auth(token_data.auth_data, requisite_rules, contains_rules):`
			`raise HTTPException(status_code=403, detail="无权限的操作")`
			`return token_data`
			`except Exception as e:`
			`print(e)`
			`raise HTTPException(status_code=403, detail="无权限的操作")`

			`return auth_rule_check_depend`


			`def check_auth(auth_data, requisite_rules=[], contains_rules=[]):`
			`auth_rule_id_list = []`
			`if auth_data:`
			`auth_rule_id_list = [int(item) for item in auth_data.split(',')]`
			`pass`
			`if contains_rules:`
			`contains_rules_checked = False`
			`for item in auth_rule_id_list:`
			`if item in contains_rules:`
			`contains_rules_checked = True`
			`break`
			`else:`
			`contains_rules_checked = True`

			`if requisite_rules:`
			`requisite_rules_checked = True`
			`for item in requisite_rules:`
			`if item not in auth_rule_id_list:`
			`requisite_rules_checked = False`
			`break`
			`else:`
			`requisite_rules_checked = True`
			`return contains_rules_checked and requisite_rules_checked`