Главная Обзор Помощь
Регистрация Вход
CRBC-MaaS-Platform-Project
/
LabelingSystem
4
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 4d85a97398
Ветки Метки
LabelingSystem
/
backend
/
routers
/
api
/
v1
/
open_auth_view.py

open_auth_view.py 2.5 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. """
    2. 

  2. Open API authentication router.
    3. 

  3. Provides token acquisition via API Key + Secret HMAC-SHA256 signature.
    4. 

  4. """
    5. 

  5. from fastapi import APIRouter, Header, HTTPException, status
    6. 

  6. from database import get_db_connection
    7. 

  7. from schemas.open_auth import TokenResponse, TokenResponseData
    8. 

  8. from services.api.open_auth_service import (
    9. 

  9.     verify_signature,
    10. 

  10.     check_and_store_nonce,
    11. 

  11.     create_open_api_token,
    12. 

  12.     validate_timestamp,
    13. 

  13.     get_application_by_app_id,
    14. 

  14.     update_last_used,
    15. 

  15. )
    16. 

  16. import logging
    17. 

  17. 

  18. logger = logging.getLogger(__name__)
    19. 

  19. 

  20. router = APIRouter(
    21. 

  21.     prefix="/api/v1/open/auth",
    22. 

  22.     tags=["open-api-auth"],
    23. 

  23. )
    24. 

  24. 

  25. 

  26. @router.post("/token", response_model=TokenResponse)
    27. 

  27. async def get_access_token(
    28. 

  28.     x_api_key: str = Header(..., alias="X-Api-Key"),
    29. 

  29.     x_signature: str = Header(..., alias="X-Signature"),
    30. 

  30.     x_timestamp: str = Header(..., alias="X-Timestamp"),
    31. 

  31.     x_nonce: str = Header(..., alias="X-Nonce"),
    32. 

  32. ):
    33. 

  33.     """获取 Access Token — 通过 API Key + Secret 签名认证"""
    34. 

  34.     with get_db_connection() as conn:
    35. 

  35.         app = get_application_by_app_id(conn, x_api_key)
    36. 

  36.         if not app:
    37. 

  37.             raise HTTPException(
    38. 

  38.                 status_code=status.HTTP_401_UNAUTHORIZED,
    39. 

  39.                 detail={"error_code": "INVALID_API_KEY", "message": "app_id 不存在"},
    40. 

  40.             )
    41. 

  41.         if app["status"] != "active":
    42. 

  42.             raise HTTPException(
    43. 

  43.                 status_code=status.HTTP_401_UNAUTHORIZED,
    44. 

  44.                 detail={"error_code": "APP_DISABLED", "message": "应用已被禁用"},
    45. 

  45.             )
    46. 

  46. 

  47.         validate_timestamp(x_timestamp)
    48. 

  48. 

  49.         if check_and_store_nonce(x_nonce):
    50. 

  50.             raise HTTPException(
    51. 

  51.                 status_code=status.HTTP_401_UNAUTHORIZED,
    52. 

  52.                 detail={"error_code": "NONCE_USED", "message": "Nonce 已被使用(重放攻击)"},
    53. 

  53.             )
    54. 

  54. 

  55.         if not verify_signature(x_api_key, x_timestamp, x_nonce, x_signature, app["app_secret"]):
    56. 

  56.             raise HTTPException(
    57. 

  57.                 status_code=status.HTTP_401_UNAUTHORIZED,
    58. 

  58.                 detail={"error_code": "INVALID_SIGNATURE", "message": "签名验证失败"},
    59. 

  59.             )
    60. 

  60. 

  61.         token = create_open_api_token(app["app_id"], app["app_name"])
    62. 

  62.         update_last_used(conn, app["app_id"])
    63. 

  63. 

  64.     logger.info(f"Open API token issued for app_id={x_api_key}")
    65. 

  65. 

  66.     return TokenResponse(
    67. 

  67.         code=0,
    68. 

  68.         message="success",
    69. 

  69.         data=TokenResponseData(
    70. 

  70.             access_token=token,
    71. 

  71.             token_type="Bearer",
    72. 

  72.             expires_in=7200,
    73. 

  73.         ),
    74. 

  74.     )
    75.