Yuerchu/disknext
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat: embed permission claims in JWT and add captcha verification

Browse Source 
- Add GroupClaims model for JWT permission snapshots
- Add JWTPayload model for typed JWT decoding
- Refactor auth middleware: jwt_required (no DB) -> admin_required (no DB) -> auth_required (DB)
- Add UserBanStore for instant ban enforcement via Redis + memory fallback
- Fix status check bug: StrEnum is always truthy, use explicit != ACTIVE
- Shorten access_token expiry from 3h to 1h
- Add CaptchaScene enum and verify_captcha_if_needed service
- Add require_captcha dependency injection factory
- Add CLA document and new default settings
- Update all tests for new JWT API

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
于小丘
2026-02-10 19:07:00 +08:00
parent 209cb24ab4
commit a99091ea7a
20 changed files with 766 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
middleware/dependencies.py
View File

@@ -6,12 +6,14 @@ FastAPI 依赖注入
- TimeFilterRequestDep: 时间筛选查询依赖(用于 count 等统计接口)
- TableViewRequestDep: 分页排序查询依赖(包含时间筛选 + 分页排序)
- UserFilterParamsDep: 用户筛选参数依赖(用于管理员用户列表)
- require_captcha: 验证码校验依赖注入工厂
"""
from collections.abc import Awaitable, Callable
from datetime import datetime
from typing import Annotated, Literal, TypeAlias
from uuid import UUID
from fastapi import Depends, Query
from fastapi import Depends, Form, Query
from sqlmodel.ext.asyncio.session import AsyncSession
from sqlmodels.database_connection import DatabaseManager
@@ -94,3 +96,30 @@ async def _get_user_filter_params(
UserFilterParamsDep: TypeAlias = Annotated[UserFilterParams, Depends(_get_user_filter_params)]
"""获取用户筛选参数的依赖(用于管理员用户列表)"""
# --- 验证码校验依赖 ---
def require_captcha(scene: 'CaptchaScene') -> Callable[..., Awaitable[None]]:
"""
验证码校验依赖注入工厂。
根据场景查询数据库设置,判断是否需要验证码。
需要则校验前端提交的 captcha_code失败则抛出异常。
使用方式::
@router.post('/session', dependencies=[Depends(require_captcha(CaptchaScene.LOGIN))])
async def login(...): ...
:param scene: 验证码使用场景LOGIN / REGISTER / FORGET
"""
from service.captcha import CaptchaScene, verify_captcha_if_needed
async def _verify_captcha(
session: SessionDep,
captcha_code: Annotated[str | None, Form()] = None,
) -> None:
await verify_captcha_if_needed(session, scene, captcha_code)
return _verify_captcha