Yuerchu/disknext
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
3059f9c2598d9251398bdfe93067a9a81d6db99f
disknext/utils/JWT/__init__.py
于小丘 d2c914cff8 Refactor and enhance OAuth2.0 implementation; update models and routes 
- Refactored AdminSummaryData and AdminSummaryResponse classes for better clarity.
- Added OAUTH type to SettingsType enum.
- Cleaned up imports in webdav.py.
- Updated admin router to improve summary data retrieval and response handling.
- Enhanced file management routes with better condition handling and user storage updates.
- Improved group management routes by optimizing data retrieval.
- Refined task management routes for better condition handling.
- Updated user management routes to streamline access token retrieval.
- Implemented a new captcha verification structure with abstract base class.
- Removed deprecated env.md file and replaced with a new structured version.
- Introduced a unified OAuth2.0 client base class for GitHub and QQ integrations.
- Enhanced password management with improved hashing strategies.
- Added detailed comments and documentation throughout the codebase for clarity.
2026-01-12 18:07:44 +08:00

147 lines
3.8 KiB
Python
Raw Blame History

from datetime import datetime, timedelta, timezone
from uuid import UUID, uuid4
import jwt
from fastapi.security import OAuth2PasswordBearer
from models import AccessTokenBase, RefreshTokenBase
oauth2_scheme = OAuth2PasswordBearer(
scheme_name='获取 JWT Bearer 令牌',
description='用于获取 JWT Bearer 令牌,需要以表单的形式提交',
tokenUrl="/api/v1/user/session",
refreshUrl="/api/v1/user/session/refresh",
)
SECRET_KEY: str = ''
async def load_secret_key() -> None:
"""
从数据库读取 JWT 的密钥。
"""
# 延迟导入以避免循环依赖
from models.database import get_session
from models.setting import Setting
global SECRET_KEY
async for session in get_session():
setting: Setting = await Setting.get(
session,
(Setting.type == "auth") & (Setting.name == "secret_key")
) # type: ignore
if setting:
SECRET_KEY = setting.value
def build_token_payload(
data: dict,
is_refresh: bool,
algorithm: str,
expires_delta: timedelta | None = None,
) -> tuple[str, datetime]:
"""
构建令牌。
:param data: 需要放进 JWT Payload 的字段
:param is_refresh: 是否为刷新令牌
:param algorithm: JWT 签名算法
:param expires_delta: 过期时间
"""
to_encode = data.copy()
if is_refresh:
to_encode.update({"token_type": "refresh"})
if expires_delta:
expire = datetime.now(timezone.utc) + expires_delta
elif is_refresh:
expire = datetime.now(timezone.utc) + timedelta(days=30)
else:
expire = datetime.now(timezone.utc) + timedelta(hours=3)
to_encode.update({
"iat": int(datetime.now(timezone.utc).timestamp()),
"exp": int(expire.timestamp())
})
return jwt.encode(to_encode, SECRET_KEY, algorithm=algorithm), expire
# 访问令牌
def create_access_token(
data: dict,
expires_delta: timedelta | None = None,
algorithm: str = "HS256"
) -> AccessTokenBase:
"""
生成访问令牌,默认有效期 3 小时。
:param data: 需要放进 JWT Payload 的字段。
:param expires_delta: 过期时间, 缺省时为 3 小时。
:param algorithm: JWT 密钥强度,缺省时为 HS256
:return: 包含密钥本身和过期时间的 `AccessTokenBase`
"""
access_token, expire_at = build_token_payload(
data,
False,
algorithm,
expires_delta
)
return AccessTokenBase(
access_token=access_token,
access_expires=expire_at,
)
# 刷新令牌
def create_refresh_token(
data: dict,
expires_delta: timedelta | None = None,
algorithm: str = "HS256"
) -> RefreshTokenBase:
"""
生成刷新令牌,默认有效期 30 天。
:param data: 需要放进 JWT Payload 的字段。
:param expires_delta: 过期时间, 缺省时为 30 天。
:param algorithm: JWT 密钥强度,缺省时为 HS256
:return: 包含密钥本身和过期时间的 `RefreshTokenBase`
"""
refresh_token, expire_at = build_token_payload(
data,
True,
algorithm,
expires_delta
)
return RefreshTokenBase(
refresh_token=refresh_token,
refresh_expires=expire_at,
)
# ==================== 下载令牌 ====================
DOWNLOAD_TOKEN_TTL = timedelta(hours=1)
"""下载令牌有效期"""
def create_download_token(file_id: UUID, owner_id: UUID) -> str:
"""
创建一次性文件下载令牌。
:param file_id: 文件 ID
:param owner_id: 文件所有者 ID
:return: JWT 令牌字符串
"""
payload = {
"jti": str(uuid4()),
"file_id": str(file_id),
"owner_id": str(owner_id),
"exp": datetime.now(timezone.utc) + DOWNLOAD_TOKEN_TTL,
"type": "download",
}
return jwt.encode(payload, SECRET_KEY, algorithm="HS256")
Reference in New Issue View Git Blame Copy Permalink