Yuerchu/disknext
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
c17511d2e86e401ab1f292dcba7a228829f28b39
disknext/middleware/auth.py
于小丘 d8a229fccd Add Redis-based one-time download token support 
Integrate Redis as a backend for one-time download token validation, with in-memory fallback. Added RedisManager for connection lifecycle, TokenStore for atomic token usage checks, and related configuration via environment variables. Updated download flow to ensure tokens are single-use, and improved API robustness for batch operations. Updated dependencies to include redis and cachetools.
2025-12-26 18:47:46 +08:00

69 lines
1.9 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
from typing import Annotated
from uuid import UUID
from fastapi import Depends
import jwt
from models.user import User
from utils import JWT
from .dependencies import SessionDep
from utils import http_exceptions
async def auth_required(
session: SessionDep,
token: Annotated[str, Depends(JWT.oauth2_scheme)],
) -> User:
"""
AuthRequired 需要登录
"""
try:
payload = jwt.decode(token, JWT.SECRET_KEY, algorithms=["HS256"])
user_id = payload.get("sub")
if user_id is None:
http_exceptions.raise_unauthorized("账号或密码错误")
user_id = UUID(user_id)
# 从数据库获取用户信息
user = await User.get(session, User.id == user_id)
if not user:
http_exceptions.raise_unauthorized("账号或密码错误")
return user
except jwt.InvalidTokenError:
http_exceptions.raise_unauthorized("账号或密码错误")
async def admin_required(
user: Annotated[User, Depends(auth_required)],
) -> User:
"""
验证是否为管理员。
使用方法:
>>> APIRouter(dependencies=[Depends(admin_required)])
"""
group = await user.awaitable_attrs.group
if group.admin:
return user
raise http_exceptions.raise_forbidden("Admin Required")
def verify_download_token(token: str) -> tuple[str, UUID, UUID] | None:
"""
验证下载令牌并返回 (jti, file_id, owner_id)。
:param token: JWT 令牌字符串
:return: (jti, file_id, owner_id) 或 None验证失败
"""
try:
payload = jwt.decode(token, JWT.SECRET_KEY, algorithms=["HS256"])
if payload.get("type") != "download":
return None
jti = payload.get("jti")
if not jti:
return None
return jti, UUID(payload["file_id"]), UUID(payload["owner_id"])
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
return None
Reference in New Issue View Git Blame Copy Permalink