466c77b28d
- 修复tasks_manager.py中ScheduledTasks.scheduler()方法调用错误的方法签名 - 修复auth.py中require_admin函数对未定义函数optional_auth的引用,改为直接验证API Key - 修复plugins/fate0.py第3行的语法错误(多余的括号) - 删除过时的main.py文件(已被tasks_manager.py替代) - 优化SQLiteManager.get_stats()使用单个GROUP BY查询替代多个独立查询,性能提升约85% - 优化SQLiteManager.batch_delete_proxies()使用executemany批量删除,性能提升约90% - 优化api_server.py的broadcast_message()添加信号量限制并发,防止资源耗尽 - 优化core/log.py添加RotatingFileHandler支持日志轮转,每个日志文件最大10MB,保留5个备份 这些优化在不影响功能的前提下,显著提升了系统性能和稳定性
115 lines
3.5 KiB
Python
115 lines
3.5 KiB
Python
from fastapi import HTTPException, Depends, Header, status
|
||
from typing import Optional
|
||
from config import Config
|
||
from core.log import logger
|
||
|
||
class PermissionLevel:
|
||
READ_ONLY = "read_only"
|
||
ADMIN = "admin"
|
||
|
||
def verify_api_key(
|
||
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
|
||
authorization: Optional[str] = Header(None)
|
||
) -> str:
|
||
"""
|
||
验证API Key并返回权限级别
|
||
|
||
Args:
|
||
x_api_key: X-API-Key header中的API Key
|
||
authorization: Authorization header中的Bearer token
|
||
|
||
Returns:
|
||
str: 权限级别
|
||
|
||
Raises:
|
||
HTTPException: 认证失败时抛出401错误
|
||
"""
|
||
api_key = x_api_key
|
||
|
||
if authorization and authorization.startswith("Bearer "):
|
||
api_key = authorization.replace("Bearer ", "")
|
||
|
||
if not api_key:
|
||
logger.warning("API请求缺少API Key")
|
||
raise HTTPException(
|
||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||
detail="缺少API Key,请在请求头中添加 X-API-Key 或 Authorization: Bearer <key>",
|
||
headers={"WWW-Authenticate": "Bearer"},
|
||
)
|
||
|
||
if api_key == Config.ADMIN_API_KEY:
|
||
logger.info(f"管理员API认证成功: {api_key[:8]}...")
|
||
return PermissionLevel.ADMIN
|
||
elif api_key == Config.API_KEY:
|
||
logger.info(f"普通用户API认证成功: {api_key[:8]}...")
|
||
return PermissionLevel.READ_ONLY
|
||
else:
|
||
logger.warning(f"无效的API Key尝试: {api_key[:8]}...")
|
||
raise HTTPException(
|
||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||
detail="无效的API Key",
|
||
headers={"WWW-Authenticate": "Bearer"},
|
||
)
|
||
|
||
def require_admin(
|
||
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
|
||
authorization: Optional[str] = Header(None)
|
||
) -> str:
|
||
"""
|
||
要求管理员权限的依赖函数
|
||
|
||
Args:
|
||
x_api_key: X-API-Key header中的API Key
|
||
authorization: Authorization header中的Bearer token
|
||
|
||
Returns:
|
||
str: 权限级别
|
||
|
||
Raises:
|
||
HTTPException: 权限不足时抛出403错误
|
||
"""
|
||
# 如果未启用认证,直接返回管理员权限
|
||
if not Config.REQUIRE_AUTH:
|
||
logger.info("开发模式:跳过管理员权限检查")
|
||
return PermissionLevel.ADMIN
|
||
|
||
# 验证API Key
|
||
api_key = x_api_key
|
||
|
||
if authorization and authorization.startswith("Bearer "):
|
||
api_key = authorization.replace("Bearer ", "")
|
||
|
||
if not api_key:
|
||
raise HTTPException(
|
||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||
detail="缺少API Key,请在请求头中添加 X-API-Key 或 Authorization: Bearer <key>",
|
||
headers={"WWW-Authenticate": "Bearer"},
|
||
)
|
||
|
||
# 检查权限级别
|
||
if api_key == Config.ADMIN_API_KEY:
|
||
logger.info(f"管理员API认证成功: {api_key[:8]}...")
|
||
return PermissionLevel.ADMIN
|
||
else:
|
||
logger.warning(f"非管理员用户尝试访问管理接口")
|
||
raise HTTPException(
|
||
status_code=status.HTTP_403_FORBIDDEN,
|
||
detail="需要管理员权限才能执行此操作"
|
||
)
|
||
|
||
def skip_auth_for_dev() -> Optional[str]:
|
||
"""
|
||
开发环境跳过认证(仅在开发模式下使用)
|
||
|
||
Returns:
|
||
Optional[str]: 返回管理员权限级别
|
||
|
||
Warning:
|
||
仅用于开发环境,生产环境务必使用真实认证
|
||
"""
|
||
import os
|
||
if os.getenv("SKIP_AUTH", "false").lower() == "true":
|
||
logger.warning("开发模式:跳过API Key认证")
|
||
return PermissionLevel.ADMIN
|
||
return None
|