feat:新增OAuth2身份验证，将原有基于JWT的鉴权方式与OAuth2身份验证融合，实现了基于OAuth2的Bearer JWT 令牌验证

Author: insistence

dash-fastapi-backend/config/env.py

@@ -8,6 +8,7 @@ class JwtConfig:
     SECRET_KEY = "b01c66dc2c58dc6a0aabfe2144256be36226de378bf87f72c0c795dda67f4d55"
     ALGORITHM = "HS256"
     ACCESS_TOKEN_EXPIRE_MINUTES = 1440
+    REDIS_TOKEN_EXPIRE_MINUTES = 30
 
 
 class DataBaseConfig:

dash-fastapi-backend/module_admin/annotation/log_annotation.py

@@ -36,7 +36,7 @@ async def wrapper(*args, **kwargs):
             func_path = f'{relative_path}{func.__name__}()'
             # 获取上下文信息
             request: Request = kwargs.get('request')
-            token = request.headers.get('token')
+            token = request.headers.get('Authorization')
             query_db = kwargs.get('query_db')
             request_method = request.method
             operator_type = 0
@@ -65,7 +65,7 @@ async def wrapper(*args, **kwargs):
                 print(e)
             finally:
                 content_type = request.headers.get("Content-Type")
-                if content_type and "multipart/form-data" in content_type:
+                if content_type and ("multipart/form-data" in content_type or 'application/x-www-form-urlencoded' in content_type):
                     payload = await request.form()
                     oper_param = "\n".join([f"{key}: {value}" for key, value in payload.items()])
                 else:
@@ -87,7 +87,7 @@ async def wrapper(*args, **kwargs):
                         os=system_os,
                         login_time=oper_time
                     )
-                    kwargs['user'].login_info = login_log
+                    kwargs['form_data'].login_info = login_log
                 # 调用原始函数
                 result = await func(*args, **kwargs)
                 cost_time = float(time.time() - start_time) * 100
@@ -106,8 +106,8 @@ async def wrapper(*args, **kwargs):
                 else:
                     error_msg = result_dict.get('message')
                 if log_type == 'login':
-                    user = kwargs.get('user')
-                    user_name = user.user_name
+                    user = kwargs.get('form_data')
+                    user_name = user.username
                     login_log['user_name'] = user_name
                     login_log['status'] = str(status)
                     login_log['msg'] = result_dict.get('message')

dash-fastapi-backend/module_admin/controller/log_controller.py

@@ -135,7 +135,7 @@ async def clear_system_login_log(request: Request, clear_login_log: ClearLoginLo
 
 
 @logController.post("/login/unlock", response_model=CrudLogResponse, dependencies=[Depends(CheckUserInterfaceAuth('monitor:logininfor:unlock'))])
-@log_decorator(title='登录日志管理', business_type=9)
+@log_decorator(title='登录日志管理', business_type=0)
 async def clear_system_login_log(request: Request, unlock_user: UnlockUser, query_db: Session = Depends(get_db)):
     try:
         unlock_user_result = await LoginLogService.unlock_user_services(request, unlock_user)

dash-fastapi-backend/module_admin/controller/login_controller.py

@@ -16,7 +16,16 @@
 
 @loginController.post("/loginByAccount", response_model=Token)
 @log_decorator(title='用户登录', business_type=0, log_type='login')
-async def login(request: Request, user: UserLogin, query_db: Session = Depends(get_db)):
+async def login(request: Request, form_data: CustomOAuth2PasswordRequestForm = Depends(), query_db: Session = Depends(get_db)):
+    user = UserLogin(
+        **dict(
+            user_name=form_data.username,
+            password=form_data.password,
+            captcha=form_data.captcha,
+            session_id=form_data.session_id,
+            login_info=form_data.login_info
+        )
+    )
     try:
         result = await authenticate_user(request, query_db, user)
     except LoginException as e:
@@ -34,24 +43,24 @@ async def login(request: Request, user: UserLogin, query_db: Session = Depends(g
             },
             expires_delta=access_token_expires
         )
-        await request.app.state.redis.set(f'access_token:{session_id}', access_token, ex=timedelta(minutes=30))
+        await request.app.state.redis.set(f'access_token:{session_id}', access_token,
+                                          ex=timedelta(minutes=JwtConfig.REDIS_TOKEN_EXPIRE_MINUTES))
         # 此方法可实现同一账号同一时间只能登录一次
         # await request.app.state.redis.set(f'{result.user_id}_access_token', access_token, ex=timedelta(minutes=30))
         # await request.app.state.redis.set(f'{result.user_id}_session_id', session_id, ex=timedelta(minutes=30))
         logger.info('登录成功')
         return response_200(
-            data={'token': access_token},
+            data={'access_token': access_token, 'token_type': 'bearer'},
             message='登录成功'
         )
     except Exception as e:
         logger.exception(e)
         return response_500(data="", message=str(e))
 
 
-@loginController.post("/getLoginUserInfo", response_model=CurrentUserInfoServiceResponse, dependencies=[Depends(get_current_user), Depends(CheckUserInterfaceAuth('common'))])
-async def get_login_user_info(request: Request, token: Optional[str] = Header(...), query_db: Session = Depends(get_db)):
+@loginController.post("/getLoginUserInfo", response_model=CurrentUserInfoServiceResponse, dependencies=[Depends(CheckUserInterfaceAuth('common'))])
+async def get_login_user_info(request: Request, current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
     try:
-        current_user = await get_current_user(request, token, query_db)
         logger.info('获取成功')
         return response_200(data=current_user, message="获取成功")
     except Exception as e:
@@ -60,9 +69,9 @@ async def get_login_user_info(request: Request, token: Optional[str] = Header(..
 
 
 @loginController.post("/logout", dependencies=[Depends(get_current_user), Depends(CheckUserInterfaceAuth('common'))])
-async def logout(request: Request, token: Optional[str] = Header(...), query_db: Session = Depends(get_db)):
+async def logout(request: Request, token: Optional[str] = Depends(oauth2_scheme), query_db: Session = Depends(get_db)):
     try:
-        payload = jwt.decode(token[6:], JwtConfig.SECRET_KEY, algorithms=[JwtConfig.ALGORITHM])
+        payload = jwt.decode(token, JwtConfig.SECRET_KEY, algorithms=[JwtConfig.ALGORITHM])
         session_id: str = payload.get("session_id")
         await logout_services(request, session_id)
         logger.info('退出成功')

dash-fastapi-backend/module_admin/entity/vo/login_vo.py

@@ -5,10 +5,11 @@
 class UserLogin(BaseModel):
     user_name: str
     password: str
-    captcha: str
+    captcha: Optional[str]
     session_id: Optional[str]
     login_info: Optional[dict]
 
 
 class Token(BaseModel):
-    token: str
+    access_token: str
+    token_type: str

dash-fastapi-backend/module_admin/entity/vo/user_vo.py

@@ -1,5 +1,5 @@
 from pydantic import BaseModel
-from typing import Union, Optional, List
+from typing import Union, Optional, List, Dict
 
 
 class TokenData(BaseModel):

dash-fastapi-backend/module_admin/service/login_service.py

@@ -4,18 +4,44 @@
 from module_admin.dao.user_dao import *
 from jose import JWTError, jwt
 from passlib.context import CryptContext
+from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from config.env import JwtConfig
 from utils.response_util import *
 from utils.log_util import *
 from datetime import datetime, timedelta
-from fastapi import Request
+from fastapi import Request, Form
 from fastapi import Depends, Header
 from config.get_db import get_db
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login/loginByAccount")
 
 
-async def get_current_user(request: Request = Request, token: str = Header(...), result_db: Session = Depends(get_db)):
+class CustomOAuth2PasswordRequestForm(OAuth2PasswordRequestForm):
+    """
+    自定义OAuth2PasswordRequestForm类，增加验证码及会话编号参数
+    """
+    def __init__(
+            self,
+            grant_type: str = Form(default=None, regex="password"),
+            username: str = Form(),
+            password: str = Form(),
+            scope: str = Form(default=""),
+            client_id: Optional[str] = Form(default=None),
+            client_secret: Optional[str] = Form(default=None),
+            captcha: Optional[str] = Form(default=""),
+            session_id: Optional[str] = Form(default=""),
+            login_info: Optional[Dict[str, str]] = Form(default=None)
+    ):
+        super().__init__(grant_type=grant_type, username=username, password=password,
+                         scope=scope, client_id=client_id, client_secret=client_secret)
+        self.captcha = captcha
+        self.session_id = session_id
+        self.login_info = login_info
+
+
+async def get_current_user(request: Request = Request, token: str = Depends(oauth2_scheme),
+                           result_db: Session = Depends(get_db)):
     """
     根据token获取当前用户信息
     :param request: Request对象
@@ -24,11 +50,13 @@ async def get_current_user(request: Request = Request, token: str = Header(...),
     :return: 当前用户信息对象
     :raise: 令牌异常AuthException
     """
-    if token[:6] != 'Bearer':
-        logger.warning("用户token不合法")
-        raise AuthException(data="", message="用户token不合法")
+    # if token[:6] != 'Bearer':
+    #     logger.warning("用户token不合法")
+    #     raise AuthException(data="", message="用户token不合法")
     try:
-        payload = jwt.decode(token[6:], JwtConfig.SECRET_KEY, algorithms=[JwtConfig.ALGORITHM])
+        if token.startswith('Bearer'):
+            token = token.split(' ')[1]
+        payload = jwt.decode(token, JwtConfig.SECRET_KEY, algorithms=[JwtConfig.ALGORITHM])
         user_id: str = payload.get("user_id")
         session_id: str = payload.get("session_id")
         if user_id is None:
@@ -46,9 +74,9 @@ async def get_current_user(request: Request = Request, token: str = Header(...),
     # 此方法可实现同一账号同一时间只能登录一次
     # redis_token = await request.app.state.redis.get(f'{user.user_basic_info[0].user_id}_access_token')
     # redis_session = await request.app.state.redis.get(f'{user.user_basic_info[0].user_id}_session_id')
-    if token[6:] == redis_token:
+    if token == redis_token:
         await request.app.state.redis.set(f'access_token:{session_id}', redis_token,
-                                          ex=timedelta(minutes=30))
+                                          ex=timedelta(minutes=JwtConfig.REDIS_TOKEN_EXPIRE_MINUTES))
         # await request.app.state.redis.set(f'{user.user_basic_info[0].user_id}_access_token', redis_token,
         #                                   ex=timedelta(minutes=30))
         # await request.app.state.redis.set(f'{user.user_basic_info[0].user_id}_session_id', redis_session,
@@ -128,10 +156,12 @@ async def authenticate_user(request: Request, query_db: Session, login_user: Use
         if cache_password_error_count:
             password_error_counted = cache_password_error_count
         password_error_count = int(password_error_counted) + 1
-        await request.app.state.redis.set(f"password_error_count:{login_user.user_name}", password_error_count, ex=timedelta(minutes=10))
+        await request.app.state.redis.set(f"password_error_count:{login_user.user_name}", password_error_count,
+                                          ex=timedelta(minutes=10))
         if password_error_count > 5:
             await request.app.state.redis.delete(f"password_error_count:{login_user.user_name}")
-            await request.app.state.redis.set(f"account_lock:{login_user.user_name}", login_user.user_name, ex=timedelta(minutes=10))
+            await request.app.state.redis.set(f"account_lock:{login_user.user_name}", login_user.user_name,
+                                              ex=timedelta(minutes=10))
             logger.warning("10分钟内密码已输错超过5次，账号已锁定，请10分钟后再试")
             raise LoginException(data="", message="10分钟内密码已输错超过5次，账号已锁定，请10分钟后再试")
         logger.warning("密码错误")

dash-fastapi-backend/utils/response_util.py

@@ -5,7 +5,7 @@
 from datetime import datetime
 
 
-def response_200(*, data: Union[list, dict, str], message="获取成功") -> Response:
+def response_200(*, data: Any = None, message="获取成功") -> Response:
     return JSONResponse(
         status_code=status.HTTP_200_OK,
         content=jsonable_encoder(
@@ -20,7 +20,7 @@ def response_200(*, data: Union[list, dict, str], message="获取成功") -> Res
     )
 
 
-def response_400(*, data: str = None, message: str = "获取失败") -> Response:
+def response_400(*, data: Any = None, message: str = "获取失败") -> Response:
     return JSONResponse(
         status_code=status.HTTP_400_BAD_REQUEST,
         content=jsonable_encoder(
@@ -35,7 +35,7 @@ def response_400(*, data: str = None, message: str = "获取失败") -> Response
     )
 
 
-def response_401(*, data: str = None, message: str = "获取失败") -> Response:
+def response_401(*, data: Any = None, message: str = "获取失败") -> Response:
     return JSONResponse(
         status_code=status.HTTP_401_UNAUTHORIZED,
         content=jsonable_encoder(
@@ -50,7 +50,7 @@ def response_401(*, data: str = None, message: str = "获取失败") -> Response
     )
 
 
-def response_500(*, data: str = None, message: str = "接口异常") -> Response:
+def response_500(*, data: Any = None, message: str = "接口异常") -> Response:
     return JSONResponse(
         status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
         content=jsonable_encoder(

dash-fastapi-frontend/api/login.py

@@ -3,7 +3,7 @@
 
 def login_api(page_obj: dict):
 
-    return api_request(method='post', url='/login/loginByAccount', is_headers=False, json=page_obj)
+    return api_request(method='post', url='/login/loginByAccount', is_headers=False, data=page_obj)
 
 
 def get_captcha_image_api():

dash-fastapi-frontend/app.py

@@ -75,7 +75,7 @@
 )
 def router(pathname, trigger):
     # 检查当前会话是否已经登录
-    token_result = session.get('token')
+    token_result = session.get('Authorization')
     # 若已登录
     if token_result:
         try: