Spaces:
Sleeping
Sleeping
File size: 10,065 Bytes
a8c0fef |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 |
#!/usr/bin/env python3
"""
OAuth Web 服务器 - 独立的OAuth认证服务
提供简化的OAuth认证界面,只包含验证功能,不包含上传和管理功能
"""
from log import log
import asyncio
from contextlib import asynccontextmanager
from fastapi import FastAPI, HTTPException, Depends
from fastapi.responses import HTMLResponse, JSONResponse
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from pydantic import BaseModel
from src.auth import (
create_auth_url,
verify_password,
generate_auth_token,
verify_auth_token,
asyncio_complete_auth_flow,
complete_auth_flow_from_callback_url,
CALLBACK_HOST,
)
# 创建FastAPI应用
app = FastAPI(
title="Google OAuth 认证服务",
description="独立的OAuth认证服务,用于获取Google Cloud认证文件",
)
# HTTP Bearer认证
security = HTTPBearer()
# 请求模型
class LoginRequest(BaseModel):
password: str
class AuthStartRequest(BaseModel):
project_id: str = None # 现在是可选的,支持自动检测
class AuthCallbackRequest(BaseModel):
project_id: str = None # 现在是可选的,支持自动检测
class AuthCallbackUrlRequest(BaseModel):
callback_url: str # OAuth回调完整URL
project_id: str = None # 可选的项目ID
def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)):
"""验证认证令牌"""
if not verify_auth_token(credentials.credentials):
raise HTTPException(status_code=401, detail="无效的认证令牌")
return credentials.credentials
@app.get("/", response_class=HTMLResponse)
async def serve_oauth_page():
"""提供OAuth认证页面"""
try:
# 读取HTML文件
html_file_path = "./front/multi_user_auth_web.html"
with open(html_file_path, "r", encoding="utf-8") as f:
html_content = f.read()
return HTMLResponse(content=html_content)
except FileNotFoundError:
raise HTTPException(status_code=404, detail="认证页面不存在")
except Exception as e:
log.error(f"加载认证页面失败: {e}")
raise HTTPException(status_code=500, detail="服务器内部错误")
@app.post("/auth/login")
async def login(request: LoginRequest):
"""用户登录"""
try:
if await verify_password(request.password):
token = generate_auth_token()
return JSONResponse(content={"token": token, "message": "登录成功"})
else:
raise HTTPException(status_code=401, detail="密码错误")
except HTTPException:
raise
except Exception as e:
log.error(f"登录失败: {e}")
raise HTTPException(status_code=500, detail=str(e))
@app.post("/auth/start")
async def start_auth(request: AuthStartRequest, token: str = Depends(verify_token)):
"""开始认证流程,支持自动检测项目ID"""
try:
# 如果没有提供项目ID,尝试自动检测
project_id = request.project_id
if not project_id:
log.info("未提供项目ID,后续将尝试自动检测...")
# 使用认证令牌作为用户会话标识
user_session = token if token else None
result = await create_auth_url(project_id, user_session)
if result['success']:
# 构建动态回调URL
callback_port = result.get('callback_port')
callback_url = f"http://{CALLBACK_HOST}:{callback_port}" if callback_port else None
response_data = {
"auth_url": result['auth_url'],
"state": result['state'],
"auto_project_detection": result.get('auto_project_detection', False),
"detected_project_id": result.get('detected_project_id')
}
# 如果有回调端口信息,添加到响应中
if callback_port:
response_data["callback_port"] = callback_port
response_data["callback_url"] = callback_url
return JSONResponse(content=response_data)
else:
raise HTTPException(status_code=500, detail=result['error'])
except HTTPException:
raise
except Exception as e:
log.error(f"开始认证流程失败: {e}")
raise HTTPException(status_code=500, detail=str(e))
@app.post("/auth/callback")
async def auth_callback(request: AuthCallbackRequest, token: str = Depends(verify_token)):
"""处理认证回调(异步等待),支持自动检测项目ID"""
try:
# 项目ID现在是可选的,在回调处理中进行自动检测
project_id = request.project_id
# 使用认证令牌作为用户会话标识
user_session = token if token else None
# 异步等待OAuth回调完成
result = await asyncio_complete_auth_flow(project_id, user_session)
if result['success']:
return JSONResponse(content={
"credentials": result['credentials'],
"file_path": result['file_path'],
"message": "认证成功,凭证已保存",
"auto_detected_project": result.get('auto_detected_project', False)
})
else:
# 如果需要手动项目ID或项目选择,在响应中标明
if result.get('requires_manual_project_id'):
# 使用JSON响应
return JSONResponse(
status_code=400,
content={
"error": result['error'],
"requires_manual_project_id": True
}
)
elif result.get('requires_project_selection'):
# 返回项目列表供用户选择
return JSONResponse(
status_code=400,
content={
"error": result['error'],
"requires_project_selection": True,
"available_projects": result['available_projects']
}
)
else:
raise HTTPException(status_code=400, detail=result['error'])
except HTTPException:
raise
except Exception as e:
log.error(f"处理认证回调失败: {e}")
raise HTTPException(status_code=500, detail=str(e))
@app.post("/auth/callback-url")
async def auth_callback_url(request: AuthCallbackUrlRequest, token: str = Depends(verify_token)):
"""从回调URL直接完成认证,无需启动本地服务器"""
try:
# 验证URL格式
if not request.callback_url or not request.callback_url.startswith(('http://', 'https://')):
raise HTTPException(status_code=400, detail="请提供有效的回调URL")
# 从回调URL完成认证
result = await complete_auth_flow_from_callback_url(request.callback_url, request.project_id)
if result['success']:
return JSONResponse(content={
"credentials": result['credentials'],
"file_path": result['file_path'],
"message": "从回调URL认证成功,凭证已保存",
"auto_detected_project": result.get('auto_detected_project', False)
})
else:
# 处理各种错误情况
if result.get('requires_manual_project_id'):
return JSONResponse(
status_code=400,
content={
"error": result['error'],
"requires_manual_project_id": True
}
)
elif result.get('requires_project_selection'):
return JSONResponse(
status_code=400,
content={
"error": result['error'],
"requires_project_selection": True,
"available_projects": result['available_projects']
}
)
else:
raise HTTPException(status_code=400, detail=result['error'])
except HTTPException:
raise
except Exception as e:
log.error(f"从回调URL处理认证失败: {e}")
raise HTTPException(status_code=500, detail=str(e))
@asynccontextmanager
async def lifespan(app: FastAPI):
log.info("OAuth认证服务启动中...")
# OAuth回调服务器现在动态按需启动,每个认证流程使用独立端口
log.info("OAuth回调服务器将为每个认证流程动态分配端口")
# 从配置获取密码和端口
from config import get_panel_password, get_server_port
password = await get_panel_password()
port = await get_server_port()
log.info("Web服务已由 ASGI 服务器启动")
print("\n" + "="*60)
print("🚀 Google OAuth 认证服务已启动")
print("="*60)
print(f"📱 Web界面: http://localhost:{port}")
print(f"🔐 默认密码: {'已设置' if password else 'pwd (请设置PASSWORD环境变量)'}")
print(f"🔄 多用户并发: 支持多用户同时认证(动态端口分配)")
print("="*60 + "\n")
try:
yield
finally:
log.info("OAuth认证服务关闭中...")
# OAuth服务器由认证流程自动管理,无需手动清理
log.info("OAuth认证服务已关闭")
# 注册 lifespan 处理器
app.router.lifespan_context = lifespan
if __name__ == "__main__":
from hypercorn.asyncio import serve
from hypercorn.config import Config
async def main():
# 从配置获取端口
from config import get_server_port
PORT = await get_server_port()
config = Config()
config.bind = [f"0.0.0.0:{PORT}"]
config.accesslog = "-"
config.errorlog = "-"
config.loglevel = "INFO"
await serve(app, config)
asyncio.run(main()) |