Delete auth_proxy.py

auth_proxy.py

@@ -1,216 +0,0 @@
-import os
-import logging
-import httpx
-import asyncio
-from fastapi import FastAPI, Request, Response, WebSocket, WebSocketDisconnect
-from fastapi.responses import HTMLResponse, RedirectResponse
-from fastapi.templating import Jinja2Templates
-from starlette.middleware.sessions import SessionMiddleware
-from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware
-from authlib.integrations.starlette_client import OAuth
-import websockets
-from websockets.exceptions import ConnectionClosed
-
-# Configure logging
-logging.basicConfig(level=logging.INFO)
-logger = logging.getLogger("auth_proxy")
-
-# Environment Variables
-SECRET_KEY = os.getenv("AUTH_SECRET", os.urandom(24).hex())
-ALLOWED_USERS = [u.strip() for u in os.getenv("ALLOWED_USERS", "").split(",") if u.strip()]
-TTYD_URL = "http://127.0.0.1:7681"
-TTYD_WS_URL = "ws://127.0.0.1:7681"
-
-app = FastAPI()
-
-# Add ProxyHeadersMiddleware to trust the headers from HF load balancer
-app.add_middleware(ProxyHeadersMiddleware, trusted_hosts=["*"])
-
-# Configure SessionMiddleware
-app.add_middleware(SessionMiddleware, secret_key=SECRET_KEY, https_only=True, same_site="lax")
-
-# OAuth Setup
-oauth = OAuth()
-
-# GitHub Configuration
-if os.getenv("GITHUB_CLIENT_ID") and os.getenv("GITHUB_CLIENT_SECRET"):
-    oauth.register(
-        name='github',
-        client_id=os.getenv("GITHUB_CLIENT_ID"),
-        client_secret=os.getenv("GITHUB_CLIENT_SECRET"),
-        access_token_url='https://github.com/login/oauth/access_token',
-        access_token_params=None,
-        authorize_url='https://github.com/login/oauth/authorize',
-        authorize_params=None,
-        api_base_url='https://api.github.com/',
-        client_kwargs={'scope': 'user:email'},
-    )
-
-# Google Configuration
-if os.getenv("GOOGLE_CLIENT_ID") and os.getenv("GOOGLE_CLIENT_SECRET"):
-    oauth.register(
-        name='google',
-        client_id=os.getenv("GOOGLE_CLIENT_ID"),
-        client_secret=os.getenv("GOOGLE_CLIENT_SECRET"),
-        server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
-        client_kwargs={'scope': 'openid email profile'},
-    )
-
-templates = Jinja2Templates(directory="templates")
-
-def get_user(request: Request):
-    return request.session.get('user')
-
-@app.get("/login")
-async def login(request: Request):
-    return templates.TemplateResponse("login.html", {
-        "request": request,
-        "github_enabled": bool(os.getenv("GITHUB_CLIENT_ID")),
-        "google_enabled": bool(os.getenv("GOOGLE_CLIENT_ID"))
-    })
-
-@app.get("/auth/login/{provider}")
-async def auth_login(request: Request, provider: str):
-    if provider == 'github':
-        redirect_uri = str(request.url_for('github_auth_callback'))
-    elif provider == 'google':
-        redirect_uri = str(request.url_for('google_auth_callback'))
-    else:
-        redirect_uri = str(request.url_for('auth_callback', provider=provider))
-    
-    if "http://" in redirect_uri and "localhost" not in redirect_uri:
-        redirect_uri = redirect_uri.replace("http://", "https://")
-    
-    return await oauth.create_client(provider).authorize_redirect(request, redirect_uri)
-
-@app.get("/oauth2/callback")
-async def github_auth_callback(request: Request):
-    return await process_oauth_callback(request, 'github')
-
-@app.get("/api/auth/callback")
-async def google_auth_callback(request: Request):
-    return await process_oauth_callback(request, 'google')
-
-@app.get("/auth/callback/{provider}")
-async def auth_callback(request: Request, provider: str):
-    return await process_oauth_callback(request, provider)
-
-async def process_oauth_callback(request: Request, provider: str):
-    try:
-        token = await oauth.create_client(provider).authorize_access_token(request)
-    except Exception as e:
-        logger.error(f"OAuth error: {e}")
-        return RedirectResponse(url=f'/login?error=oauth_failed_{provider}')
-
-    user_info = {}
-    if provider == 'github':
-        resp = await oauth.github.get('user', token=token)
-        profile = resp.json()
-        user_info = {'id': profile.get('login'), 'email': profile.get('email'), 'provider': 'github'}
-    elif provider == 'google':
-        user_info = token.get('userinfo')
-        if not user_info:
-             try:
-                 resp = await oauth.google.get('https://www.googleapis.com/oauth2/v3/userinfo', token=token)
-                 user_info = resp.json()
-             except:
-                 pass
-        
-        email = user_info.get('email')
-        user_info = {'id': email, 'email': email, 'provider': 'google'}
-
-    identifier = user_info.get('id')
-    
-    if ALLOWED_USERS and identifier not in ALLOWED_USERS:
-        return HTMLResponse(f"User {identifier} is not allowed to access this VPS.", status_code=403)
-
-    request.session['user'] = user_info
-    return RedirectResponse(url='/')
-
-@app.get("/logout")
-async def logout(request: Request):
-    request.session.pop('user', None)
-    return RedirectResponse(url='/login')
-
-@app.websocket("/ws")
-async def websocket_endpoint(websocket: WebSocket):
-    await websocket.accept(subprotocol="tty")
-    
-    try:
-        async with websockets.connect(f"{TTYD_WS_URL}/ws", subprotocols=["tty"]) as ttyd_ws:
-            async def forward_client_to_ttyd():
-                try:
-                    while True:
-                        data = await websocket.receive_bytes()
-                        await ttyd_ws.send(data)
-                except Exception:
-                    pass
-
-            async def forward_ttyd_to_client():
-                try:
-                    async for message in ttyd_ws:
-                        await websocket.send_bytes(message)
-                except Exception:
-                    pass
-
-            await asyncio.gather(
-                forward_client_to_ttyd(),
-                forward_ttyd_to_client()
-            )
-    except Exception as e:
-        logger.error(f"WebSocket connection error: {e}")
-        await websocket.close()
-
-@app.api_route("/{path:path}", methods=["GET", "POST", "HEAD", "OPTIONS"])
-async def proxy_http(request: Request, path: str):
-    if request.method == "HEAD":
-        return Response(status_code=200)
-
-    user = get_user(request)
-    if not user:
-        return RedirectResponse(url="/login")
-
-    async with httpx.AsyncClient(http2=False) as client:
-        url = f"{TTYD_URL}/{path}"
-        if request.query_params:
-            url += f"?{request.query_params}"
-        
-        headers = {k: v for k, v in request.headers.items() if k.lower() not in ['host', 'content-length']}
-        
-        try:
-            body = await request.body()
-            rp_resp = await client.request(
-                request.method,
-                url,
-                headers=headers,
-                content=body
-            )
-            
-            # 核心修复：移除上游响应中过时的头部信息
-            resp_headers = dict(rp_resp.headers)
-            
-            # 必须删除 Content-Length，因为 httpx 可能已经解压了内容
-            # 如果不删除，Uvicorn 会因为实际内容长度与 Header 不符而抛出错误
-            resp_headers.pop("Content-Length", None)
-            
-            # 必须删除 Transfer-Encoding: chunked，因为我们现在一次性发送完整 content
-            resp_headers.pop("Transfer-Encoding", None)
-            
-            # 必须删除 Content-Encoding，因为 httpx 已经自动解压了 gzip/deflate
-            resp_headers.pop("Content-Encoding", None)
-            
-            # 移除连接相关的头部
-            resp_headers.pop("Connection", None)
-            resp_headers.pop("Keep-Alive", None)
-            
-            if path == "favicon.ico" and rp_resp.status_code == 404:
-                return Response(status_code=404)
-
-            return Response(
-                content=rp_resp.content,
-                status_code=rp_resp.status_code,
-                headers=resp_headers
-            )
-        except Exception as e:
-            logger.error(f"Proxy Error for {path}: {e}")
-            return Response(f"Proxy Error: {e}", status_code=502)