oidc用户认证接口

@@ -28,4 +28,5 @@ kservice/tmp
 dist/
 dist/
 build/
 build/
 *.egg-info/
 *.egg-info/
-.git/
+.git/
+.vscode/

@@ -7,8 +7,8 @@ import time
 import configure
 import configure
 from app.util import BlueprintApi
 from app.util import BlueprintApi
 from app.util import find_class
 from app.util import find_class
-from app.models import db,Table,InsertingLayerName,Database,DES,Task
-
+from app.models import db, Table, InsertingLayerName, Database, DES, Task
+from app.modules.auth.oauth2 import config_oauth
 from flasgger import Swagger
 from flasgger import Swagger
 # from rtree import index
 # from rtree import index
 import logging
 import logging
@@ -31,12 +31,15 @@ import os
 """
 """
 因为decimal不能序列化，增加Flask对decimal类的解析 
 因为decimal不能序列化，增加Flask对decimal类的解析 
 """
 """
+
+
 class JSONEncoder(_JSONEncoder):
 class JSONEncoder(_JSONEncoder):
     def default(self, o):
     def default(self, o):
         if isinstance(o, decimal.Decimal):
         if isinstance(o, decimal.Decimal):
             return float(o)
             return float(o)
         super(JSONEncoder, self).default(o)
         super(JSONEncoder, self).default(o)
 
 
+
 class Flask(_Flask):
 class Flask(_Flask):
     json_encoder = JSONEncoder
     json_encoder = JSONEncoder
 
 
@@ -52,12 +55,18 @@ def create_app():
     app.config['echo'] = True
     app.config['echo'] = True
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
     app.config['JSON_AS_ASCII'] = False
     app.config['JSON_AS_ASCII'] = False
+    app.config['SECRET_KEY'] = configure.SECRET_KEY
+    app.config['OAUTH2_JWT_ENABLED'] = True
+
+    app.config['OAUTH2_JWT_ISS'] = 'http://localhost:5000'
+    app.config['OAUTH2_JWT_KEY'] = 'secret-key'
+    app.config['OAUTH2_JWT_ALG'] = 'HS256'
     # app.config['SQLALCHEMY_ECHO'] = True
     # app.config['SQLALCHEMY_ECHO'] = True
 
 
     # 跨域设置
     # 跨域设置
     CORS(app)
     CORS(app)
 
 
-    #swagger设置
+    # swagger设置
     swagger_config = Swagger.DEFAULT_CONFIG
     swagger_config = Swagger.DEFAULT_CONFIG
     swagger_config.update(configure.swagger_configure)
     swagger_config.update(configure.swagger_configure)
     Swagger(app, config=swagger_config)
     Swagger(app, config=swagger_config)
@@ -66,41 +75,47 @@ def create_app():
     db.init_app(app)
     db.init_app(app)
     db.create_all(app=app)
     db.create_all(app=app)
 
 
-
     # 日志
     # 日志
     logging.basicConfig(level=logging.INFO)
     logging.basicConfig(level=logging.INFO)
-    log_file = os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))),"logs","log.txt")
-    handler = logging.FileHandler(log_file, encoding='UTF-8')   # 设置日志字符集和存储路径名字
-    logging_format = logging.Formatter('[%(levelname)s] %(asctime)s %(message)s')
+    log_file = os.path.join(os.path.dirname(os.path.dirname(
+        os.path.realpath(__file__))), "logs", "log.txt")
+    handler = logging.FileHandler(
+        log_file, encoding='UTF-8')   # 设置日志字符集和存储路径名字
+    logging_format = logging.Formatter(
+        '[%(levelname)s] %(asctime)s %(message)s')
     handler.setFormatter(logging_format)
     handler.setFormatter(logging_format)
     app.logger.addHandler(handler)
     app.logger.addHandler(handler)
-
-
+    
+    # 配置使用鉴权组件，不写无法认证授权
+    config_oauth(app)
+    
     # 注册blueprint，查找BlueprintApi的子类
     # 注册blueprint，查找BlueprintApi的子类
     for scan in configure.scan_module:
     for scan in configure.scan_module:
         for api in find_class(scan, BlueprintApi):
         for api in find_class(scan, BlueprintApi):
             app.register_blueprint(api.bp)
             app.register_blueprint(api.bp)
 
 
-
     # 入库监测线程
     # 入库监测线程
+
     @app.before_first_request
     @app.before_first_request
     def data_entry_process():
     def data_entry_process():
         StructurePrint.print("start listen")
         StructurePrint.print("start listen")
         process = threading.Thread(target=data_entry_center)
         process = threading.Thread(target=data_entry_center)
         process.start()
         process.start()
+    
+    # 不检测https
+    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
+    
 
 
     return app
     return app
 
 
 
 
-
-
 def data_entry_center():
 def data_entry_center():
     running_dict = {}
     running_dict = {}
-    sys_session: Session = PGUtil.get_db_session(configure.SQLALCHEMY_DATABASE_URI)
+    sys_session: Session = PGUtil.get_db_session(
+        configure.SQLALCHEMY_DATABASE_URI)
 
 
     while True:
     while True:
 
 
-
         try:
         try:
             time.sleep(3)
             time.sleep(3)
 
 
@@ -109,10 +124,11 @@ def data_entry_center():
 
 
             # structured_print(running_dict.__len__().__str__())
             # structured_print(running_dict.__len__().__str__())
 
 
-            for process,layer_names in running_dict.items():
+            for process, layer_names in running_dict.items():
                 if not process.is_alive():
                 if not process.is_alive():
                     for l in layer_names:
                     for l in layer_names:
-                        inserted = sys_session.query(InsertingLayerName).filter_by(name=l).one_or_none()
+                        inserted = sys_session.query(
+                            InsertingLayerName).filter_by(name=l).one_or_none()
                         if inserted:
                         if inserted:
                             sys_session.delete(inserted)
                             sys_session.delete(inserted)
                     sys_session.commit()
                     sys_session.commit()
@@ -124,38 +140,40 @@ def data_entry_center():
 
 
             # 入库进程少于阈值，开启入库进程
             # 入库进程少于阈值，开启入库进程
 
 
-            inter_size = sys_session.query(distinct(InsertingLayerName.task_guid)).count()
+            inter_size = sys_session.query(
+                distinct(InsertingLayerName.task_guid)).count()
 
 
             if inter_size < configure.entry_data_thread:
             if inter_size < configure.entry_data_thread:
                 # 锁表啊
                 # 锁表啊
-                ready_task:Task = sys_session.query(Task).filter_by(state=0).order_by(Task.create_time).with_lockmode("update").limit(1).one_or_none()
+                ready_task: Task = sys_session.query(Task).filter_by(state=0).order_by(
+                    Task.create_time).with_lockmode("update").limit(1).one_or_none()
                 if ready_task:
                 if ready_task:
 
 
                     try:
                     try:
                         parameter = json.loads(ready_task.parameter)
                         parameter = json.loads(ready_task.parameter)
                         StructurePrint.print("检测到入库任务")
                         StructurePrint.print("检测到入库任务")
-                        ready_task.state=2
-                        ready_task.process="入库中"
+                        ready_task.state = 2
+                        ready_task.process = "入库中"
                         sys_session.commit()
                         sys_session.commit()
 
 
-                        metas: list = json.loads(parameter.get("meta").__str__())
+                        metas: list = json.loads(
+                            parameter.get("meta").__str__())
                         parameter["meta"] = metas
                         parameter["meta"] = metas
 
 
-
-                        database = sys_session.query(Database).filter_by(guid=ready_task.database_guid).one_or_none()
-                        pg_ds: DataSource = PGUtil.open_pg_data_source(1,DES.decode(database.sqlalchemy_uri))
+                        database = sys_session.query(Database).filter_by(
+                            guid=ready_task.database_guid).one_or_none()
+                        pg_ds: DataSource = PGUtil.open_pg_data_source(
+                            1, DES.decode(database.sqlalchemy_uri))
 
 
                         this_task_layer = []
                         this_task_layer = []
                         for meta in metas:
                         for meta in metas:
                             overwrite = parameter.get("overwrite", "no")
                             overwrite = parameter.get("overwrite", "no")
 
 
-
-
                             for layer_name_origin, layer_name in meta.get("layer").items():
                             for layer_name_origin, layer_name in meta.get("layer").items():
                                 origin_name = layer_name
                                 origin_name = layer_name
                                 no = 1
                                 no = 1
 
 
-                                while (overwrite.__eq__("no") and pg_ds.GetLayerByName(layer_name)) or sys_session.query(InsertingLayerName).filter_by(name=layer_name).one_or_none() :
+                                while (overwrite.__eq__("no") and pg_ds.GetLayerByName(layer_name)) or sys_session.query(InsertingLayerName).filter_by(name=layer_name).one_or_none():
                                     layer_name = origin_name + "_{}".format(no)
                                     layer_name = origin_name + "_{}".format(no)
                                     no += 1
                                     no += 1
 
 
@@ -171,7 +189,8 @@ def data_entry_center():
                                 meta["layer"][layer_name_origin] = layer_name
                                 meta["layer"][layer_name_origin] = layer_name
 
 
                         pg_ds.Destroy()
                         pg_ds.Destroy()
-                        entry_data_process = multiprocessing.Process(target=EntryDataVacuate().entry,args=(parameter,))
+                        entry_data_process = multiprocessing.Process(
+                            target=EntryDataVacuate().entry, args=(parameter,))
                         entry_data_process.start()
                         entry_data_process.start()
                         running_dict[entry_data_process] = this_task_layer
                         running_dict[entry_data_process] = this_task_layer
                     except Exception as e:
                     except Exception as e:
@@ -184,4 +203,4 @@ def data_entry_center():
                     sys_session.commit()
                     sys_session.commit()
         except Exception as e:
         except Exception as e:
             sys_session.commit()
             sys_session.commit()
-            StructurePrint.print(e.__str__(),"error")
+            StructurePrint.print(e.__str__(), "error")

+from app.util import BlueprintApi
+from app.util import BlueprintApi
+from flask import Blueprint, render_template, redirect, url_for, request, session, jsonify
+from .models import *
+from werkzeug.security import gen_salt
+import time
+from .oauth2 import authorization, require_oauth, generate_user_info
+from authlib.oauth2 import OAuth2Error
+from authlib.integrations.flask_oauth2 import current_token
+
+def current_user():
+    if 'id' in session:
+        uid = session['id']
+        return User.query.get(uid)
+    return None
+
+
+def split_by_crlf(s):
+    return [v for v in s.splitlines() if v]
+
+
+class DataManager(BlueprintApi):
+    bp = Blueprint("Auth", __name__, url_prefix="/auth")
+
+    @staticmethod
+    @bp.route('/test', methods=('GET', 'POST'))
+    def Test():
+        res = {}
+        try:
+            res['user'] = User.query.all()
+        except Exception as e:
+            raise e
+        return res
+
+    @staticmethod
+    @bp.route('/', methods=('GET', 'POST'))
+    def test():
+        if request.method == 'POST':
+            username = request.form['username']
+            password = request.form['password']
+            user = User.query.filter_by(username=username).first()
+            if not user:
+                user = User(username=username,
+                            password=password, role='admin')
+                db.session.add(user)
+                db.session.commit()
+            session['id'] = user.id
+            return redirect('/auth')
+        user = current_user()
+        if user:
+            clients = OAuth2Client.query.filter_by(user_id=user.id).all()
+        else:
+            clients = []
+        return render_template('auth/login.html', user=user, clients=clients)
+    
+    
+
+    @staticmethod
+    @bp.route('/create_client', methods=('GET', 'POST'))
+    def create_client():
+        user = current_user()
+        if not user:
+            return redirect('/auth')
+        if request.method == 'GET':
+            return render_template('auth/create_client.html')
+        form = request.form
+        client_id = gen_salt(24)
+        client = OAuth2Client(client_id=client_id, user_id=user.id)
+        # Mixin doesn't set the issue_at date
+        client.client_id_issued_at = int(time.time())
+        if client.token_endpoint_auth_method == 'none':
+            client.client_secret = ''
+        else:
+            client.client_secret = gen_salt(48)
+        client_metadata = {
+            "client_name": form["client_name"],
+            "client_uri": form["client_uri"],
+            "grant_types": split_by_crlf(form["grant_type"]),
+            "redirect_uris": split_by_crlf(form["redirect_uri"]),
+            "response_types": split_by_crlf(form["response_type"]),
+            "scope": form["scope"],
+            "token_endpoint_auth_method": form["token_endpoint_auth_method"]
+        }
+        client.set_client_metadata(client_metadata)
+        db.session.add(client)
+        db.session.commit()
+        return redirect('/auth')
+    
+    @staticmethod
+    @bp.route('/authorize', methods=('GET', 'POST'))
+    def authorize():
+        user = current_user()
+        if request.method == 'GET':
+            try:
+                grant = authorization.validate_consent_request(end_user=user)
+            except OAuth2Error as error:
+                return jsonify(dict(error.get_body()))
+            return render_template('auth/authorize.html', user=user, grant=grant)
+        if not user and 'username' in request.form:
+            username = request.form.get('username')
+            user = User.query.filter_by(username=username).first()
+        if request.form['confirm']:
+            grant_user = user
+        else:
+            grant_user = None
+        return authorization.create_authorization_response(grant_user=grant_user)
+    
+    
+    @staticmethod
+    @bp.route('/token', methods=['POST'])
+    def issue_token():
+        return authorization.create_token_response()
+    
+    @staticmethod
+    @bp.route('/userinfo')
+    @require_oauth('profile')
+    def api_me():
+        return jsonify(generate_user_info(current_token.user, current_token.scope))

+from flask_sqlalchemy import sqlalchemy
+from sqlalchemy import Column, Integer, Text, Time, ForeignKey
+from app.models import db
+from authlib.integrations.sqla_oauth2 import (
+    OAuth2ClientMixin,
+    OAuth2TokenMixin,
+    OAuth2AuthorizationCodeMixin
+)
+from sqlalchemy.orm import relationship
+
+
+class User (db.Model):
+    '''
+    用户信息表
+    '''
+    __tablename__ = "dmdms_user"
+    id = Column(Integer, primary_key=True)
+    username = Column(Text)
+    password = Column(Text)
+    company = Column(Text)
+    position = Column(Text)
+    phone = Column(Text)
+    email = Column(Text)
+    create_time = Column(Time)
+    update_time = Column(Time)
+    role = Column(Text)
+
+    def __str__(self):
+        return self.username
+
+    def get_user_id(self):
+        return self.id
+
+
+class OAuth2Client(db.Model, OAuth2ClientMixin):
+    __tablename__ = 'oauth2_client'
+
+    id = Column(Integer, primary_key=True)
+    user_id = Column(
+        Integer, ForeignKey('dmdms_user.id', ondelete='CASCADE'))
+    user = relationship('User')
+
+
+class OAuth2AuthorizationCode(db.Model, OAuth2AuthorizationCodeMixin):
+    __tablename__ = 'oauth2_code'
+
+    id = Column(Integer, primary_key=True)
+    user_id = Column(
+        Integer, ForeignKey('dmdms_user.id', ondelete='CASCADE'))
+    user = relationship('User')
+
+
+class OAuth2Token(db.Model, OAuth2TokenMixin):
+    __tablename__ = 'oauth2_token'
+
+    id = Column(Integer, primary_key=True)
+    user_id = Column(
+        Integer, ForeignKey('dmdms_user.id', ondelete='CASCADE'))
+    user = relationship('User')

+from authlib.integrations.flask_oauth2 import (
+    AuthorizationServer, ResourceProtector)
+from authlib.integrations.sqla_oauth2 import (
+    create_query_client_func,
+    create_save_token_func,
+    create_bearer_token_validator,
+)
+from authlib.oauth2.rfc6749.grants import (
+    AuthorizationCodeGrant as _AuthorizationCodeGrant,
+)
+from authlib.oidc.core.grants import (
+    OpenIDCode as _OpenIDCode,
+    OpenIDImplicitGrant as _OpenIDImplicitGrant,
+    OpenIDHybridGrant as _OpenIDHybridGrant,
+)
+from authlib.oidc.core import UserInfo
+from werkzeug.security import gen_salt
+from .models import db, User
+from .models import OAuth2Client, OAuth2AuthorizationCode, OAuth2Token
+
+
+DUMMY_JWT_CONFIG = {
+    'key': 'secret-key',
+    'alg': 'HS256',
+    'iss': 'https://authlib.org',
+    'exp': 7200,
+}
+
+def exists_nonce(nonce, req):
+    exists = OAuth2AuthorizationCode.query.filter_by(
+        client_id=req.client_id, nonce=nonce
+    ).first()
+    return bool(exists)
+
+
+def generate_user_info(user, scope):
+    return UserInfo(sub=str(user.id), name=user.username)
+
+
+def create_authorization_code(client, grant_user, request):
+    code = gen_salt(48)
+    nonce = request.data.get('nonce')
+    item = OAuth2AuthorizationCode(
+        code=code,
+        client_id=client.client_id,
+        redirect_uri=request.redirect_uri,
+        scope=request.scope,
+        user_id=grant_user.id,
+        nonce=nonce,
+    )
+    db.session.add(item)
+    db.session.commit()
+    return code
+
+
+class AuthorizationCodeGrant(_AuthorizationCodeGrant):
+    def create_authorization_code(self, client, grant_user, request):
+        return create_authorization_code(client, grant_user, request)
+
+    def parse_authorization_code(self, code, client):
+        item = OAuth2AuthorizationCode.query.filter_by(
+            code=code, client_id=client.client_id).first()
+        if item and not item.is_expired():
+            return item
+
+    def delete_authorization_code(self, authorization_code):
+        db.session.delete(authorization_code)
+        db.session.commit()
+
+    def authenticate_user(self, authorization_code):
+        return User.query.get(authorization_code.user_id)
+
+
+class OpenIDCode(_OpenIDCode):
+    def exists_nonce(self, nonce, request):
+        return exists_nonce(nonce, request)
+
+    def get_jwt_config(self, grant):
+        return DUMMY_JWT_CONFIG
+
+    def generate_user_info(self, user, scope):
+        return generate_user_info(user, scope)
+
+
+class ImplicitGrant(_OpenIDImplicitGrant):
+    def exists_nonce(self, nonce, request):
+        return exists_nonce(nonce, request)
+
+    def get_jwt_config(self, grant):
+        return DUMMY_JWT_CONFIG
+
+    def generate_user_info(self, user, scope):
+        return generate_user_info(user, scope)
+
+
+class HybridGrant(_OpenIDHybridGrant):
+    def create_authorization_code(self, client, grant_user, request):
+        return create_authorization_code(client, grant_user, request)
+
+    def exists_nonce(self, nonce, request):
+        return exists_nonce(nonce, request)
+
+    def get_jwt_config(self):
+        return DUMMY_JWT_CONFIG
+
+    def generate_user_info(self, user, scope):
+        return generate_user_info(user, scope)
+
+
+authorization = AuthorizationServer()
+require_oauth = ResourceProtector()
+
+
+def config_oauth(app):
+    query_client = create_query_client_func(db.session, OAuth2Client)
+    save_token = create_save_token_func(db.session, OAuth2Token)
+    authorization.init_app(
+        app,
+        query_client=query_client,
+        save_token=save_token
+    )
+
+    # support all openid grants
+    authorization.register_grant(AuthorizationCodeGrant, [
+        OpenIDCode(require_nonce=True),
+    ])
+    authorization.register_grant(ImplicitGrant)
+    authorization.register_grant(HybridGrant)
+
+    # protect resource
+    bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
+    require_oauth.register_token_validator(bearer_cls())

+<p>{{grant.client.client_name}} is requesting:
+<strong>{{ grant.request.scope }}</strong>
+</p>
+
+<form action="" method="post">
+  <label>
+    <input type="checkbox" name="confirm">
+    <span>Consent?</span>
+  </label>
+  {% if not user %}
+  <p>You haven't logged in. Log in with:</p>
+  <div>
+    <input type="text" name="username">
+  </div>
+  {% endif %}
+  <br>
+  <button>Submit</button>
+</form>

+<style>
+  label, label > span { display: block; }
+  label { margin: 15px 0; }
+</style>
+
+<a href="/">Home</a>
+
+<form action="" method="post">
+  <label>
+    <span>Client Name</span>
+    <input type="text" name="client_name">
+  </label>
+  <label>
+    <span>Client URI</span>
+    <input type="url" name="client_uri">
+  </label>
+  <label>
+    <span>Allowed Scope</span>
+    <input type="text" name="scope">
+  </label>
+  <label>
+    <span>Redirect URIs</span>
+    <textarea name="redirect_uri" cols="30" rows="10"></textarea>
+  </label>
+  <label>
+    <span>Allowed Grant Types</span>
+    <textarea name="grant_type" cols="30" rows="10"></textarea>
+  </label>
+  <label>
+    <span>Allowed Response Types</span>
+    <textarea name="response_type" cols="30" rows="10"></textarea>
+  </label>
+  <label>
+    <span>Token Endpoint Auth Method</span>
+    <select name="token_endpoint_auth_method">
+      <option value="client_secret_basic">client_secret_basic</option>
+      <option value="client_secret_post">client_secret_post</option>
+      <option value="none">none</option>
+    </select>
+  </label>
+  <button>Submit</button>
+</form>

+{% if user %}
+  <style>pre{white-space:wrap}</style>
+<div>Logged in as <strong>{{user}}</strong></div>
+
+{% for client in clients %}
+<pre>
+{{ client.client_info|tojson }}
+{{ client.client_metadata|tojson }}
+</pre>
+<hr>
+{% endfor %}
+
+<br><a href="{{ url_for('.create_client') }}">Create Client</a>
+
+{% else %}
+<form action="" method="post">
+  <input type="text" name="username" placeholder="账号">
+  <input type="text" name="password" placeholder="密码">
+  <button type="submit">Login / Signup</button>
+</form>
+{% endif %}

@@ -3,15 +3,16 @@
 # 程序部署ip:host
 # 程序部署ip:host
 deploy_ip_host = "172.26.99.160:8840"
 deploy_ip_host = "172.26.99.160:8840"
 # 系统数据库
 # 系统数据库
-SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.99.160:5432/dmap_dms_test"
+SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@172.26.40.254:5433/dmap_dms_test"
 
 
 
 
 # 部署模式cluster，standalone
 # 部署模式cluster，standalone
-deployment_mode="cluster"
+deployment_mode = "cluster"
 # 部署模式味cluster时有用，master，slave
 # 部署模式味cluster时有用，master，slave
-application_name="master"
+application_name = "master"
 
 
 # 固定配置不需要修改
 # 固定配置不需要修改
-swagger_configure={"title":"DMapManager"}
+swagger_configure = {"title": "DMapManager"}
 entry_data_thread = 3
 entry_data_thread = 3
-scan_module = ["app.modules"]# API所在的模块
+scan_module = ["app.modules"]  # API所在的模块
+SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'

 flask==1.1.2
 flask==1.1.2
 SQLAlchemy==1.3.17
 SQLAlchemy==1.3.17
 Flask-SQLAlchemy==2.4.3
 Flask-SQLAlchemy==2.4.3
-gevent==20.9.0
+#gevent==20.9.0
 gunicorn==20.0.4
 gunicorn==20.0.4
 flask_cors==3.0.8
 flask_cors==3.0.8
 flasgger==0.9.5
 flasgger==0.9.5
-GDAL==3.2.1
+#GDAL==3.2.1
 psycopg2==2.8.5
 psycopg2==2.8.5
 pyDes==2.0.1
 pyDes==2.0.1
 gevent-websocket==0.10.1
 gevent-websocket==0.10.1
 Pillow==8.1.2
 Pillow==8.1.2
 #Rtree==0.9.7
 #Rtree==0.9.7
 opencv-python==4.5.1.48
 opencv-python==4.5.1.48
-pstuil==5.8.0
-mod_wsgi==4.8.0
+psutil==5.8.0
+#mod_wsgi==4.8.0
+Authlib==0.13

@@ -3,5 +3,4 @@ from flask import Flask
 from app import create_app
 from app import create_app
 app:Flask = create_app()
 app:Flask = create_app()
 if __name__ == '__main__':
 if __name__ == '__main__':
-    app.run(host="0.0.0.0", port="8840", threaded=True, debug=True)
-
+    app.run(host="0.0.0.0", port="8840", threaded=True, debug=True)