Initial FastAPI admin auth scaffold

2026-06-05 17:10:30 +08:00
commit 5635da9ea5
65 changed files with 1407 additions and 0 deletions
--- a/app/middleware/token/init.py
+++ b/app/middleware/token/init.py
@@ -0,0 +1 @@
+"""Token middleware."""
--- a/app/middleware/token/abstract_token_middleware.py
+++ b/app/middleware/token/abstract_token_middleware.py
@@ -0,0 +1,72 @@
+from fastapi import Depends, Request
+
+from app.constants.result_code import ResultCode
+from app.core.dependencies import get_token_service
+from app.exception.err_exception import ErrException
+from app.lib.jwt.exceptions import JwtError, JwtExpiredError
+from app.lib.jwt.jwt import Jwt
+from app.lib.jwt.token import JwtToken
+from app.service.base_token_service import BaseTokenService
+
+
+class AbstractTokenMiddleware:
+    scene = "admin"
+
+    async def __call__(
+        self,
+        request: Request,
+        token_service: BaseTokenService = Depends(get_token_service),
+    ) -> JwtToken:
+        raw_token = self.get_token(request)
+        jwt = token_service.get_jwt(self.scene)
+
+        try:
+            token = await self.parser_token(jwt, raw_token)
+            await token_service.check_jwt(jwt, token)
+            self.check_issuer(jwt, token)
+        except JwtExpiredError as exc:
+            raise ErrException(
+                "token过期",
+                ResultCode.JWT_EXPIRED,
+                {"err_msg": str(exc)},
+            ) from exc
+        except JwtError as exc:
+            raise ErrException(
+                "token错误",
+                ResultCode.JWT_ERROR,
+                {"err_msg": str(exc)},
+            ) from exc
+
+        self.set_context(request, token)
+        request.state.token = token
+        return token
+
+    async def parser_token(self, jwt: Jwt, raw_token: str) -> JwtToken:
+        raise NotImplementedError
+
+    def set_context(self, request: Request, token: JwtToken) -> None:
+        raise NotImplementedError
+
+    @staticmethod
+    def check_issuer(jwt: Jwt, token: JwtToken) -> None:
+        if token.claims.get("iss") != jwt.issuer:
+            raise ErrException("token错误", ResultCode.JWT_ERROR)
+
+    @staticmethod
+    def get_token(request: Request) -> str:
+        authorization = request.headers.get("authorization")
+        if authorization:
+            scheme, _, token = authorization.partition(" ")
+            if scheme.lower() == "bearer" and token:
+                return token.strip()
+            return authorization.replace("Bearer ", "", 1).strip()
+
+        token_header = request.headers.get("token")
+        if token_header:
+            return token_header.strip()
+
+        token_query = request.query_params.get("token")
+        if token_query:
+            return token_query.strip()
+
+        raise ErrException("token缺失", ResultCode.JWT_ERROR)