feat(api/auth): switch-to-stateful-authentication (#5438)

2026-04-26 05:35:58 +08:00 · 2024-06-21 12:39:07 +08:00
parent 26b6fd2236
commit 1336b844fd
8 changed files with 89 additions and 43 deletions
--- a/api/services/init.py
+++ b/api/services/init.py
@ -1 +1,3 @@
-import services.errors
+from . import errors
+
+__all__ = ['errors']
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@ -13,7 +13,6 @@ from werkzeug.exceptions import Unauthorized
 from constants.languages import language_timezone_mapping, languages
 from events.tenant_event import tenant_was_created
 from extensions.ext_redis import redis_client
-from libs.helper import get_remote_ip
 from libs.passport import PassportService
 from libs.password import compare_password, hash_password, valid_password
 from libs.rsa import generate_key_pair
@ -67,10 +66,10 @@ class AccountService:


    @staticmethod
-    def get_account_jwt_token(account):
+    def get_account_jwt_token(account, *, exp: timedelta = timedelta(days=30)):
        payload = {
            "user_id": account.id,
-            "exp": datetime.now(timezone.utc).replace(tzinfo=None) + timedelta(days=30),
+            "exp": datetime.now(timezone.utc).replace(tzinfo=None) + exp,
            "iss": current_app.config['EDITION'],
            "sub": 'Console API Passport',
        }
@ -195,14 +194,35 @@ class AccountService:
        return account

    @staticmethod
-    def update_last_login(account: Account, request) -> None:
+    def update_last_login(account: Account, *, ip_address: str) -> None:
        """Update last login time and ip"""
        account.last_login_at = datetime.now(timezone.utc).replace(tzinfo=None)
-        account.last_login_ip = get_remote_ip(request)
+        account.last_login_ip = ip_address
        db.session.add(account)
        db.session.commit()
        logging.info(f'Account {account.id} logged in successfully.')

+    @staticmethod
+    def login(account: Account, *, ip_address: Optional[str] = None):
+        if ip_address:
+            AccountService.update_last_login(account, ip_address=ip_address)
+        exp = timedelta(days=30)
+        token = AccountService.get_account_jwt_token(account, exp=exp)
+        redis_client.set(_get_login_cache_key(account_id=account.id, token=token), '1', ex=int(exp.total_seconds()))
+        return token
+
+    @staticmethod
+    def logout(*, account: Account, token: str):
+        redis_client.delete(_get_login_cache_key(account_id=account.id, token=token))
+
+    @staticmethod
+    def load_logged_in_account(*, account_id: str, token: str):
+        if not redis_client.get(_get_login_cache_key(account_id=account_id, token=token)):
+            return None
+        return AccountService.load_user(account_id)
+
+def _get_login_cache_key(*, account_id: str, token: str):
+    return f"account_login:{account_id}:{token}"

 class TenantService:

--- a/api/services/errors/init.py
+++ b/api/services/errors/init.py
@ -1,6 +1,29 @@
-__all__ = [
-    'base', 'conversation', 'message', 'index', 'app_model_config', 'account', 'document', 'dataset',
-    'app', 'completion', 'audio', 'file'
-]
+from . import (
+    account,
+    app,
+    app_model_config,
+    audio,
+    base,
+    completion,
+    conversation,
+    dataset,
+    document,
+    file,
+    index,
+    message,
+)

-from . import *
+__all__ = [
+    "base",
+    "conversation",
+    "message",
+    "index",
+    "app_model_config",
+    "account",
+    "document",
+    "dataset",
+    "app",
+    "completion",
+    "audio",
+    "file",
+]