XjUddlZddlmZmZddlmZddlZddlmZmZddl m Z ddl m Z ddl mZeeZerddlmZe d gd Zdaejdzed <d ejfdZdeded efdZded efdZd8dededzd efdZded edzfdZeZd efdZ ded e!eeffdZ"dede#d dfdZ$ded efdZ%d efdZ&d efdZ'd efd Z(d efd!Z)d efd"Z*d efd#Z+d efd$Z,d efd%Z-d efd&Z.d efd'Z/d(e#dzd efd)Z0 d8d*e#d+e#dzd efd,Z1d8d-edzd efd.Z2d/Z3d8d9d2Z4d e5fd3Z6d4e5d efd5Z7d6ed efd7Z8dS):N)datetime timedelta) TYPE_CHECKING)JWTErrorjwt) CryptContext)settings) get_logger)Userbcryptauto)schemes deprecated _redis_clientreturnctntjr!tjtjdanAtjtjtjtjtj datS)NT)decode_responses)hostportdbpasswordr) rr REDIS_URLredisfrom_urlRedis REDIS_HOST REDIS_PORTREDIS_DBREDIS_PASSWORD9/lsinfo/ai/hellotax_ai/base_platform/app/core/security.pyget_redis_clientr#sf   !N8+=PTUUUMM!K(($!0!% M r!plain_passwordhashed_passwordct|tr2|ddddd}t||}|st d|S)Nzutf-8Hignore)errorszPassword verification failed) isinstancestrencodedecode pwd_contextverifyloggerwarning)r$r%results r"verify_passwordr3%sz.#&&^'..w77<CCGT\C]]    @ @F 75666 Mr!rcnt|}td|S)NzPassword hashed successfully)r.hashr0info)rhasheds r"get_password_hashr8.s-   h ' 'F KK./// Mr!data expires_deltac@|}|rtj|z}n.tjttjz}|d|itj|tj tj }|S)N)minutesexp) algorithm) copyrutcnowrr ACCESS_TOKEN_EXPIRE_MINUTESupdaterr, SECRET_KEY ALGORITHM)r9r: to_encodeexpire encoded_jwts r"create_access_tokenrH4s I]""]2""Yx7[%\%\%\\ eV_%%%*Y(;xGYZZZK r!tokenc tj|tjtjg}|S#t $r(}t d|Yd}~dSd}~wwxYw)N) algorithmszToken decode failed: )rr-r rCrDrr0r1)rIpayloades r"decode_access_tokenrN?sr*UH$7XEWDXYYY 2q22333ttttts-0 A"AA"c*tjdS)N )secrets token_urlsafer r!r"generate_verification_tokenrSKs   $ $$r!ct|dkrdStd|DsdStd|DsdStd|DsdSd tfd |Dsd Sd S) N)Fu密码至少需要8个字符c3>K|]}|VdSN)isupper.0cs r" z-validate_password_strength..R*--qqyy{{------r!)Fu密码必须包含大写字母c3>K|]}|VdSrW)islowerrYs r"r\z-validate_password_strength..Tr]r!)Fu密码必须包含小写字母c3>K|]}|VdSrW)isdigitrYs r"r\z-validate_password_strength..Vr]r!)Fu密码必须包含数字z!@#$%^&*()_+-=[]{}|;:,.<>?c3 K|]}|vV dSrWr )rZr[ special_charss r"r\z-validate_password_strength..Ys(44aqM!444444r!)Fu密码必须包含特殊字符)T)lenany)rrcs @r"validate_password_strengthrgOs 8}}q66 --H--- - -988 --H--- - -988 --H--- - -3220M 44448444 4 4988 :r! exp_timestampct}|ttjz }|dkr|d||ddSdS)Nrrevoked_token:1)r#intrr@ timestampsetex)rIrhclientttls r" revoke_tokenrq^sh   F #ho//99;;<< - --r!resource_owner_idresource_tenant_idczt|rdS||jkrdSt|r |r |j|kSdSr)ridrr)r~rrs r"can_manage_resourcersVtDG##t4#54~!333 5r! company_namecxddddd}||j|j}|r|jdvr|d|S|S)Nu平台管理员u 平台用户u企业管理员u 企业用户)rrrry)rry/)getr|)r~r role_names role_displays r"get_role_displayrsb+'+' J >>$)TY77L0 %HHH///// r!cXddlm}m}t|s||jddS)Nr) HTTPExceptionstatuszAdmin access required status_codedetail)fastapirrrHTTP_403_FORBIDDENr~rrs r" require_adminrsP-------- D ! !cm(AJabbbbccr! current_userr cddlm}mmddlm}|||fd fd }|St |sjd|S) Nr)Dependsrr)get_current_userr~r cJt|sjd|S)NPlatform admin access requiredr)rrrs r"_require_platform_adminz7require_platform_admin.._require_platform_admins<$T** #m & 9BbKr!rr)r~r )rrrr app.api.depsrrr)rrrrrrs @@r"require_platform_adminrs6666666666------3:7;K3L3L        '& .. -"5>^ r!cHt|drd|jDSgS)NrxcLg|]!}|j |jj|jj"Sr )r{r|r})rZrs r" z"get_user_roles..sA   "- QSQXQc GL   r!)rzrxrs r"get_user_rolesrs>t\""   #'?     Ir! role_codescnt|}|s |jvStfd|DS)Nc3 K|]}|vV dSrWr )rZr}rs r"r\zhas_any_role..s(>>dtz!>>>>>>r!)rr|rf)r~ruser_role_codess ` r" has_any_rolersH$T**O 'yJ&& >>>>o>>> > >>r! role_codec$t||gSrW)r)r~rs r"has_rolers yk * **r!rW)rr )9rQrrtypingrrjoserrpasslib.contextr app.configr common_loggingr __name__r0 app.modelsr r.rr__annotations__r#r+boolr3r8dictrHrN verify_tokenrStuplergrlrqrvrrrrrrrrrrrrrrrlistrrrr r!r"rs(((((((( ((((((%%%%%% H   lH:&AAA $( u{T!((( %+     C#$ d9t3Csstd{# %S%%%%  tSy1A    99C9D9999CD7c77776t66665d55556t66665d5555IIIIIJdJJJJJdJJJJJJJJJIDIIII.sTz.d....DH    69Dj        t s    ccc.D?4?D????+c+d++++++r!