From b9a867a200b409c17ec7479f6e5561c90fc4dfa5 Mon Sep 17 00:00:00 2001
From: insistence <3055204202@qq.com>
Date: Thu, 22 Feb 2024 15:15:25 +0800
Subject: [PATCH 1/5] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E4=BD=BF=E7=94=A8?=
=?UTF-8?q?nginx=E9=83=A8=E7=BD=B2=E6=97=B6=E6=97=A5=E5=BF=97=E8=AE=B0?=
=?UTF-8?q?=E5=BD=95IP=E5=BC=82=E5=B8=B8=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../module_admin/annotation/log_annotation.py | 2 +-
dash-fastapi-frontend/utils/request.py | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/dash-fastapi-backend/module_admin/annotation/log_annotation.py b/dash-fastapi-backend/module_admin/annotation/log_annotation.py
index f1e0f70..46f80e6 100644
--- a/dash-fastapi-backend/module_admin/annotation/log_annotation.py
+++ b/dash-fastapi-backend/module_admin/annotation/log_annotation.py
@@ -49,7 +49,7 @@ def log_decorator(title: str, business_type: int, log_type: Optional[str] = 'ope
# 获取请求的url
oper_url = request.url.path
# 获取请求的ip及ip归属区域
- oper_ip = request.headers.get('X-Forwarded-For') if AppConfig.app_env == 'prod' else request.headers.get('remote_addr')
+ oper_ip = request.headers.get('remote_addr') if request.headers.get('is_browser') == 'no' else request.headers.get('X-Forwarded-For')
oper_location = '内网IP'
try:
if oper_ip != '127.0.0.1' and oper_ip != 'localhost':
diff --git a/dash-fastapi-frontend/utils/request.py b/dash-fastapi-frontend/utils/request.py
index a605dad..51b4fc2 100644
--- a/dash-fastapi-frontend/utils/request.py
+++ b/dash-fastapi-frontend/utils/request.py
@@ -15,9 +15,9 @@ def api_request(method: str, url: str, is_headers: bool, params: Optional[dict]
remote_addr = request.headers.get("X-Forwarded-For") if AppConfig.app_env == 'prod' else request.remote_addr
if is_headers:
api_headers = {'Authorization': 'Bearer ' + authorization, 'remote_addr': remote_addr,
- 'User-Agent': user_agent}
+ 'User-Agent': user_agent, 'is_browser': 'no'}
else:
- api_headers = {'remote_addr': remote_addr, 'User-Agent': user_agent}
+ api_headers = {'remote_addr': remote_addr, 'User-Agent': user_agent, 'is_browser': 'no'}
try:
if method == 'get':
response = requests.get(url=api_url, params=params, data=data, json=json, headers=api_headers,
@@ -49,13 +49,13 @@ def api_request(method: str, url: str, is_headers: bool, params: Optional[dict]
if response_code == 200:
logger.info("[api]请求人:{}||请求IP:{}||请求方法:{}||请求Api:{}||请求参数:{}||请求结果:{}",
session.get('user_info').get('user_name') if session.get('user_info') else None,
- request.remote_addr, method, url,
+ remote_addr, method, url,
','.join([str(x) for x in data_list if x]),
response_message)
else:
logger.warning("[api]请求人:{}||请求IP:{}||请求方法:{}||请求Api:{}||请求参数:{}||请求结果:{}",
session.get('user_info').get('user_name') if session.get('user_info') else None,
- request.remote_addr, method, url,
+ remote_addr, method, url,
','.join([str(x) for x in data_list if x]),
response_message)
@@ -63,7 +63,7 @@ def api_request(method: str, url: str, is_headers: bool, params: Optional[dict]
except Exception as e:
logger.error("[api]请求人:{}||请求IP:{}||请求方法:{}||请求Api:{}||请求结果:{}",
session.get('user_info').get('user_name') if session.get('user_info') else None,
- request.remote_addr, method, url, str(e))
+ remote_addr, method, url, str(e))
session['code'] = 500
session['message'] = str(e)
--
Gitee
From 3676335ee80547ebd78847ec3e3421fc54e8b5e8 Mon Sep 17 00:00:00 2001
From: insistence <3055204202@qq.com>
Date: Fri, 23 Feb 2024 09:22:24 +0800
Subject: [PATCH 2/5] =?UTF-8?q?feat:=20=E7=94=A8=E6=88=B7=E6=8E=A5?=
=?UTF-8?q?=E5=8F=A3=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C=E5=A2=9E=E5=8A=A0?=
=?UTF-8?q?=E5=88=97=E8=A1=A8=E6=8E=A5=E6=94=B6=E5=8F=82=E6=95=B0=EF=BC=8C?=
=?UTF-8?q?=E5=AE=9E=E7=8E=B0=E5=90=8C=E4=B8=80=E6=8E=A5=E5=8F=A3=E6=94=AF?=
=?UTF-8?q?=E6=8C=81=E5=A4=9A=E4=B8=AA=E6=9D=83=E9=99=90=E6=A0=87=E8=AF=86?=
=?UTF-8?q?=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../module_admin/aspect/interface_auth.py | 20 +++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/dash-fastapi-backend/module_admin/aspect/interface_auth.py b/dash-fastapi-backend/module_admin/aspect/interface_auth.py
index a9d4f5e..d2cfb82 100644
--- a/dash-fastapi-backend/module_admin/aspect/interface_auth.py
+++ b/dash-fastapi-backend/module_admin/aspect/interface_auth.py
@@ -1,4 +1,5 @@
from fastapi import Depends
+from typing import Union, List
from module_admin.entity.vo.user_vo import CurrentUserInfoServiceResponse
from module_admin.service.login_service import get_current_user
from utils.response_util import PermissionException
@@ -7,13 +8,24 @@ from utils.response_util import PermissionException
class CheckUserInterfaceAuth:
"""
校验当前用户是否具有相应的接口权限
+ :param perm: 权限标识
+ :param is_strict: 当传入的权限标识是list类型时,是否开启严格模式,开启表示会校验列表中的每一个权限标识,所有的校验结果都需要为True才会通过
"""
- def __init__(self, perm_str: str = 'common'):
- self.perm_str = perm_str
+ def __init__(self, perm: Union[str, List], is_strict: bool = False):
+ self.perm = perm
+ self.is_strict = is_strict
def __call__(self, current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
user_auth_list = [item.perms for item in current_user.menu]
user_auth_list.append('common')
- if self.perm_str in user_auth_list:
- return True
+ if isinstance(self.perm, str):
+ if self.perm in user_auth_list:
+ return True
+ if isinstance(self.perm, list):
+ if self.is_strict:
+ if all([perm_str in user_auth_list for perm_str in self.perm]):
+ return True
+ else:
+ if any([perm_str in user_auth_list for perm_str in self.perm]):
+ return True
raise PermissionException(data="", message="该用户无此接口权限")
--
Gitee
From 3515d3047d1dccbe36ee4f0cc3b528f8d2db9421 Mon Sep 17 00:00:00 2001
From: insistence <3055204202@qq.com>
Date: Fri, 23 Feb 2024 09:25:15 +0800
Subject: [PATCH 3/5] =?UTF-8?q?feat:=20=E6=96=B0=E5=A2=9E=E6=8C=89?=
=?UTF-8?q?=E8=A7=92=E8=89=B2=E6=A0=A1=E9=AA=8C=E6=8E=A5=E5=8F=A3=E6=9D=83?=
=?UTF-8?q?=E9=99=90=E4=BE=9D=E8=B5=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../module_admin/aspect/interface_auth.py | 26 +++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/dash-fastapi-backend/module_admin/aspect/interface_auth.py b/dash-fastapi-backend/module_admin/aspect/interface_auth.py
index d2cfb82..e17f324 100644
--- a/dash-fastapi-backend/module_admin/aspect/interface_auth.py
+++ b/dash-fastapi-backend/module_admin/aspect/interface_auth.py
@@ -29,3 +29,29 @@ class CheckUserInterfaceAuth:
if any([perm_str in user_auth_list for perm_str in self.perm]):
return True
raise PermissionException(data="", message="该用户无此接口权限")
+
+
+class CheckRoleInterfaceAuth:
+ """
+ 根据角色校验当前用户是否具有相应的接口权限
+ :param role_key: 角色标识
+ :param is_strict: 当传入的角色标识是list类型时,是否开启严格模式,开启表示会校验列表中的每一个角色标识,所有的校验结果都需要为True才会通过
+ """
+ def __init__(self, role_key: Union[str, List], is_strict: bool = False):
+ self.role_key = role_key
+ self.is_strict = is_strict
+
+ def __call__(self, current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
+ user_role_list = current_user.role
+ user_role_key_list = [role.role_key for role in user_role_list]
+ if isinstance(self.role_key, str):
+ if self.role_key in user_role_key_list:
+ return True
+ if isinstance(self.role_key, list):
+ if self.is_strict:
+ if all([role_key_str in user_role_key_list for role_key_str in self.role_key]):
+ return True
+ else:
+ if any([role_key_str in user_role_key_list for role_key_str in self.role_key]):
+ return True
+ raise PermissionException(data="", message="该用户无此接口权限")
--
Gitee
From 79927d8c1a798c43964a8653f93d69ec859ea835 Mon Sep 17 00:00:00 2001
From: insistence <3055204202@qq.com>
Date: Fri, 23 Feb 2024 09:27:43 +0800
Subject: [PATCH 4/5] =?UTF-8?q?chore:=20=E5=8D=87=E7=BA=A7=E7=89=88?=
=?UTF-8?q?=E6=9C=AC=E5=8F=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
dash-fastapi-backend/.env.dev | 2 +-
dash-fastapi-backend/.env.prod | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dash-fastapi-backend/.env.dev b/dash-fastapi-backend/.env.dev
index 1689376..7dfa817 100644
--- a/dash-fastapi-backend/.env.dev
+++ b/dash-fastapi-backend/.env.dev
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
# 应用端口
APP_PORT = 9099
# 应用版本
-APP_VERSION= '1.2.0'
+APP_VERSION= '1.2.1'
# 应用是否开启热重载
APP_RELOAD = true
diff --git a/dash-fastapi-backend/.env.prod b/dash-fastapi-backend/.env.prod
index bc743e9..b496d9f 100644
--- a/dash-fastapi-backend/.env.prod
+++ b/dash-fastapi-backend/.env.prod
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
# 应用端口
APP_PORT = 9099
# 应用版本
-APP_VERSION= '1.2.0'
+APP_VERSION= '1.2.1'
# 应用是否开启热重载
APP_RELOAD = false
--
Gitee
From 4bcd48901028bf2bd62f297fc5e7e6252bd85e67 Mon Sep 17 00:00:00 2001
From: insistence <3055204202@qq.com>
Date: Fri, 23 Feb 2024 09:28:06 +0800
Subject: [PATCH 5/5] =?UTF-8?q?docs:=20=E6=9B=B4=E6=96=B0README=E6=96=87?=
=?UTF-8?q?=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
README.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 4542378..5599e94 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,19 @@
-Dash-FastAPI-Admin v1.2.0
+Dash-FastAPI-Admin v1.2.1
基于Dash+FastAPI前后端分离的纯Python快速开发框架
- 
+ 
+
## 平台简介
Dash-FastAPI-Admin是一套全部开源的快速开发平台,毫无保留给个人及企业免费使用。
--
Gitee