feat:asyncsql

Author: 2412322029

.gitignore

@@ -1,2 +1,4 @@
 /test/
 /.venv/
+uploads/*
+log/*

api/adminapi.py

@@ -1,4 +1,6 @@
 from fastapi import APIRouter, Depends, HTTPException
+from slowapi import Limiter
+from slowapi.util import get_remote_address
 from sqlalchemy.orm import Session
 from starlette import status
 
@@ -9,6 +11,15 @@
 
 adminapp = APIRouter()
 
+Allow_register: bool = True
+
+
+def get_is_Allow_register():
+    return Allow_register
+
+
+limiter = Limiter(key_func=get_remote_address, enabled=True)
+
 
 async def get_admin(current_user: TokenData = Depends(get_current_user)):
     if current_user.gid == 1:
@@ -17,7 +28,38 @@ async def get_admin(current_user: TokenData = Depends(get_current_user)):
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='非管理员')
 
 
-@adminapp.get("/test", response_model=list[UserOut | None])
-async def alluserinfo(session: Session = Depends(get_session), current_admin=Depends(get_admin)):
-    userlist: list[UserOut | None] = crud.get_all_user(session=session)
+@adminapp.get("/alluser", response_model=list[UserOut | None], dependencies=[Depends(get_admin)])
+async def alluserinfo(session: Session = Depends(get_session)):
+    userlist: list[UserOut | None] = await crud.get_all_user(session=session)
     return userlist
+
+
+@adminapp.get("/is_allow_register", response_model=bool)
+async def is_allow_register():
+    return Allow_register
+
+
+@adminapp.get("/is_limiter", response_model=bool)
+async def is_limiter():
+    return limiter.enabled
+
+
+@adminapp.put("/allow_register", dependencies=[Depends(get_admin)])
+async def allow_register(allow: bool):
+    global Allow_register
+    Allow_register = allow
+    return '修改成功'
+
+
+@adminapp.put("/set_limiter", dependencies=[Depends(get_admin)])
+async def set_limiter(allow: bool):
+    limiter.enabled = allow
+    if allow:
+        return '开启限制'
+    else:
+        return '关闭限制'
+
+
+@adminapp.delete("/deleteuser")
+async def deleteuser(username, session: Session = Depends(get_session), current_admin=Depends(get_admin)):
+    return await crud.delete_user(session=session, username=username)

api/userapi.py

@@ -1,20 +1,28 @@
-from fastapi import APIRouter, Depends, HTTPException, status, Query
+import hashlib
+import os
+
+import aiofiles
+from fastapi import APIRouter, Depends, HTTPException, status, Query, UploadFile
 from fastapi.security import OAuth2PasswordRequestForm
 from pydantic.schema import timedelta
-from sqlalchemy.orm import Session
+from sqlalchemy.ext.asyncio import AsyncSession
+from starlette.requests import Request
 
 from config import Config
 from sql import crud
 from sql.database import get_session
+from .adminapi import get_is_Allow_register, limiter
 from .token import authenticate_user, create_access_token, get_current_user
-from .verifyModel import UserCreate, RegisterSuccess, UserOut, Token, TokenData, Userbase, UpdateSuccess, PubUserInfo
+from .verifyModel import UserCreate, RegisterSuccess, UserOut, Token, TokenData, Userbase, UpdateSuccess, PubUserInfo, \
+    UploadSuccess
 
 userapp = APIRouter()
 
 
 @userapp.post("/token", response_model=Token)
-async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(),
-                                 session: Session = Depends(get_session)):
+@limiter.limit(limit_value="5/minute")
+async def login_for_access_token(request: Request, form_data: OAuth2PasswordRequestForm = Depends(),
+                                 session: AsyncSession = Depends(get_session)):
     user = await authenticate_user(session=session, username=form_data.username, password=form_data.password)
     if not user:
         raise HTTPException(
@@ -31,16 +39,22 @@ async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(
 
 
 @userapp.post("/register", description='用户注册', response_model=RegisterSuccess)
-async def register(user_in: UserCreate, session: Session = Depends(get_session)):
-    await crud.create_user(session, user_in)
-    u = crud.findUser_by_name(session, user_in.username)
-    return RegisterSuccess.from_userOut(userout=u, detail="注册成功", )
+@limiter.limit(limit_value="5/minute")
+async def register(request: Request, user_in: UserCreate, session: AsyncSession = Depends(get_session)):
+    if get_is_Allow_register():
+        await crud.create_user(session, user_in)
+        u = await crud.findUser_by_name(session, user_in.username)
+        return RegisterSuccess.from_userOut(userout=u, detail="注册成功", )
+    else:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail='不允许注册')
 
 
 @userapp.get("/pubInfo", response_model=PubUserInfo)
+@limiter.limit(limit_value="10/minute")
 async def publish_user_info(
+        request: Request,
         username: str = Query(default=..., max_length=30),
-        session: Session = Depends(get_session)
+        session: AsyncSession = Depends(get_session)
 ):
     user = await crud.findPubUser_by_name(session, username)
     if user is not None:
@@ -50,7 +64,7 @@ async def publish_user_info(
 
 
 @userapp.get("/info", response_model=UserOut)
-async def userinfo(session: Session = Depends(get_session), current_user: TokenData = Depends(get_current_user)):
+async def userinfo(session: AsyncSession = Depends(get_session), current_user: TokenData = Depends(get_current_user)):
     user = await crud.findUser_by_name(session, current_user.username)
     if user is not None:
         return user
@@ -60,26 +74,57 @@ async def userinfo(session: Session = Depends(get_session), current_user: TokenD
 
 @userapp.put("/update_username", response_model=UpdateSuccess)
 async def update_username(old_password: str, username_new: str,
-                          session: Session = Depends(get_session),
+                          session: AsyncSession = Depends(get_session),
                           current_user: TokenData = Depends(get_current_user)):
-    r = await crud.change_user_name(session,
-                                    user_old=Userbase(username=current_user.username, password=old_password),
-                                    username_new=username_new)
+    try:
+        user_old = Userbase(username=current_user.username, password=old_password)
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_406_NOT_ACCEPTABLE, detail=str(e))
+    r = await crud.change_user_name(session, user_old=user_old, username_new=username_new)
     return r
 
 
 @userapp.put("/update_password", response_model=UpdateSuccess)
 async def update_password(old_password: str, password_new: str,
-                          session: Session = Depends(get_session),
+                          session: AsyncSession = Depends(get_session),
                           current_user: TokenData = Depends(get_current_user)):
-    r = await crud.change_user_passwd(session,
-                                      user_old=Userbase(username=current_user.username, password=old_password),
-                                      password_new=password_new)
+    try:
+        user_old = Userbase(username=current_user.username, password=old_password)
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_406_NOT_ACCEPTABLE, detail=str(e))
+    r = await crud.change_user_passwd(session, user_old=user_old, password_new=password_new)
     return r
 
 
-@userapp.put("/update_avatar", response_model=UpdateSuccess)
-async def update_username(avatar_new: str, session: Session = Depends(get_session),
+@userapp.put("/update_avatar", response_model=UploadSuccess)
+@limiter.limit(limit_value="5/minute")
+async def update_username(request: Request, avatar_new: UploadFile, session: AsyncSession = Depends(get_session),
                           current_user: TokenData = Depends(get_current_user)):
-    r = await crud.change_user_avatar(session, username=current_user.username, new_avatar=avatar_new)
+    fileinfo = await upload(avatar_new)
+    r = await crud.change_user_avatar(session, username=current_user.username, fileinfo=fileinfo)
     return r
+
+
+@userapp.post("/upload_file/", response_model=UploadSuccess, dependencies=[Depends(get_current_user)])
+@limiter.limit(limit_value="5/minute")
+async def create_upload_file(request: Request, file: UploadFile):
+    return await upload(file)
+
+
+async def upload(file: UploadFile):
+    ext = os.path.splitext(file.filename)[1]
+    if ext not in {".jpg", ".jpeg", ".png", ".gif"}:
+        raise HTTPException(status_code=400, detail="Invalid file extension.")
+
+    data = await file.read()
+    if len(data) > Config['MAX_FILE_SIZE_MB'] * 1048576:
+        raise HTTPException(status_code=400, detail=f"File size = {round(len(data) / 1048576, 2)}MB exceeds the limit.")
+
+    md5 = hashlib.md5(data).hexdigest()
+    filename = f"{md5}{ext}"
+    file_path = os.path.join(os.path.dirname(__file__), "..", "uploads", filename)
+    if os.path.exists(file_path):
+        return UploadSuccess(filename=filename, content_type=file.content_type, detail="文件已存在")
+    async with aiofiles.open(file_path, "wb") as buffer:
+        await buffer.write(data)
+    return UploadSuccess(filename=filename + ext, content_type=file.content_type, detail="上传成功")

api/verifyModel.py

@@ -1,5 +1,5 @@
 from datetime import datetime
-from typing import Optional
+from typing import Optional, Type
 
 from pydantic import BaseModel, Field
 
@@ -47,7 +47,7 @@ def from_userOut(cls, userout: UserOut, detail: str):
 
 class UpdateSuccess(RegisterSuccess):
     @classmethod
-    def from_User(cls, user: User, detail: str):
+    def from_User(cls, user: Type[User], detail: str):
         return cls(
             detail=detail, data=UserOut(
                 id=user.id,
@@ -75,3 +75,10 @@ class TokenData(BaseModel):
 class AdminTokenData(BaseModel):
     username: str
     id: int
+
+
+class UploadSuccess(BaseModel):
+    filename: str
+    content_type: str
+    detail: str
+

app.py

@@ -1,23 +1,43 @@
 import uvicorn
 from fastapi import FastAPI
+from uvicorn.config import LOGGING_CONFIG
+
 from api.adminapi import adminapp
 from api.postapi import postapp
 from api.userapi import userapp
 from config import Config
+from config.log_config import my_LOGGING_CONFIG
 
 app = FastAPI(
     title='api docs',
     version='1.0',
     description='接口文档'
 )
 
+
+@app.on_event("startup")
+async def startup():
+    ...
+
+
+@app.on_event("shutdown")
+async def shutdown():
+    ...
+
+
 app.include_router(userapp, prefix='/api/user', tags=['用户'])
 app.include_router(adminapp, prefix='/api/admin', tags=['管理员'])
 app.include_router(postapp, prefix='/api/post', tags=['post'])
 
+log_cfg = my_LOGGING_CONFIG if Config['Development'] else LOGGING_CONFIG
+
+
 if __name__ == '__main__':
-    c = Config["fastapi"]
+    c = Config["uvicorn"]
     uvicorn.run(app='app:app',
                 host=c["host"],
                 port=c["port"],
-                reload=c["reload"])
+                reload=Config['Development'],
+                workers=c['workers'],
+                log_config=log_cfg,
+                )

config.yaml

@@ -1,27 +1,30 @@
-# token密钥
-SECRET_KEY: "b7a9563b93f709f4caa6cf63be75e094faa9d288e8d36ca259f6f056c818166"
-ALGORITHM: "HS256"
-# token过期时间
-ACCESS_TOKEN_EXPIRE_MINUTES: 1440
-
-# 默认管理员
-Default_Administrator: 'admin'
-# 默认密码
-Default_Passwd: 'nHYjlSm773RlLq'
+# 开发模式输出更多信息
+Development: true
 # mysql数据库信息
 databases:
     host: 127.0.0.1
     username: root
     password: 123456
     port: 3306
     dbname: blog
-    echo: true
 
 # fastapi
-fastapi:
+uvicorn:
     host: 127.0.0.1
     port: 8000
-    reload: true
+    # 使用多个工作进程
+    workers: 1
 
+# token密钥
+SECRET_KEY: "b7a9563b93f709f4caa6cf63be75e094faa9d288e8d36ca259f6f056c818166"
+ALGORITHM: "HS256"
+# token过期时间
+ACCESS_TOKEN_EXPIRE_MINUTES: 1440
 
+# 默认管理员
+Default_Administrator: 'admin'
+# 默认密码
+Default_Passwd: 'nHYjlSm773RlLq'
 
+# 文件上传大小限制
+MAX_FILE_SIZE_MB: 5

config/__init__.py

@@ -1,8 +1,16 @@
+import logging
 import os
 import yaml
 
 with open(os.path.join(os.path.dirname(__file__), '..', 'config.yaml'), 'r', encoding='utf8') as f:
     Config = yaml.safe_load(f)
 
+if Config['Development'] is False:
+    logging.basicConfig()
+    handler = logging.FileHandler('./log/sqlalchemy.log')
+    handler.setLevel(logging.INFO)
+    handler.setFormatter(logging.Formatter('%(levelname)s [%(asctime)s] - %(name)s - %(message)s'))
+    logging.getLogger('sqlalchemy.engine').addHandler(handler)
+
 if __name__ == '__main__':
     print(Config)

config/log_config.py

@@ -0,0 +1,33 @@
+my_LOGGING_CONFIG = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "default": {
+            "()": "uvicorn.logging.DefaultFormatter",
+            "fmt": "%(levelprefix)s [%(asctime)s] %(message)s",
+            "use_colors": None,
+        },
+        "access": {
+            "()": "uvicorn.logging.AccessFormatter",
+            "fmt": '%(levelprefix)s [%(asctime)s] %(client_addr)s - "%(request_line)s" %(status_code)s',
+        },
+    },
+    "handlers": {
+        "default": {
+            "formatter": "default",
+            "class": "logging.handlers.TimedRotatingFileHandler",
+            "filename": "./log/uvicorn.log"
+        },
+        "access": {
+            "formatter": "access",
+            "class": "logging.handlers.TimedRotatingFileHandler",
+            "filename": "./log/uvicorn.log"
+
+        },
+    },
+    "loggers": {
+        "": {"handlers": ["default"], "level": "INFO"},
+        "uvicorn.error": {"level": "INFO"},
+        "uvicorn.access": {"handlers": ["access"], "level": "INFO", "propagate": False},
+    },
+}