更新加密器以支持从环境变量或配置读取密钥

2026-02-24 17:03:25 +08:00
parent 0d3e6ca4fa
commit 0bc4058f23
2 changed files with 15 additions and 3 deletions
--- a/.env.local
+++ b/.env.local
@@ -1,6 +1,7 @@
 NETWORK_NAME="tjwater"
 KEYCLOAK_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBjdgjImuFfKsZ+FWFlsZSG0Kftduc2o0qA/warFezaYmi8+7fiuuhLErLUbjGPSEU3WpsVxPe5PIs+AJJn/z9uBXXXo/pYggHvp48hlwr6MIYX5xtby7MLM/bHL2ACN4m7FNs/Gilkkbt4515sMFUiwJzd6Wj6FvQdGDDGx/7bVGgiVQRJvrrMZN5zD4i8cFiTQIcGKbURJjre/zWWiA+7gEwArp9ujjBuaINooiQLQM39C9Z5QJcp5nhaztOBiJJgiJOHi5MLpIhI1p1ViVBXKXRMuPhtTXLAz+r/sC44XZS/6V8uUPuLNin9o0jHk/CqJ3GkK3xJBQoWgplkwuQIDAQAB\n-----END PUBLIC KEY-----"
-KEYCLOAK_ALGORITHM=RS256
+KEYCLOAK_ALGORITHM="RS256"
+KEYCLOAK_AUDIENCE="account"

 DB_NAME="tjwater"
 DB_HOST="192.168.1.114"
@@ -13,3 +14,9 @@ TIMESCALEDB_DB_HOST="192.168.1.114"
 TIMESCALEDB_DB_PORT="5433"
 TIMESCALEDB_DB_USER="tjwater"
 TIMESCALEDB_DB_PASSWORD="Tjwater@123456"
+
+METADATA_DB_NAME="system_hub"
+METADATA_DB_HOST="192.168.1.114"
+METADATA_DB_PORT="5432"
+METADATA_DB_USER="tjwater"
+METADATA_DB_PASSWORD="Tjwater@123456"
--- a/app/core/encryption.py
+++ b/app/core/encryption.py
@@ -3,6 +3,8 @@ from typing import Optional
 import base64
 import os

+from app.core.config import settings
+
 class Encryptor:
    """
    使用 Fernet (对称加密) 实现数据加密/解密
@@ -17,10 +19,10 @@ class Encryptor:
            key: 加密密钥，如果为 None 则从环境变量读取
        """
        if key is None:
-            key_str = os.getenv("ENCRYPTION_KEY")
+            key_str = os.getenv("ENCRYPTION_KEY") or settings.ENCRYPTION_KEY
            if not key_str:
                raise ValueError(
-                    "ENCRYPTION_KEY not found in environment variables. "
+                    "ENCRYPTION_KEY not found in environment variables or .env. "
                    "Generate one using: Encryptor.generate_key()"
                )
            key = key_str.encode()
@@ -73,6 +75,9 @@ class Encryptor:
 # 全局加密器实例（懒加载）
 _encryptor: Optional[Encryptor] = None

+def is_encryption_configured() -> bool:
+    return bool(os.getenv("ENCRYPTION_KEY") or settings.ENCRYPTION_KEY)
+
 def get_encryptor() -> Encryptor:
    """获取全局加密器实例"""
    global _encryptor