修复数据清洗index越界错误;重命名压力流量清洗方法
This commit is contained in:
@@ -3,35 +3,39 @@
|
||||
|
||||
记录系统关键操作,用于安全审计和合规追踪
|
||||
"""
|
||||
|
||||
from typing import Optional
|
||||
from datetime import datetime
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class AuditAction:
|
||||
"""审计操作类型常量"""
|
||||
|
||||
# 认证相关
|
||||
LOGIN = "LOGIN"
|
||||
LOGOUT = "LOGOUT"
|
||||
REGISTER = "REGISTER"
|
||||
PASSWORD_CHANGE = "PASSWORD_CHANGE"
|
||||
|
||||
|
||||
# 数据操作
|
||||
CREATE = "CREATE"
|
||||
READ = "READ"
|
||||
UPDATE = "UPDATE"
|
||||
DELETE = "DELETE"
|
||||
|
||||
|
||||
# 权限相关
|
||||
PERMISSION_CHANGE = "PERMISSION_CHANGE"
|
||||
ROLE_CHANGE = "ROLE_CHANGE"
|
||||
|
||||
|
||||
# 系统操作
|
||||
CONFIG_CHANGE = "CONFIG_CHANGE"
|
||||
SYSTEM_START = "SYSTEM_START"
|
||||
SYSTEM_STOP = "SYSTEM_STOP"
|
||||
|
||||
|
||||
async def log_audit_event(
|
||||
action: str,
|
||||
user_id: Optional[int] = None,
|
||||
@@ -45,11 +49,11 @@ async def log_audit_event(
|
||||
request_data: Optional[dict] = None,
|
||||
response_status: Optional[int] = None,
|
||||
error_message: Optional[str] = None,
|
||||
db = None # 新增:可选的数据库实例
|
||||
db=None, # 新增:可选的数据库实例
|
||||
):
|
||||
"""
|
||||
记录审计日志
|
||||
|
||||
|
||||
Args:
|
||||
action: 操作类型
|
||||
user_id: 用户ID
|
||||
@@ -66,20 +70,31 @@ async def log_audit_event(
|
||||
db: 数据库实例(可选,如果不提供则尝试获取)
|
||||
"""
|
||||
from app.infra.repositories.audit_repository import AuditRepository
|
||||
|
||||
|
||||
try:
|
||||
# 脱敏敏感数据
|
||||
if request_data:
|
||||
request_data = sanitize_sensitive_data(request_data)
|
||||
|
||||
# 如果没有提供数据库实例,尝试获取(这在中间件中可能不可用)
|
||||
|
||||
# 如果没有提供数据库实例,尝试从全局获取
|
||||
if db is None:
|
||||
try:
|
||||
from app.infra.db.postgresql.database import db as default_db
|
||||
|
||||
# 仅当连接池已初始化时使用
|
||||
if default_db.pool:
|
||||
db = default_db
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
# 如果仍然没有数据库实例
|
||||
if db is None:
|
||||
# 在某些上下文中可能无法获取,此时静默失败
|
||||
logger.warning("No database instance provided for audit logging")
|
||||
return
|
||||
|
||||
|
||||
audit_repo = AuditRepository(db)
|
||||
|
||||
|
||||
await audit_repo.create_log(
|
||||
user_id=user_id,
|
||||
username=username,
|
||||
@@ -92,40 +107,48 @@ async def log_audit_event(
|
||||
request_path=request_path,
|
||||
request_data=request_data,
|
||||
response_status=response_status,
|
||||
error_message=error_message
|
||||
error_message=error_message,
|
||||
)
|
||||
|
||||
|
||||
logger.info(
|
||||
f"Audit log created: action={action}, user={username or user_id}, "
|
||||
f"resource={resource_type}:{resource_id}"
|
||||
)
|
||||
|
||||
|
||||
except Exception as e:
|
||||
# 审计日志失败不应影响业务流程
|
||||
logger.error(f"Failed to create audit log: {e}", exc_info=True)
|
||||
|
||||
|
||||
def sanitize_sensitive_data(data: dict) -> dict:
|
||||
"""
|
||||
脱敏敏感数据
|
||||
|
||||
|
||||
Args:
|
||||
data: 原始数据
|
||||
|
||||
|
||||
Returns:
|
||||
脱敏后的数据
|
||||
"""
|
||||
sensitive_fields = [
|
||||
'password', 'passwd', 'pwd',
|
||||
'secret', 'token', 'api_key', 'apikey',
|
||||
'credit_card', 'ssn', 'social_security'
|
||||
"password",
|
||||
"passwd",
|
||||
"pwd",
|
||||
"secret",
|
||||
"token",
|
||||
"api_key",
|
||||
"apikey",
|
||||
"credit_card",
|
||||
"ssn",
|
||||
"social_security",
|
||||
]
|
||||
|
||||
|
||||
sanitized = data.copy()
|
||||
|
||||
|
||||
for key in sanitized:
|
||||
if isinstance(sanitized[key], dict):
|
||||
sanitized[key] = sanitize_sensitive_data(sanitized[key])
|
||||
elif any(sensitive in key.lower() for sensitive in sensitive_fields):
|
||||
sanitized[key] = "***REDACTED***"
|
||||
|
||||
|
||||
return sanitized
|
||||
|
||||
@@ -1,18 +1,21 @@
|
||||
from pydantic_settings import BaseSettings
|
||||
|
||||
|
||||
class Settings(BaseSettings):
|
||||
PROJECT_NAME: str = "TJWater Server"
|
||||
API_V1_STR: str = "/api/v1"
|
||||
|
||||
|
||||
# JWT 配置
|
||||
SECRET_KEY: str = "your-secret-key-here-change-in-production-use-openssl-rand-hex-32"
|
||||
SECRET_KEY: str = (
|
||||
"your-secret-key-here-change-in-production-use-openssl-rand-hex-32"
|
||||
)
|
||||
ALGORITHM: str = "HS256"
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
|
||||
REFRESH_TOKEN_EXPIRE_DAYS: int = 7
|
||||
|
||||
|
||||
# 数据加密密钥 (使用 Fernet)
|
||||
ENCRYPTION_KEY: str = "" # 必须从环境变量设置
|
||||
|
||||
|
||||
# Database Config (PostgreSQL)
|
||||
DB_NAME: str = "tjwater"
|
||||
DB_HOST: str = "localhost"
|
||||
@@ -20,6 +23,12 @@ class Settings(BaseSettings):
|
||||
DB_USER: str = "postgres"
|
||||
DB_PASSWORD: str = "password"
|
||||
|
||||
# Database Config (TimescaleDB)
|
||||
TIMESCALEDB_DB_NAME: str = "tjwater"
|
||||
TIMESCALEDB_DB_HOST: str = "localhost"
|
||||
TIMESCALEDB_DB_PORT: str = "5433"
|
||||
TIMESCALEDB_DB_USER: str = "postgres"
|
||||
TIMESCALEDB_DB_PASSWORD: str = "password"
|
||||
# InfluxDB
|
||||
INFLUXDB_URL: str = "http://localhost:8086"
|
||||
INFLUXDB_TOKEN: str = "token"
|
||||
@@ -29,9 +38,10 @@ class Settings(BaseSettings):
|
||||
@property
|
||||
def SQLALCHEMY_DATABASE_URI(self) -> str:
|
||||
return f"postgresql://{self.DB_USER}:{self.DB_PASSWORD}@{self.DB_HOST}:{self.DB_PORT}/{self.DB_NAME}"
|
||||
|
||||
|
||||
class Config:
|
||||
env_file = ".env"
|
||||
extra = "ignore"
|
||||
|
||||
|
||||
settings = Settings()
|
||||
|
||||
Reference in New Issue
Block a user