实现数据库的连接串加密

2026-02-25 16:36:53 +08:00
parent 0bc4058f23
commit 52ccb8abf1
6 changed files with 75 additions and 31 deletions
--- a/app/auth/project_dependencies.py
+++ b/app/auth/project_dependencies.py
@@ -68,9 +68,7 @@ async def get_project_context(
                status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user"
            )

-        membership_role = await metadata_repo.get_membership_role(
-            project_uuid, user.id
-        )
+        membership_role = await metadata_repo.get_membership_role(project_uuid, user.id)
        if not membership_role:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN, detail="No access to project"
@@ -102,12 +100,12 @@ async def get_project_pg_session(
        )
    except ValueError as exc:
        logger.error(
-            "Missing ENCRYPTION_KEY while resolving project PostgreSQL routing",
+            "Invalid project PostgreSQL routing DSN configuration",
            exc_info=True,
        )
        raise HTTPException(
            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
-            detail="ENCRYPTION_KEY is not configured for project PostgreSQL access",
+            detail=f"Project PostgreSQL routing DSN is invalid: {exc}",
        ) from exc
    if not routing:
        raise HTTPException(
@@ -143,12 +141,12 @@ async def get_project_pg_connection(
        )
    except ValueError as exc:
        logger.error(
-            "Missing ENCRYPTION_KEY while resolving project PostgreSQL routing",
+            "Invalid project PostgreSQL routing DSN configuration",
            exc_info=True,
        )
        raise HTTPException(
            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
-            detail="ENCRYPTION_KEY is not configured for project PostgreSQL access",
+            detail=f"Project PostgreSQL routing DSN is invalid: {exc}",
        ) from exc
    if not routing:
        raise HTTPException(
@@ -184,12 +182,12 @@ async def get_project_timescale_connection(
        )
    except ValueError as exc:
        logger.error(
-            "Missing ENCRYPTION_KEY while resolving project TimescaleDB routing",
+            "Invalid project TimescaleDB routing DSN configuration",
            exc_info=True,
        )
        raise HTTPException(
            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
-            detail="ENCRYPTION_KEY is not configured for project TimescaleDB access",
+            detail=f"Project TimescaleDB routing DSN is invalid: {exc}",
        ) from exc
    if not routing:
        raise HTTPException(