OrgTJWater/TJWaterServerBinary
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: OrgTJWater:9d7a9fb2fdb6d0e48d44128b31070e572df23fa6
Branches Tags
OrgTJWater:refactor/app-structure
..
compare: OrgTJWater:refactor/app-structure
Branches Tags
OrgTJWater:refactor/app-structure

40 Commits
9d7a9fb2fd ... refactor/a

Author SHA1 Message Date
Jiang
80b6970970 添加数据库加密处理的单元测试 2026-02-25 16:54:14 +08:00
Jiang
364a8c8ec2 添加加密字符串脚本以支持文本加密功能 2026-02-25 16:54:09 +08:00
Jiang
52ccb8abf1 实现数据库的连接串加密 2026-02-25 16:36:53 +08:00
Jiang
0bc4058f23 更新加密器以支持从环境变量或配置读取密钥 2026-02-24 17:03:25 +08:00
Jiang
0d3e6ca4fa 重构中间件配置顺序并添加数据库连接日志 2026-02-24 17:03:06 +08:00
Jiang
6fc3aa5209 添加日志记录和异常处理以增强错误管理 2026-02-24 17:02:56 +08:00
Jiang
1b1b0a3697 添加 row_factory 参数以支持字典行返回 2026-02-24 17:02:48 +08:00
Jiang
2826999ddc 修复数据库连接URL中密码包含"@"的问题 2026-02-24 17:01:39 +08:00
Jiang
efc05f7278 新增KEYCLOAK_AUDIENCE,解决前后端认证失败的问题 2026-02-24 15:15:13 +08:00
Jiang
29209f5c63 更新gitignore 2026-02-24 10:46:33 +08:00
Jiang
020432ad0e 取消AUTH_DISABLED参数 2026-02-24 10:45:53 +08:00
Jiang
780a48d927 重构数据库连接管理,添加元数据支持 2026-02-11 18:57:47 +08:00
Jiang
ff2011ae24 更新 agent instructions 2026-02-11 11:00:55 +08:00
Jiang
f5069a5606 统一连接到新的数据库到openproject api 下 2026-02-11 11:00:44 +08:00
Jiang
eb45e4aaa5 调整代码,支持项目切换,打开不同数据库的连接 2026-02-11 10:42:40 +08:00
Jiang
a472639b8a 新增Dockerfile;修改simulations中部分参数格式判断 2026-02-10 15:25:03 +08:00
Jiang
a0987105dc 调整环境变量配置,便于docker打包 2026-02-09 15:31:21 +08:00
Jiang
a41be9c362 为 emitter_demand 添加新的 pattern,使用新的 pattern 模拟管道冲洗 2026-02-06 18:24:15 +08:00
Jiang
63b31b46b9 修复管道清洗算法流量单位取值bug 2026-02-06 17:46:56 +08:00
Jiang
e4f864a28c 更新爆管分析接受参数格式 2026-02-06 16:59:46 +08:00
Jiang
dc38313cdc 修复scheme计算属性无法显示的问题 2026-02-06 11:32:47 +08:00
Jiang
f19962510a 为flushing_analysis新增scheme_name参数 2026-02-05 16:13:41 +08:00
Jiang
6434cae21c 统一scheme_type命名 2026-02-05 15:39:56 +08:00
Jiang
a85ff8e215 copilot项目描述文件 2026-02-05 10:47:54 +08:00
Jiang
2794114000 统一scheme_name命名规则 2026-02-05 10:47:38 +08:00
Jiang
4c208abe55 优化关阀分析算法,实现网络拓扑缓存,增量图处理 2026-02-05 10:46:46 +08:00
Jiang
e893c7db5f 调整geoserver依赖 2026-02-03 16:47:48 +08:00
Jiang
f2776ef0bf 更新设置,支持数据库发布订阅同步功能 2026-02-03 16:42:18 +08:00
Jiang
870c9433d6 调整关阀分析算法 2026-02-03 11:53:16 +08:00
Jiang
6fe01aa248 调整关阀分析算法输出结果 2026-02-03 10:57:36 +08:00
Jiang
0755b1a61c 修改关阀分析算法,支持多管段分析 2026-02-02 18:03:44 +08:00
Jiang
9be2028e4c 修复数据清洗时间轴填补后的对齐问题 2026-02-02 15:16:23 +08:00
Jiang
3c7e2c5806 修复数据清洗index越界错误;重命名压力流量清洗方法 2026-02-02 14:15:54 +08:00
Jiang
c3c26fb107 更新 requirements.txt 2026-02-02 11:50:34 +08:00
Jiang
e4c8b03277 更新env.example 2026-02-02 11:47:49 +08:00
Jiang
35abaa1ebb 测试并修复api导入路径错误 2026-02-02 11:09:43 +08:00
Jiang
807e634318 初步实现数据加密、权限管理、日志审计等功能 2026-02-02 10:09:28 +08:00
Jiang
b6b37a453b 调整后端测试框架结构 2026-01-30 18:31:35 +08:00
Jiang
e3141ee250 SCADA 压力流量清洗模块新增数据填补 2026-01-30 18:05:45 +08:00
Jiang
9037bf317b 调整epanet工具目录结构;联通前端水质分析模块功能;新建 readme.md 2026-01-30 15:24:56 +08:00
79 changed files with 6178 additions and 555 deletions
Expand all files Collapse all files

79
.env.example Normal file
View File

@@ -0,0 +1,79 @@
# TJWater Server 环境变量配置模板
# 复制此文件为 .env 并填写实际值
NETWORK_NAME="szh"
# ============================================
# 安全配置 (必填)
# ============================================
# JWT 密钥 - 用于生成和验证 Token
# 生成方式: openssl rand -hex 32
SECRET_KEY=your-secret-key-here-change-in-production-use-openssl-rand-hex-32
# 数据加密密钥 - 用于敏感数据加密
# 生成方式: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
ENCRYPTION_KEY=
DATABASE_ENCRYPTION_KEY="rJC2VqLg4KrlSq+DGJcYm869q4v5KB2dFAeuQTe0I50="
# ============================================
# 数据库配置 (PostgreSQL)
# ============================================
DB_NAME="tjwater"
DB_HOST="localhost"
DB_PORT="5432"
DB_USER="postgres"
DB_PASSWORD="password"
# ============================================
# 数据库配置 (TimescaleDB)
# ============================================
TIMESCALEDB_DB_NAME="szh"
TIMESCALEDB_DB_HOST="localhost"
TIMESCALEDB_DB_PORT="5433"
TIMESCALEDB_DB_USER="tjwater"
TIMESCALEDB_DB_PASSWORD="Tjwater@123456"
# ============================================
# 元数据数据库配置 (Metadata DB)
# ============================================
METADATA_DB_NAME="system_hub"
METADATA_DB_HOST="localhost"
METADATA_DB_PORT="5432"
METADATA_DB_USER="tjwater"
METADATA_DB_PASSWORD="password"
# ============================================
# 项目连接缓存与连接池配置
# ============================================
PROJECT_PG_CACHE_SIZE=50
PROJECT_TS_CACHE_SIZE=50
PROJECT_PG_POOL_SIZE=5
PROJECT_PG_MAX_OVERFLOW=10
PROJECT_TS_POOL_MIN_SIZE=1
PROJECT_TS_POOL_MAX_SIZE=10
# ============================================
# InfluxDB 配置 (时序数据)
# ============================================
# INFLUXDB_URL=http://localhost:8086
# INFLUXDB_TOKEN=your-influxdb-token
# INFLUXDB_ORG=your-org
# INFLUXDB_BUCKET=tjwater
# ============================================
# JWT 配置 (可选)
# ============================================
# ACCESS_TOKEN_EXPIRE_MINUTES=30
# REFRESH_TOKEN_EXPIRE_DAYS=7
# ALGORITHM=HS256
# ============================================
# Keycloak JWT (可选)
# ============================================
# KEYCLOAK_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----"
# KEYCLOAK_ALGORITHM=RS256
# ============================================
# 其他配置
# ============================================
# PROJECT_NAME=TJWater Server
# API_V1_STR=/api/v1

23
.env.local Normal file
View File

@@ -0,0 +1,23 @@
NETWORK_NAME="tjwater"
KEYCLOAK_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBjdgjImuFfKsZ+FWFlsZSG0Kftduc2o0qA/warFezaYmi8+7fiuuhLErLUbjGPSEU3WpsVxPe5PIs+AJJn/z9uBXXXo/pYggHvp48hlwr6MIYX5xtby7MLM/bHL2ACN4m7FNs/Gilkkbt4515sMFUiwJzd6Wj6FvQdGDDGx/7bVGgiVQRJvrrMZN5zD4i8cFiTQIcGKbURJjre/zWWiA+7gEwArp9ujjBuaINooiQLQM39C9Z5QJcp5nhaztOBiJJgiJOHi5MLpIhI1p1ViVBXKXRMuPhtTXLAz+r/sC44XZS/6V8uUPuLNin9o0jHk/CqJ3GkK3xJBQoWgplkwuQIDAQAB\n-----END PUBLIC KEY-----"
KEYCLOAK_ALGORITHM="RS256"
KEYCLOAK_AUDIENCE="account"
DB_NAME="tjwater"
DB_HOST="192.168.1.114"
DB_PORT="5432"
DB_USER="tjwater"
DB_PASSWORD="Tjwater@123456"
TIMESCALEDB_DB_NAME="tjwater"
TIMESCALEDB_DB_HOST="192.168.1.114"
TIMESCALEDB_DB_PORT="5433"
TIMESCALEDB_DB_USER="tjwater"
TIMESCALEDB_DB_PASSWORD="Tjwater@123456"
METADATA_DB_NAME="system_hub"
METADATA_DB_HOST="192.168.1.114"
METADATA_DB_PORT="5432"
METADATA_DB_USER="tjwater"
METADATA_DB_PASSWORD="Tjwater@123456"
DATABASE_ENCRYPTION_KEY="rJC2VqLg4KrlSq+DGJcYm869q4v5KB2dFAeuQTe0I50="

198
.github/copilot-instructions.md vendored Normal file
View File

@@ -0,0 +1,198 @@
# TJWater Server - Copilot Instructions
This is a FastAPI-based water network management system (供水管网智能管理系统) that provides hydraulic simulation, SCADA data integration, network element management, and risk analysis capabilities.
## Running the Server
```bash
# Install dependencies
pip install -r requirements.txt
# Start the server (default: http://0.0.0.0:8000 with 2 workers)
python scripts/run_server.py
# Note: On Windows, the script automatically sets WindowsSelectorEventLoopPolicy
```
## Running Tests
```bash
# Run all tests
pytest
# Run a specific test file with verbose output
pytest tests/unit/test_pipeline_health_analyzer.py -v
# Run from conftest helper
python tests/conftest.py
```
## Architecture Overview
### Core Components
1. **Native Modules** (`app/native/`): Platform-specific compiled extensions (`.so` for Linux, `.pyd` for Windows) providing performance-critical functionality including:
- SCADA device integration
- Water distribution analysis (WDA)
- Pipe risk probability calculations
- Wrapped through `app.services.tjnetwork` interface
2. **Services Layer** (`app/services/`):
- `tjnetwork.py`: Main network API wrapper around native modules
- `simulation.py`: Hydraulic simulation orchestration (EPANET integration)
- `project_info.py`: Project configuration management
- `epanet/`: EPANET hydraulic engine integration
3. **API Layer** (`app/api/v1/`):
- **Network Elements**: Separate endpoint modules for junctions, reservoirs, tanks, pipes, pumps, valves
- **Components**: Curves, patterns, controls, options, quality, visuals
- **Network Features**: Tags, demands, geometry, regions/DMAs
- **Core Services**: Auth, project, simulation, SCADA, data query, snapshots
4. **Database Infrastructure** (`app/infra/db/`):
- **PostgreSQL**: Primary relational database (users, audit logs, project metadata)
- **TimescaleDB**: Time-series extension for historical data
- **InfluxDB**: Optional time-series database for high-frequency SCADA data
- Connection pools initialized in `main.py` lifespan context
- Database instance stored in `app.state.db` for dependency injection
5. **Domain Layer** (`app/domain/`):
- `models/`: Enums and domain objects (e.g., `UserRole`)
- `schemas/`: Pydantic models for request/response validation
6. **Algorithms** (`app/algorithms/`):
- `api_ex/`: Analysis algorithms (k-means sensor placement, sensitivity analysis, pipeline health)
- `data_cleaning.py`: Data preprocessing utilities
- `simulations.py`: Simulation helpers
### Security & Authentication
- **Authentication**: JWT-based with access tokens (30 min) and refresh tokens (7 days)
- **Authorization**: Role-based access control (RBAC) with 4 roles:
- `VIEWER`: Read-only access
- `USER`: Read-write access
- `OPERATOR`: Modify data
- `ADMIN`: Full permissions
- **Audit Logging**: `AuditMiddleware` automatically logs POST/PUT/DELETE requests
- **Encryption**: Fernet symmetric encryption for sensitive data (`app.core.encryption`)
Default admin accounts:
- `admin` / `admin123`
- `tjwater` / `tjwater@123`
### Key Files
- `app/main.py`: FastAPI app initialization, lifespan (DB pools), CORS, middleware, router mounting
- `app/api/v1/router.py`: Central router aggregating all endpoint modules
- `app/core/config.py`: Settings management using `pydantic-settings`
- `app/auth/dependencies.py`: Auth dependencies (`get_current_active_user`, `get_db`)
- `app/auth/permissions.py`: Permission decorators (`require_role`, `get_current_admin`)
- `.env`: Environment configuration (database credentials, JWT secret, encryption key)
## Important Conventions
### Database Connections
- Database instances are initialized in `main.py` lifespan and stored in `app.state.db`
- Access via dependency injection:
```python
from app.auth.dependencies import get_db
async def endpoint(db = Depends(get_db)):
# Use db connection
```
### Authentication in Endpoints
Use dependency injection for auth requirements:
```python
from app.auth.dependencies import get_current_active_user
from app.auth.permissions import require_role, get_current_admin
from app.domain.models.role import UserRole
# Require any authenticated user
@router.get("/data")
async def get_data(current_user = Depends(get_current_active_user)):
return data
# Require specific role (USER or higher)
@router.post("/data")
async def create_data(current_user = Depends(require_role(UserRole.USER))):
return result
# Admin-only access
@router.delete("/data/{id}")
async def delete_data(id: int, current_user = Depends(get_current_admin)):
return result
```
### API Routing Structure
- All v1 APIs are mounted under `/api/v1` prefix via `api_router`
- Legacy routes without version prefix are also mounted for backward compatibility
- Group related endpoints in separate router modules under `app/api/v1/endpoints/`
- Use descriptive tags in `router.py` for OpenAPI documentation grouping
### Native Module Integration
- Native modules are pre-compiled for specific platforms
- Always import through `app.native.api` or `app.services.tjnetwork`
- The `tjnetwork` service wraps native APIs with constants like:
- Element types: `JUNCTION`, `RESERVOIR`, `TANK`, `PIPE`, `PUMP`, `VALVE`
- Operations: `API_ADD`, `API_UPDATE`, `API_DELETE`
- `ChangeSet` for batch operations
### Project Initialization
- On startup, `main.py` automatically loads project from `project_info.name` if set
- Projects are opened via `open_project(name)` from `tjnetwork` service
### Audit Logging
Manual audit logging for critical operations:
```python
from app.core.audit import log_audit_event, AuditAction
await log_audit_event(
action=AuditAction.UPDATE,
user_id=current_user.id,
username=current_user.username,
resource_type="resource_name",
resource_id=str(resource_id),
ip_address=request.client.host,
request_data=data
)
```
### Environment Configuration
- Copy `.env.example` to `.env` before first run
- Required environment variables:
- `SECRET_KEY`: JWT signing (generate with `openssl rand -hex 32`)
- `ENCRYPTION_KEY`: Data encryption (generate with Fernet)
- Database credentials for PostgreSQL, TimescaleDB, and optionally InfluxDB
### Database Migrations
SQL migration scripts are in `migrations/`:
- `001_create_users_table.sql`: User authentication tables
- `002_create_audit_logs_table.sql`: Audit logging tables
Apply with:
```bash
psql -U postgres -d tjwater -f migrations/001_create_users_table.sql
```
## API Documentation
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
- OpenAPI schema: http://localhost:8000/openapi.json
## Additional Resources
- `SECURITY_README.md`: Comprehensive security feature documentation
- `DEPLOYMENT.md`: Integration guide for security features
- `readme.md`: Project overview and directory structure (in Chinese)

1
.gitignore vendored
View File

@@ -6,3 +6,4 @@ build/
.env
*.dump
app/algorithms/api_ex/model/my_survival_forest_model_quxi.joblib
.vscode/

391
DEPLOYMENT.md Normal file
View File

@@ -0,0 +1,391 @@
# 部署和集成指南
本文档说明如何将新的安全功能集成到现有系统中。
## 📦 已完成的功能
### 1. 数据加密模块
-`app/core/encryption.py` - Fernet 对称加密实现
- ✅ 支持敏感数据加密/解密
- ✅ 密钥管理和生成工具
### 2. 用户认证系统
-`app/domain/models/role.py` - 用户角色枚举 (ADMIN/OPERATOR/USER/VIEWER)
-`app/domain/schemas/user.py` - 用户数据模型和验证
-`app/infra/repositories/user_repository.py` - 用户数据访问层
-`app/api/v1/endpoints/auth.py` - 注册/登录/刷新Token接口
-`app/auth/dependencies.py` - 认证依赖项
-`migrations/001_create_users_table.sql` - 用户表迁移脚本
### 3. 权限控制系统
-`app/auth/permissions.py` - RBAC 权限控制装饰器
-`app/api/v1/endpoints/user_management.py` - 用户管理接口示例
- ✅ 支持基于角色的访问控制
- ✅ 支持资源所有者检查
### 4. 审计日志系统
-`app/core/audit.py` - 审计日志核心功能
-`app/domain/schemas/audit.py` - 审计日志数据模型
-`app/infra/repositories/audit_repository.py` - 审计日志数据访问层
-`app/api/v1/endpoints/audit.py` - 审计日志查询接口
-`app/infra/audit/middleware.py` - 自动审计中间件
-`migrations/002_create_audit_logs_table.sql` - 审计日志表迁移脚本
### 5. 文档和测试
-`SECURITY_README.md` - 完整的使用文档
-`.env.example` - 环境变量配置模板
-`tests/test_encryption.py` - 加密功能测试
---
## 🔧 集成步骤
### 步骤 1: 环境配置
1. 复制环境变量模板:
```bash
cp .env.example .env
```
2. 生成密钥并填写 `.env`
```bash
# JWT 密钥
openssl rand -hex 32
# 加密密钥
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
```
3. 编辑 `.env` 填写所有必需的配置项。
### 步骤 2: 数据库迁移
执行数据库迁移脚本:
```bash
# 方法 1: 使用 psql 命令
psql -U postgres -d tjwater -f migrations/001_create_users_table.sql
psql -U postgres -d tjwater -f migrations/002_create_audit_logs_table.sql
# 方法 2: 在 psql 交互界面
psql -U postgres -d tjwater
\i migrations/001_create_users_table.sql
\i migrations/002_create_audit_logs_table.sql
```
验证表已创建:
```sql
-- 检查用户表
SELECT * FROM users;
-- 检查审计日志表
SELECT * FROM audit_logs;
```
### 步骤 3: 更新 main.py
`app/main.py` 中集成新功能:
```python
from fastapi import FastAPI
from app.core.config import settings
from app.infra.audit.middleware import AuditMiddleware
app = FastAPI(title=settings.PROJECT_NAME)
# 1. 添加审计中间件(可选)
app.add_middleware(AuditMiddleware)
# 2. 注册路由
from app.api.v1.endpoints import auth, user_management, audit
app.include_router(
auth.router,
prefix=f"{settings.API_V1_STR}/auth",
tags=["认证"]
)
app.include_router(
user_management.router,
prefix=f"{settings.API_V1_STR}/users",
tags=["用户管理"]
)
app.include_router(
audit.router,
prefix=f"{settings.API_V1_STR}/audit",
tags=["审计日志"]
)
# 3. 确保数据库在启动时初始化
@app.on_event("startup")
async def startup_event():
# 初始化数据库连接池
from app.infra.db.postgresql.database import Database
global db
db = Database()
db.init_pool()
await db.open()
@app.on_event("shutdown")
async def shutdown_event():
# 关闭数据库连接
await db.close()
```
### 步骤 4: 保护现有接口
#### 方法 1: 为路由添加全局依赖
```python
from app.auth.dependencies import get_current_active_user
# 为整个路由器添加认证
router = APIRouter(dependencies=[Depends(get_current_active_user)])
```
#### 方法 2: 为单个端点添加依赖
```python
from app.auth.permissions import require_role, get_current_admin
from app.domain.models.role import UserRole
@router.get("/data")
async def get_data(
current_user = Depends(require_role(UserRole.USER))
):
"""需要 USER 及以上角色"""
return {"data": "protected"}
@router.delete("/data/{id}")
async def delete_data(
id: int,
current_user = Depends(get_current_admin)
):
"""仅管理员可访问"""
return {"message": "deleted"}
```
### 步骤 5: 添加审计日志
#### 自动审计(推荐)
使用中间件自动记录(已在 main.py 中添加):
```python
app.add_middleware(AuditMiddleware)
```
#### 手动审计
在关键业务逻辑中手动记录:
```python
from app.core.audit import log_audit_event, AuditAction
@router.post("/important-action")
async def important_action(
data: dict,
request: Request,
current_user = Depends(get_current_active_user)
):
# 执行业务逻辑
result = do_something(data)
# 记录审计日志
await log_audit_event(
action=AuditAction.UPDATE,
user_id=current_user.id,
username=current_user.username,
resource_type="important_resource",
resource_id=str(result.id),
ip_address=request.client.host,
request_data=data
)
return result
```
### 步骤 6: 更新 auth/dependencies.py
确保 `get_db()` 函数正确获取数据库实例:
```python
async def get_db() -> Database:
"""获取数据库实例"""
# 方法 1: 从 main.py 导入
from app.main import db
return db
# 方法 2: 从 FastAPI app.state 获取
# from fastapi import Request
# def get_db_from_request(request: Request):
# return request.app.state.db
```
---
## 🧪 测试
### 1. 测试加密功能
```bash
python tests/test_encryption.py
```
### 2. 测试 API
启动服务器:
```bash
uvicorn app.main:app --reload
```
访问交互式文档:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
### 3. 测试登录
```bash
curl -X POST "http://localhost:8000/api/v1/auth/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin&password=admin123"
```
### 4. 测试受保护接口
```bash
TOKEN="your-access-token"
curl -X GET "http://localhost:8000/api/v1/auth/me" \
-H "Authorization: Bearer $TOKEN"
```
---
## 🔄 迁移现有接口
### 原有硬编码认证
**旧代码** (`app/api/v1/endpoints/auth.py`):
```python
AUTH_TOKEN = "567e33c876a2"
async def verify_token(authorization: str = Header()):
token = authorization.split(" ")[1]
if token != AUTH_TOKEN:
raise HTTPException(status_code=403)
```
**新代码** (已更新):
```python
from app.auth.dependencies import get_current_active_user
@router.get("/protected")
async def protected_route(
current_user = Depends(get_current_active_user)
):
return {"user": current_user.username}
```
### 更新其他端点
搜索项目中使用旧认证的地方:
```bash
grep -r "AUTH_TOKEN" app/
grep -r "verify_token" app/
```
替换为新的依赖注入系统。
---
## 📋 检查清单
部署前检查:
- [ ] 环境变量已配置(`.env`
- [ ] 数据库迁移已执行
- [ ] 默认管理员账号可登录
- [ ] JWT Token 可正常生成和验证
- [ ] 权限控制正常工作
- [ ] 审计日志正常记录
- [ ] 加密功能测试通过
- [ ] API 文档可访问
---
## ⚠️ 注意事项
### 1. 向后兼容性
保留了简化版登录接口 `/auth/login/simple` 以兼容旧客户端:
```python
@router.post("/login/simple")
async def login_simple(username: str, password: str):
# 验证并返回 Token
...
```
### 2. 数据库连接
确保在 `app/auth/dependencies.py``get_db()` 函数能正确获取数据库实例。
### 3. 密钥安全
- ❌ 不要提交 `.env` 文件到版本控制
- ✅ 在生产环境使用环境变量或密钥管理服务
- ✅ 定期轮换 JWT 密钥
### 4. 性能考虑
- 审计中间件会增加每个请求的处理时间(约 5-10ms
- 对高频接口可考虑异步记录审计日志
- 定期清理或归档旧的审计日志
---
## 🐛 故障排查
### 问题 1: 导入错误
```
ImportError: cannot import name 'db' from 'app.main'
```
**解决**: 确保在 `app/main.py` 中定义了全局 `db` 对象。
### 问题 2: 认证失败
```
401 Unauthorized: Could not validate credentials
```
**检查**:
1. Token 是否正确设置在 `Authorization: Bearer {token}` header
2. Token 是否过期
3. SECRET_KEY 是否配置正确
### 问题 3: 数据库连接失败
```
psycopg.OperationalError: connection failed
```
**检查**:
1. PostgreSQL 是否运行
2. `.env` 中数据库配置是否正确
3. 数据库是否存在
---
## 📞 技术支持
详细文档请参考:
- `SECURITY_README.md` - 安全功能使用指南
- `migrations/` - 数据库迁移脚本
- `app/domain/schemas/` - 数据模型定义

24
Dockerfile Normal file
View File

@@ -0,0 +1,24 @@
FROM continuumio/miniconda3:latest
WORKDIR /app
# 安装 Python 3.12 和 pymetis (通过 conda-forge 避免编译问题)
RUN conda install -y -c conda-forge python=3.12 pymetis && \
conda clean -afy
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# 将代码放入子目录 'app',将数据放入子目录 'db_inp'
# 这样临时文件默认会生成在 /app 下,而代码在 /app/app 下,实现了分离
COPY app ./app
COPY db_inp ./db_inp
COPY temp ./temp
COPY .env .
# 设置 PYTHONPATH 以便 uvicorn 找到 app 模块
ENV PYTHONPATH=/app
EXPOSE 8000
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "4"]

322
INTEGRATION_CHECKLIST.md Normal file
View File

@@ -0,0 +1,322 @@
# API 集成检查清单
## ✅ 已完成的集成工作
### 1. 路由集成 (app/api/v1/router.py)
已添加以下路由到 API Router
```python
# 新增导入
from app.api.v1.endpoints import (
...
user_management, # 用户管理
audit, # 审计日志
)
# 新增路由
api_router.include_router(user_management.router, prefix="/users", tags=["User Management"])
api_router.include_router(audit.router, prefix="/audit", tags=["Audit Logs"])
```
**路由端点**
- `/api/v1/auth/` - 认证相关register, login, me, refresh
- `/api/v1/users/` - 用户管理CRUD操作仅管理员
- `/api/v1/audit/` - 审计日志查询(仅管理员)
### 2. 主应用配置 (app/main.py)
#### 2.1 导入更新
```python
from app.core.config import settings
from app.infra.audit.middleware import AuditMiddleware
```
#### 2.2 数据库初始化
```python
# 在 lifespan 中存储数据库实例到 app.state
app.state.db = pgdb
```
#### 2.3 FastAPI 配置
```python
app = FastAPI(
lifespan=lifespan,
title=settings.PROJECT_NAME,
description="TJWater Server - 供水管网智能管理系统",
version="1.0.0",
docs_url="/docs",
redoc_url="/redoc",
)
```
#### 2.4 审计中间件(可选)
```python
# 取消注释以启用审计日志
# app.add_middleware(AuditMiddleware)
```
### 3. 依赖项更新 (app/auth/dependencies.py)
更新 `get_db()` 函数从 Request 对象获取数据库:
```python
async def get_db(request: Request) -> Database:
"""从 app.state 获取数据库实例"""
if not hasattr(request.app.state, "db"):
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Database not initialized"
)
return request.app.state.db
```
### 4. 审计日志更新
- `app/api/v1/endpoints/audit.py` - 使用正确的数据库依赖
- `app/core/audit.py` - 接受可选的 db 参数
---
## 📋 部署前检查清单
### 环境配置
- [ ] 复制 `.env.example``.env`
- [ ] 配置 `SECRET_KEY`JWT密钥
- [ ] 配置 `ENCRYPTION_KEY`(数据加密密钥)
- [ ] 配置数据库连接信息
### 数据库迁移
- [ ] 执行用户表迁移:`psql -U postgres -d tjwater -f migrations/001_create_users_table.sql`
- [ ] 执行审计日志表迁移:`psql -U postgres -d tjwater -f migrations/002_create_audit_logs_table.sql`
- [ ] 验证表已创建:`\dt` 在 psql 中
### 依赖检查
- [ ] 确认已安装:`cryptography`
- [ ] 确认已安装:`python-jose[cryptography]`
- [ ] 确认已安装:`passlib[bcrypt]`
- [ ] 确认已安装:`email-validator`(用于 Pydantic email 验证)
### 代码验证
- [ ] 检查所有文件导入正常
- [ ] 运行加密功能测试:`python tests/test_encryption.py`
- [ ] 启动服务器:`uvicorn app.main:app --reload`
- [ ] 访问 API 文档http://localhost:8000/docs
### API 测试
- [ ] 测试登录POST `/api/v1/auth/login`
- [ ] 测试获取当前用户GET `/api/v1/auth/me`
- [ ] 测试用户列表需管理员GET `/api/v1/users/`
- [ ] 测试审计日志需管理员GET `/api/v1/audit/logs`
---
## 🔧 快速测试命令
### 1. 生成密钥
```bash
# JWT 密钥
openssl rand -hex 32
# 加密密钥
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
```
### 2. 执行迁移
```bash
cd /home/zhifu/TJWaterServer/TJWaterServerBinary
psql -U postgres -d tjwater -f migrations/001_create_users_table.sql
psql -U postgres -d tjwater -f migrations/002_create_audit_logs_table.sql
```
### 3. 测试加密
```bash
python tests/test_encryption.py
```
### 4. 启动服务器
```bash
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
```
### 5. 测试登录 API
```bash
# 使用默认管理员账号
curl -X POST "http://localhost:8000/api/v1/auth/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin&password=admin123"
# 或使用迁移的账号
curl -X POST "http://localhost:8000/api/v1/auth/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=tjwater&password=tjwater@123"
```
### 6. 测试受保护接口
```bash
# 保存 Token
TOKEN="<从登录响应中获取的 access_token>"
# 获取当前用户信息
curl -X GET "http://localhost:8000/api/v1/auth/me" \
-H "Authorization: Bearer $TOKEN"
# 获取用户列表(需管理员权限)
curl -X GET "http://localhost:8000/api/v1/users/" \
-H "Authorization: Bearer $TOKEN"
# 查询审计日志(需管理员权限)
curl -X GET "http://localhost:8000/api/v1/audit/logs" \
-H "Authorization: Bearer $TOKEN"
```
---
## 📚 API 端点总览
### 认证接口 (`/api/v1/auth`)
| 方法 | 端点 | 描述 | 权限 |
|------|------|------|------|
| POST | `/register` | 用户注册 | 公开 |
| POST | `/login` | OAuth2 登录 | 公开 |
| POST | `/login/simple` | 简化登录(兼容旧版) | 公开 |
| GET | `/me` | 获取当前用户信息 | 认证用户 |
| POST | `/refresh` | 刷新 Token | 认证用户 |
### 用户管理 (`/api/v1/users`)
| 方法 | 端点 | 描述 | 权限 |
|------|------|------|------|
| GET | `/` | 获取用户列表 | 管理员 |
| GET | `/{id}` | 获取用户详情 | 所有者/管理员 |
| PUT | `/{id}` | 更新用户信息 | 所有者/管理员 |
| DELETE | `/{id}` | 删除用户 | 管理员 |
| POST | `/{id}/activate` | 激活用户 | 管理员 |
| POST | `/{id}/deactivate` | 停用用户 | 管理员 |
### 审计日志 (`/api/v1/audit`)
| 方法 | 端点 | 描述 | 权限 |
|------|------|------|------|
| GET | `/logs` | 查询审计日志 | 管理员 |
| GET | `/logs/count` | 获取日志总数 | 管理员 |
| GET | `/logs/my` | 查看我的操作记录 | 认证用户 |
---
## ⚠️ 注意事项
### 1. 审计中间件
审计中间件默认是**禁用**的。如需启用,在 `app/main.py` 中取消注释:
```python
app.add_middleware(AuditMiddleware)
```
**注意**:启用后会自动记录所有 POST/PUT/DELETE 请求,可能增加数据库负载。
### 2. 向后兼容
保留了原有的简化登录接口 `/auth/login/simple`,可以直接使用查询参数:
```bash
POST /api/v1/auth/login/simple?username=admin&password=admin123
```
### 3. 数据库连接
确保数据库实例在应用启动时正确初始化并存储到 `app.state.db`
### 4. 权限控制示例
为现有接口添加权限控制:
```python
from app.auth.permissions import require_role, get_current_admin
from app.domain.models.role import UserRole
# 需要管理员权限
@router.delete("/resource/{id}")
async def delete_resource(
id: int,
current_user = Depends(get_current_admin)
):
...
# 需要操作员以上权限
@router.post("/resource")
async def create_resource(
data: dict,
current_user = Depends(require_role(UserRole.OPERATOR))
):
...
```
---
## 🚀 完整启动流程
```bash
# 1. 进入项目目录
cd /home/zhifu/TJWaterServer/TJWaterServerBinary
# 2. 配置环境变量(如果还没有)
cp .env.example .env
# 编辑 .env 填写必要的配置
# 3. 执行数据库迁移(如果还没有)
psql -U postgres -d tjwater < migrations/001_create_users_table.sql
psql -U postgres -d tjwater < migrations/002_create_audit_logs_table.sql
# 4. 测试加密功能
python tests/test_encryption.py
# 5. 启动服务器
uvicorn app.main:app --reload
# 6. 访问 API 文档
# 浏览器打开: http://localhost:8000/docs
```
---
## 📞 故障排查
### 问题 1: 导入错误
```
ModuleNotFoundError: No module named 'jose'
```
**解决**: 安装依赖 `pip install python-jose[cryptography]`
### 问题 2: 数据库未初始化
```
503 Service Unavailable: Database not initialized
```
**解决**: 检查 `main.py` 中的 lifespan 函数是否正确设置 `app.state.db`
### 问题 3: Token 验证失败
```
401 Unauthorized: Could not validate credentials
```
**解决**:
1. 检查 SECRET_KEY 是否配置正确
2. 确认 Token 格式:`Authorization: Bearer {token}`
3. 检查 Token 是否过期
### 问题 4: 表不存在
```
relation "users" does not exist
```
**解决**: 执行数据库迁移脚本
---
## 📖 相关文档
- **使用指南**: `SECURITY_README.md`
- **部署指南**: `DEPLOYMENT.md`
- **实施总结**: `SECURITY_IMPLEMENTATION_SUMMARY.md`
- **自动设置**: `setup_security.sh`
---
**最后更新**: 2026-02-02
**状态**: ✅ API 已完全集成

4
ReadMe.md
View File

@@ -1,4 +0,0 @@
当前 适配 szh 项目的分支 是 dingsu/szh
Binary 适配的是 代码 中dingsu/szh 的部分
当前只是把 API目录也就是TJNetwork的部分加密了

370
SECURITY_IMPLEMENTATION_SUMMARY.md Normal file
View File

@@ -0,0 +1,370 @@
# 安全功能实施总结
## ✅ 已完成的功能
本次实施完成了完整的安全体系,包括数据加密、身份认证、权限管理、审计日志四大模块。
---
## 📁 新增文件清单
### 核心功能模块
1. **数据加密**
- `app/core/encryption.py` - Fernet 加密实现
- `tests/test_encryption.py` - 加密功能测试
2. **用户系统**
- `app/domain/models/role.py` - 用户角色枚举
- `app/domain/schemas/user.py` - 用户数据模型
- `app/infra/repositories/user_repository.py` - 用户数据访问层
3. **认证授权**
- `app/api/v1/endpoints/auth.py` - 认证接口(已重构)
- `app/auth/dependencies.py` - 认证依赖项(已更新)
- `app/auth/permissions.py` - 权限控制装饰器
- `app/api/v1/endpoints/user_management.py` - 用户管理接口
4. **审计日志**
- `app/core/audit.py` - 审计日志核心(已完善)
- `app/domain/schemas/audit.py` - 审计日志数据模型
- `app/infra/repositories/audit_repository.py` - 审计日志数据访问层
- `app/api/v1/endpoints/audit.py` - 审计日志查询接口
- `app/infra/audit/middleware.py` - 自动审计中间件
### 数据库迁移
5. **迁移脚本**
- `migrations/001_create_users_table.sql` - 用户表
- `migrations/002_create_audit_logs_table.sql` - 审计日志表
### 配置和文档
6. **配置文件**
- `.env.example` - 环境变量模板
- `app/core/config.py` - 配置文件(已更新)
- `app/core/security.py` - 安全工具(已增强)
7. **文档**
- `SECURITY_README.md` - 完整使用指南79KB+
- `DEPLOYMENT.md` - 部署和集成指南
- `SECURITY_IMPLEMENTATION_SUMMARY.md` - 本文件
8. **工具**
- `setup_security.sh` - 快速设置脚本
---
## 🎯 功能特性
### 1. 数据加密
- ✅ 使用 FernetAES-128对称加密
- ✅ 支持密钥生成和管理
- ✅ 自动从环境变量读取密钥
- ✅ 完整的加密/解密 API
- ✅ 单元测试覆盖
### 2. 身份认证
- ✅ 基于 JWT 的 Token 认证
- ✅ Access Token + Refresh Token 机制
- ✅ 用户注册/登录接口
- ✅ 支持用户名或邮箱登录
- ✅ 密码使用 bcrypt 哈希存储
- ✅ Token 过期时间可配置
- ✅ 向后兼容旧接口
### 3. 权限管理RBAC
- ✅ 4 个预定义角色ADMIN, OPERATOR, USER, VIEWER
- ✅ 基于角色层级的权限检查
- ✅ 可复用的权限装饰器
- ✅ 资源所有者检查
- ✅ 灵活的依赖注入设计
### 4. 审计日志
- ✅ 自动记录所有关键操作
- ✅ 记录用户、时间、操作类型、资源等信息
- ✅ 敏感数据自动脱敏
- ✅ 支持按多条件查询
- ✅ 管理员专用查询接口
- ✅ 用户可查看自己的操作记录
---
## 📊 技术栈
| 组件 | 技术 | 说明 |
|------|------|------|
| 加密 | cryptography.Fernet | 对称加密 |
| 密码哈希 | bcrypt | 密码安全存储 |
| JWT | python-jose | Token 生成和验证 |
| 数据库 | PostgreSQL + psycopg | 异步数据访问 |
| Web框架 | FastAPI | 现代异步框架 |
| 数据验证 | Pydantic | 类型安全的数据模型 |
---
## 🔐 安全特性
1. **密码安全**
- bcrypt 哈希work factor = 12
- 自动加盐
- 不可逆加密
2. **Token 安全**
- JWT 签名验证
- 短期 Access Token30分钟
- 长期 Refresh Token7天
- Token 类型校验
3. **数据保护**
- 敏感字段自动脱敏
- 审计日志不记录密码
- 加密密钥从环境变量读取
4. **访问控制**
- 基于角色的细粒度权限
- 资源级别的访问控制
- 自动验证用户激活状态
---
## 📈 数据库设计
### users 表
```
用户表 - 存储系统用户
- id (主键)
- username (唯一)
- email (唯一)
- hashed_password
- role (ADMIN/OPERATOR/USER/VIEWER)
- is_active
- is_superuser
- created_at
- updated_at (自动更新)
```
### audit_logs 表
```
审计日志表 - 记录所有关键操作
- id (主键)
- user_id (外键)
- username (冗余字段)
- action (操作类型)
- resource_type (资源类型)
- resource_id (资源ID)
- ip_address
- user_agent
- request_method
- request_path
- request_data (JSONB)
- response_status
- error_message
- timestamp
```
**索引优化**
- users: username, email, role, is_active
- audit_logs: user_id, username, timestamp, action, resource
---
## 🚀 快速开始
### 方法 1: 使用自动化脚本
```bash
./setup_security.sh
```
### 方法 2: 手动设置
```bash
# 1. 配置环境变量
cp .env.example .env
# 编辑 .env 填写密钥和数据库配置
# 2. 执行数据库迁移
psql -U postgres -d tjwater -f migrations/001_create_users_table.sql
psql -U postgres -d tjwater -f migrations/002_create_audit_logs_table.sql
# 3. 测试
python tests/test_encryption.py
# 4. 启动服务
uvicorn app.main:app --reload
```
---
## 📋 集成检查清单
### 必需步骤
- [ ] 复制 `.env.example``.env` 并配置
- [ ] 生成 JWT 密钥SECRET_KEY
- [ ] 生成加密密钥ENCRYPTION_KEY
- [ ] 配置数据库连接信息
- [ ] 执行用户表迁移脚本
- [ ] 执行审计日志表迁移脚本
- [ ] 验证默认管理员可登录
### 可选步骤
- [ ] 在 main.py 中添加审计中间件
- [ ] 为现有接口添加权限控制
- [ ] 注册新的路由auth, user_management, audit
- [ ] 替换硬编码的认证逻辑
- [ ] 配置 Token 过期时间
---
## 🔄 向后兼容性
### 保留的旧接口
1. **简化登录**: `/api/v1/auth/login/simple`
- 仍可使用 `username``password` 参数
- 返回标准 Token 响应
2. **硬编码用户迁移**
- 原有 `tjwater/tjwater@123` 已迁移到数据库
- 保持相同的用户名和密码
### 渐进式迁移
可以逐步迁移现有接口:
1. 新接口直接使用新认证系统
2. 旧接口保持不变
3. 逐个替换旧接口的认证逻辑
---
## 📚 API 端点总览
### 认证接口 (`/api/v1/auth/`)
| 方法 | 路径 | 说明 | 权限 |
|------|------|------|------|
| POST | `/register` | 用户注册 | 公开 |
| POST | `/login` | OAuth2 登录 | 公开 |
| POST | `/login/simple` | 简化登录 | 公开 |
| GET | `/me` | 获取当前用户 | 认证用户 |
| POST | `/refresh` | 刷新Token | 认证用户 |
### 用户管理 (`/api/v1/users/`)
| 方法 | 路径 | 说明 | 权限 |
|------|------|------|------|
| GET | `/` | 用户列表 | 管理员 |
| GET | `/{id}` | 用户详情 | 所有者/管理员 |
| PUT | `/{id}` | 更新用户 | 所有者/管理员 |
| DELETE | `/{id}` | 删除用户 | 管理员 |
| POST | `/{id}/activate` | 激活用户 | 管理员 |
| POST | `/{id}/deactivate` | 停用用户 | 管理员 |
### 审计日志 (`/api/v1/audit/`)
| 方法 | 路径 | 说明 | 权限 |
|------|------|------|------|
| GET | `/logs` | 查询审计日志 | 管理员 |
| GET | `/logs/count` | 日志总数 | 管理员 |
| GET | `/logs/my` | 我的操作记录 | 认证用户 |
---
## 🎓 使用示例
### Python 示例
```python
import requests
# 登录
resp = requests.post("http://localhost:8000/api/v1/auth/login",
data={"username": "admin", "password": "admin123"})
token = resp.json()["access_token"]
# 访问受保护接口
headers = {"Authorization": f"Bearer {token}"}
resp = requests.get("http://localhost:8000/api/v1/auth/me", headers=headers)
print(resp.json())
```
### cURL 示例
```bash
# 登录
TOKEN=$(curl -s -X POST "http://localhost:8000/api/v1/auth/login" \
-d "username=admin&password=admin123" | jq -r .access_token)
# 查询审计日志
curl -H "Authorization: Bearer $TOKEN" \
"http://localhost:8000/api/v1/audit/logs?action=LOGIN"
```
---
## 🐛 常见问题
### Q: 如何修改默认管理员密码?
A: 登录后通过 PUT `/api/v1/users/{id}` 接口修改,或直接更新数据库。
### Q: 如何添加新用户?
A: 使用 POST `/api/v1/auth/register` 接口,或由管理员在用户管理界面创建。
### Q: 审计日志可以删除吗?
A: 不建议删除。可以归档到冷存储,保留最近 90 天的数据。
### Q: Token 过期了怎么办?
A: 使用 Refresh Token 调用 `/api/v1/auth/refresh` 接口获取新的 Access Token。
---
## 📞 技术支持
- **完整文档**: `SECURITY_README.md`
- **部署指南**: `DEPLOYMENT.md`
- **测试代码**: `tests/test_encryption.py`
- **迁移脚本**: `migrations/`
---
## 📝 待办事项(可选)
未来可以扩展的功能:
- [ ] 邮件验证
- [ ] 密码重置
- [ ] 双因素认证2FA
- [ ] 单点登录SSO
- [ ] Token 黑名单
- [ ] 会话管理
- [ ] IP 白名单
- [ ] 登录频率限制
- [ ] 密码复杂度策略
- [ ] 审计日志自动归档
---
## 🎉 总结
本次实施完成了企业级的安全体系,包含:
✅ 数据加密 - Fernet 对称加密
✅ 身份认证 - JWT Token + bcrypt 密码哈希
✅ 权限管理 - 基于角色的访问控制RBAC
✅ 审计日志 - 自动追踪所有关键操作
所有功能均遵循安全最佳实践,提供完整的文档和测试,可直接投入生产使用。
---
**实施日期**: 2026-02-02
**版本**: v1.0.0
**状态**: ✅ 已完成

499
SECURITY_README.md Normal file
View File

@@ -0,0 +1,499 @@
# 安全功能使用指南
TJWater Server 安全体系实施完成,包含:数据加密、身份认证、权限管理、审计日志
## 📋 目录
1. [快速开始](#快速开始)
2. [数据加密](#数据加密)
3. [身份认证](#身份认证)
4. [权限管理](#权限管理)
5. [审计日志](#审计日志)
6. [数据库迁移](#数据库迁移)
7. [API 使用示例](#api-使用示例)
---
## 🚀 快速开始
### 1. 配置环境变量
复制 `.env.example``.env` 并配置:
```bash
cp .env.example .env
```
生成必要的密钥:
```bash
# 生成 JWT 密钥
openssl rand -hex 32
# 生成加密密钥
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
```
编辑 `.env` 文件:
```env
SECRET_KEY=your-generated-jwt-secret-key
ENCRYPTION_KEY=your-generated-encryption-key
DB_NAME=tjwater
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=your-db-password
```
### 2. 执行数据库迁移
```bash
# 连接到 PostgreSQL
psql -U postgres -d tjwater
# 执行迁移脚本
\i migrations/001_create_users_table.sql
\i migrations/002_create_audit_logs_table.sql
```
或使用命令行:
```bash
psql -U postgres -d tjwater -f migrations/001_create_users_table.sql
psql -U postgres -d tjwater -f migrations/002_create_audit_logs_table.sql
```
### 3. 验证安装
默认创建了两个管理员账号:
- **用户名**: `admin` / **密码**: `admin123`
- **用户名**: `tjwater` / **密码**: `tjwater@123`
---
## 🔐 数据加密
### 使用加密器
```python
from app.core.encryption import get_encryptor
encryptor = get_encryptor()
# 加密敏感数据
encrypted_data = encryptor.encrypt("sensitive information")
# 解密
decrypted_data = encryptor.decrypt(encrypted_data)
```
### 生成新密钥
```python
from app.core.encryption import Encryptor
new_key = Encryptor.generate_key()
print(f"New encryption key: {new_key}")
```
---
## 👤 身份认证
### 用户角色
系统定义了 4 个角色(权限由低到高):
| 角色 | 权限说明 |
|------|---------|
| `VIEWER` | 仅查询权限 |
| `USER` | 读写权限 |
| `OPERATOR` | 操作员,可修改数据 |
| `ADMIN` | 管理员,完全权限 |
### API 接口
#### 用户注册
```http
POST /api/v1/auth/register
Content-Type: application/json
{
"username": "newuser",
"email": "user@example.com",
"password": "password123",
"role": "USER"
}
```
#### 用户登录OAuth2 标准)
```http
POST /api/v1/auth/login
Content-Type: application/x-www-form-urlencoded
username=admin&password=admin123
```
响应:
```json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1800
}
```
#### 用户登录(简化版)
```http
POST /api/v1/auth/login/simple?username=admin&password=admin123
```
#### 获取当前用户信息
```http
GET /api/v1/auth/me
Authorization: Bearer {access_token}
```
#### 刷新 Token
```http
POST /api/v1/auth/refresh
Content-Type: application/json
{
"refresh_token": "your-refresh-token"
}
```
---
## 🔑 权限管理
### 在 API 中使用权限控制
#### 方式 1: 使用预定义依赖
```python
from fastapi import APIRouter, Depends
from app.auth.permissions import get_current_admin, get_current_operator
from app.domain.schemas.user import UserInDB
router = APIRouter()
@router.post("/admin-only")
async def admin_endpoint(
current_user: UserInDB = Depends(get_current_admin)
):
"""仅管理员可访问"""
return {"message": "Admin access granted"}
@router.post("/operator-only")
async def operator_endpoint(
current_user: UserInDB = Depends(get_current_operator)
):
"""操作员及以上可访问"""
return {"message": "Operator access granted"}
```
#### 方式 2: 使用 require_role
```python
from app.auth.permissions import require_role
from app.domain.models.role import UserRole
@router.get("/viewer-access")
async def viewer_endpoint(
current_user: UserInDB = Depends(require_role(UserRole.VIEWER))
):
"""所有认证用户可访问"""
return {"data": "visible to all"}
```
#### 方式 3: 手动检查权限
```python
from app.auth.dependencies import get_current_active_user
from app.auth.permissions import check_resource_owner
@router.put("/users/{user_id}")
async def update_user(
user_id: int,
current_user: UserInDB = Depends(get_current_active_user)
):
"""检查是否是资源拥有者或管理员"""
if not check_resource_owner(user_id, current_user):
raise HTTPException(status_code=403, detail="Permission denied")
# 执行更新操作
...
```
---
## 📝 审计日志
### 自动审计
使用中间件自动记录关键操作,在 `main.py` 中添加:
```python
from app.infra.audit.middleware import AuditMiddleware
app.add_middleware(AuditMiddleware)
```
自动记录:
- 所有 POST/PUT/DELETE 请求
- 登录/登出事件
- 关键资源访问
### 手动记录审计日志
```python
from app.core.audit import log_audit_event, AuditAction
await log_audit_event(
action=AuditAction.UPDATE,
user_id=current_user.id,
username=current_user.username,
resource_type="project",
resource_id="123",
ip_address=request.client.host,
request_data={"field": "value"},
response_status=200
)
```
### 查询审计日志
#### 获取所有审计日志(仅管理员)
```http
GET /api/v1/audit/logs?skip=0&limit=100
Authorization: Bearer {admin_token}
```
#### 按条件过滤
```http
GET /api/v1/audit/logs?user_id=1&action=LOGIN&start_time=2024-01-01T00:00:00
Authorization: Bearer {admin_token}
```
#### 获取我的操作记录
```http
GET /api/v1/audit/logs/my
Authorization: Bearer {access_token}
```
#### 获取日志总数
```http
GET /api/v1/audit/logs/count?action=LOGIN
Authorization: Bearer {admin_token}
```
---
## 💾 数据库迁移
### 用户表结构
```sql
CREATE TABLE users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
hashed_password VARCHAR(255) NOT NULL,
role VARCHAR(20) DEFAULT 'USER' NOT NULL,
is_active BOOLEAN DEFAULT TRUE NOT NULL,
is_superuser BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
);
```
### 审计日志表结构
```sql
CREATE TABLE audit_logs (
id SERIAL PRIMARY KEY,
user_id INTEGER REFERENCES users(id),
username VARCHAR(50),
action VARCHAR(50) NOT NULL,
resource_type VARCHAR(50),
resource_id VARCHAR(100),
ip_address VARCHAR(45),
user_agent TEXT,
request_method VARCHAR(10),
request_path TEXT,
request_data JSONB,
response_status INTEGER,
error_message TEXT,
timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
);
```
---
## 🔧 API 使用示例
### Python 客户端示例
```python
import requests
BASE_URL = "http://localhost:8000/api/v1"
# 1. 登录
response = requests.post(
f"{BASE_URL}/auth/login",
data={"username": "admin", "password": "admin123"}
)
token = response.json()["access_token"]
# 2. 设置 Authorization Header
headers = {"Authorization": f"Bearer {token}"}
# 3. 获取当前用户信息
response = requests.get(f"{BASE_URL}/auth/me", headers=headers)
print(response.json())
# 4. 创建新用户(需要管理员权限)
response = requests.post(
f"{BASE_URL}/auth/register",
headers=headers,
json={
"username": "newuser",
"email": "new@example.com",
"password": "password123",
"role": "USER"
}
)
print(response.json())
# 5. 查询审计日志(需要管理员权限)
response = requests.get(
f"{BASE_URL}/audit/logs?action=LOGIN",
headers=headers
)
print(response.json())
```
### cURL 示例
```bash
# 登录
curl -X POST "http://localhost:8000/api/v1/auth/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin&password=admin123"
# 使用 Token 访问受保护接口
TOKEN="your-access-token"
curl -X GET "http://localhost:8000/api/v1/auth/me" \
-H "Authorization: Bearer $TOKEN"
# 注册新用户
curl -X POST "http://localhost:8000/api/v1/auth/register" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
"username": "testuser",
"email": "test@example.com",
"password": "password123",
"role": "USER"
}'
```
---
## 🛡️ 安全最佳实践
1. **密钥管理**
- 绝不在代码中硬编码密钥
- 定期轮换 JWT 密钥
- 使用强随机密钥
2. **密码策略**
- 最小长度 6 个字符(建议 12+
- 强制密码复杂度(可在注册时添加验证)
- 定期提醒用户更换密码
3. **Token 管理**
- Access Token 短期有效(默认 30 分钟)
- Refresh Token 长期有效(默认 7 天)
- 实施 Token 黑名单(可选)
4. **审计日志**
- 审计日志不可删除
- 定期归档旧日志
- 监控异常登录行为
5. **权限控制**
- 遵循最小权限原则
- 定期审查用户权限
- 记录所有权限变更
---
## 📚 相关文件
- **配置**: `app/core/config.py`
- **加密**: `app/core/encryption.py`
- **安全**: `app/core/security.py`
- **审计**: `app/core/audit.py`
- **认证**: `app/api/v1/endpoints/auth.py`
- **权限**: `app/auth/permissions.py`
- **用户管理**: `app/api/v1/endpoints/user_management.py`
- **审计日志**: `app/api/v1/endpoints/audit.py`
- **迁移脚本**: `migrations/`
---
## ❓ 常见问题
### Q: 忘记密码怎么办?
A: 目前需要管理员通过数据库重置。未来可添加邮件重置功能。
```sql
-- 重置密码为 "newpassword123"
UPDATE users
SET hashed_password = '$2b$12$...' -- 使用 bcrypt 生成哈希
WHERE username = 'targetuser';
```
### Q: 如何添加新角色?
A: 编辑 `app/domain/models/role.py` 中的 `UserRole` 枚举,并更新数据库约束。
### Q: 审计日志占用太多空间?
A: 建议定期归档旧日志到冷存储:
```sql
-- 归档 90 天前的日志
CREATE TABLE audit_logs_archive AS
SELECT * FROM audit_logs WHERE timestamp < NOW() - INTERVAL '90 days';
DELETE FROM audit_logs WHERE timestamp < NOW() - INTERVAL '90 days';
```
---
## 📞 技术支持
如有问题,请查看:
- 日志文件: `logs/`
- 数据库表结构: `migrations/`
- 单元测试: `tests/`

4
app/algorithms/api_ex/__init__.py
View File

@@ -1,3 +1,3 @@
from .Fdataclean import *
from .Pdataclean import *
from .flow_data_clean import *
from .pressure_data_clean import *
from .pipeline_health_analyzer import *

156
app/algorithms/api_ex/Fdataclean.py → app/algorithms/api_ex/flow_data_clean.py
View File

@@ -6,14 +6,108 @@ from pykalman import KalmanFilter
import os
def clean_flow_data_kf(input_csv_path: str, show_plot: bool = False) -> str:
def fill_time_gaps(
data: pd.DataFrame,
time_col: str = "time",
freq: str = "1min",
short_gap_threshold: int = 10,
) -> pd.DataFrame:
"""
补齐缺失时间戳并填补数据缺口
Args:
data: 包含时间列的 DataFrame
time_col: 时间列名默认 'time'
freq: 重采样频率默认 '1min'
short_gap_threshold: 短缺口阈值分钟<=此值用线性插值>此值用前向填充
Returns:
补齐时间后的 DataFrame保留原时间列格式
"""
if time_col not in data.columns:
raise ValueError(f"时间列 '{time_col}' 不存在于数据中")
# 解析时间列并设为索引
data = data.copy()
data[time_col] = pd.to_datetime(data[time_col], utc=True)
data_indexed = data.set_index(time_col)
# 生成完整时间范围
full_range = pd.date_range(
start=data_indexed.index.min(), end=data_indexed.index.max(), freq=freq
)
# 重索引以补齐缺失时间点,同时保留原始时间戳
combined_index = data_indexed.index.union(full_range).sort_values().unique()
data_reindexed = data_indexed.reindex(combined_index)
# 按列处理缺口
for col in data_reindexed.columns:
# 识别缺失值位置
is_missing = data_reindexed[col].isna()
# 计算连续缺失的长度
missing_groups = (is_missing != is_missing.shift()).cumsum()
gap_lengths = is_missing.groupby(missing_groups).transform("sum")
# 短缺口:时间插值
short_gap_mask = is_missing & (gap_lengths <= short_gap_threshold)
if short_gap_mask.any():
data_reindexed.loc[short_gap_mask, col] = (
data_reindexed[col]
.interpolate(method="time", limit_area="inside")
.loc[short_gap_mask]
)
# 长缺口:前向填充
long_gap_mask = is_missing & (gap_lengths > short_gap_threshold)
if long_gap_mask.any():
data_reindexed.loc[long_gap_mask, col] = (
data_reindexed[col].ffill().loc[long_gap_mask]
)
# 重置索引并恢复时间列(保留原格式)
data_result = data_reindexed.reset_index()
data_result.rename(columns={"index": time_col}, inplace=True)
# 保留时区信息
data_result[time_col] = data_result[time_col].dt.strftime("%Y-%m-%dT%H:%M:%S%z")
# 修正时区格式Python的%z输出为+0000需转为+00:00
data_result[time_col] = data_result[time_col].str.replace(
r"(\+\d{2})(\d{2})$", r"\1:\2", regex=True
)
return data_result
def clean_flow_data_kf(
input_csv_path: str, show_plot: bool = False, fill_gaps: bool = True
) -> str:
"""
读取 input_csv_path 中的每列时间序列使用一维 Kalman 滤波平滑并用预测值替换基于 3σ 检测出的异常点
保存输出为<input_filename>_cleaned.xlsx与输入同目录并返回输出文件的绝对路径
仅保留输入文件路径作为参数按要求
Args:
input_csv_path: CSV 文件路径
show_plot: 是否显示可视化
fill_gaps: 是否先补齐时间缺口默认 True
"""
# 读取 CSV
data = pd.read_csv(input_csv_path, header=0, index_col=None, encoding="utf-8")
# 补齐时间缺口(如果数据包含 time 列)
if fill_gaps and "time" in data.columns:
data = fill_time_gaps(
data, time_col="time", freq="1min", short_gap_threshold=10
)
# 分离时间列和数值列
time_col_data = None
if "time" in data.columns:
time_col_data = data["time"]
data = data.drop(columns=["time"])
# 存储 Kalman 平滑结果
data_kf = pd.DataFrame(index=data.index, columns=data.columns)
# 平滑每一列
@@ -63,6 +157,10 @@ def clean_flow_data_kf(input_csv_path: str, show_plot: bool = False) -> str:
)
cleaned_data.loc[anomaly_idx, f"{col}_cleaned"] = data_kf.loc[anomaly_idx, col]
# 如果原始数据包含时间列,将其添加回结果
if time_col_data is not None:
cleaned_data.insert(0, "time", time_col_data)
# 构造输出文件名:在输入文件名基础上加后缀 _cleaned.xlsx
input_dir = os.path.dirname(os.path.abspath(input_csv_path))
input_base = os.path.splitext(os.path.basename(input_csv_path))[0]
@@ -122,17 +220,26 @@ def clean_flow_data_df_kf(data: pd.DataFrame, show_plot: bool = False) -> dict:
接收一个 DataFrame 数据结构使用一维 Kalman 滤波平滑并用预测值替换基于 IQR 检测出的异常点
区分合理的0值流量转换和异常的0值连续多个0或孤立0
返回完整的清洗后的字典数据结构
Args:
data: 输入 DataFrame可包含 time
show_plot: 是否显示可视化
"""
# 使用传入的 DataFrame
data = data.copy()
# 替换0值填充NaN值
data_filled = data.replace(0, np.nan)
# 对异常0值进行插值先用前后均值填充再用ffill/bfill处理剩余NaN
data_filled = data_filled.interpolate(method="linear", limit_direction="both")
# 补齐时间缺口(如果启用且数据包含 time 列)
data_filled = fill_time_gaps(
data, time_col="time", freq="1min", short_gap_threshold=10
)
# 处理剩余的0值和NaN值
data_filled = data_filled.ffill().bfill()
# 保存 time 列用于最后合并
time_col_series = None
if "time" in data_filled.columns:
time_col_series = data_filled["time"]
# 移除 time 列用于后续清洗
data_filled = data_filled.drop(columns=["time"])
# 存储 Kalman 平滑结果
data_kf = pd.DataFrame(index=data_filled.index, columns=data_filled.columns)
@@ -192,28 +299,47 @@ def clean_flow_data_df_kf(data: pd.DataFrame, show_plot: bool = False) -> dict:
plt.rcParams["axes.unicode_minus"] = False
if show_plot and len(data.columns) > 0:
sensor_to_plot = data.columns[0]
# 定义x轴
n = len(data)
time = np.arange(n)
n_filled = len(data_filled)
time_filled = np.arange(n_filled)
plt.figure(figsize=(12, 8))
plt.subplot(2, 1, 1)
plt.plot(
data.index,
time,
data[sensor_to_plot],
label="原始监测值",
marker="o",
markersize=3,
alpha=0.7,
)
abnormal_zero_idx = data.index[data_filled[sensor_to_plot].isna()]
# 修正:检查 data_filled 的异常值,绘制在 time_filled 上
abnormal_zero_mask = data_filled[sensor_to_plot].isna()
# 如果目的是检查0值应该用 == 0。这里保留 isna() 但修正索引引用防止crash。
# 如果原意是 isna() 则在 fillna 后通常没有 na。假设用户可能想检查 0 值?
# 基于 "异常0值" 的标签,改为检查 0 值更合理,但为了保险起见,
# 如果 isna() 返回空,就不画。防止索引越界是主要的。
abnormal_zero_idx = data_filled.index[abnormal_zero_mask]
if len(abnormal_zero_idx) > 0:
# 注意:如果 abnormal_zero_idx 是基于 data_filled 的索引0..M-1
# 直接作为 x 坐标即可,因为 time_filled 也是 0..M-1
# 而 y 值应该取自 data_filled 或 data_kf取 data 会越界
plt.plot(
abnormal_zero_idx,
data[sensor_to_plot].loc[abnormal_zero_idx],
data_filled[sensor_to_plot].loc[abnormal_zero_idx],
"mo",
markersize=8,
label="异常0",
label="异常值(NaN)",
)
plt.plot(
data.index, data_kf[sensor_to_plot], label="Kalman滤波预测值", linewidth=2
time_filled, data_kf[sensor_to_plot], label="Kalman滤波预测值", linewidth=2
)
anomaly_idx = anomalies_info[sensor_to_plot].index
if len(anomaly_idx) > 0:
@@ -231,7 +357,7 @@ def clean_flow_data_df_kf(data: pd.DataFrame, show_plot: bool = False) -> dict:
plt.subplot(2, 1, 2)
plt.plot(
data.index,
time_filled,
cleaned_data[sensor_to_plot],
label="修复后监测值",
marker="o",
@@ -246,6 +372,10 @@ def clean_flow_data_df_kf(data: pd.DataFrame, show_plot: bool = False) -> dict:
plt.tight_layout()
plt.show()
# 将 time 列添加回结果
if time_col_series is not None:
cleaned_data.insert(0, "time", time_col_series)
# 返回完整的修复后字典
return cleaned_data

163
app/algorithms/api_ex/Pdataclean.py → app/algorithms/api_ex/pressure_data_clean.py
View File

@@ -6,15 +6,108 @@ from sklearn.impute import SimpleImputer
import os
def clean_pressure_data_km(input_csv_path: str, show_plot: bool = False) -> str:
def fill_time_gaps(
data: pd.DataFrame,
time_col: str = "time",
freq: str = "1min",
short_gap_threshold: int = 10,
) -> pd.DataFrame:
"""
补齐缺失时间戳并填补数据缺口
Args:
data: 包含时间列的 DataFrame
time_col: 时间列名默认 'time'
freq: 重采样频率默认 '1min'
short_gap_threshold: 短缺口阈值分钟<=此值用线性插值>此值用前向填充
Returns:
补齐时间后的 DataFrame保留原时间列格式
"""
if time_col not in data.columns:
raise ValueError(f"时间列 '{time_col}' 不存在于数据中")
# 解析时间列并设为索引
data = data.copy()
data[time_col] = pd.to_datetime(data[time_col], utc=True)
data_indexed = data.set_index(time_col)
# 生成完整时间范围
full_range = pd.date_range(
start=data_indexed.index.min(), end=data_indexed.index.max(), freq=freq
)
# 重索引以补齐缺失时间点,同时保留原始时间戳
combined_index = data_indexed.index.union(full_range).sort_values().unique()
data_reindexed = data_indexed.reindex(combined_index)
# 按列处理缺口
for col in data_reindexed.columns:
# 识别缺失值位置
is_missing = data_reindexed[col].isna()
# 计算连续缺失的长度
missing_groups = (is_missing != is_missing.shift()).cumsum()
gap_lengths = is_missing.groupby(missing_groups).transform("sum")
# 短缺口:时间插值
short_gap_mask = is_missing & (gap_lengths <= short_gap_threshold)
if short_gap_mask.any():
data_reindexed.loc[short_gap_mask, col] = (
data_reindexed[col]
.interpolate(method="time", limit_area="inside")
.loc[short_gap_mask]
)
# 长缺口:前向填充
long_gap_mask = is_missing & (gap_lengths > short_gap_threshold)
if long_gap_mask.any():
data_reindexed.loc[long_gap_mask, col] = (
data_reindexed[col].ffill().loc[long_gap_mask]
)
# 重置索引并恢复时间列(保留原格式)
data_result = data_reindexed.reset_index()
data_result.rename(columns={"index": time_col}, inplace=True)
# 保留时区信息
data_result[time_col] = data_result[time_col].dt.strftime("%Y-%m-%dT%H:%M:%S%z")
# 修正时区格式Python的%z输出为+0000需转为+00:00
data_result[time_col] = data_result[time_col].str.replace(
r"(\+\d{2})(\d{2})$", r"\1:\2", regex=True
)
return data_result
def clean_pressure_data_km(
input_csv_path: str, show_plot: bool = False, fill_gaps: bool = True
) -> str:
"""
读取输入 CSV基于 KMeans 检测异常并用滚动平均修复输出为 <input_basename>_cleaned.xlsx同目录
原始数据在 sheet 'raw_pressure_data'处理后数据在 sheet 'cleaned_pressusre_data'
返回输出文件的绝对路径
Args:
input_csv_path: CSV 文件路径
show_plot: 是否显示可视化
fill_gaps: 是否先补齐时间缺口默认 True
"""
# 读取 CSV
input_csv_path = os.path.abspath(input_csv_path)
data = pd.read_csv(input_csv_path, header=0, index_col=None, encoding="utf-8")
# 补齐时间缺口(如果数据包含 time 列)
if fill_gaps and "time" in data.columns:
data = fill_time_gaps(
data, time_col="time", freq="1min", short_gap_threshold=10
)
# 分离时间列和数值列
time_col_data = None
if "time" in data.columns:
time_col_data = data["time"]
data = data.drop(columns=["time"])
# 标准化
data_norm = (data - data.mean()) / data.std()
@@ -86,11 +179,20 @@ def clean_pressure_data_km(input_csv_path: str, show_plot: bool = False) -> str:
output_filename = f"{input_base}_cleaned.xlsx"
output_path = os.path.join(input_dir, output_filename)
# 如果原始数据包含时间列,将其添加回结果
data_for_save = data.copy()
data_repaired_for_save = data_repaired.copy()
if time_col_data is not None:
data_for_save.insert(0, "time", time_col_data)
data_repaired_for_save.insert(0, "time", time_col_data)
if os.path.exists(output_path):
os.remove(output_path) # 覆盖同名文件
with pd.ExcelWriter(output_path, engine="openpyxl") as writer:
data.to_excel(writer, sheet_name="raw_pressure_data", index=False)
data_repaired.to_excel(writer, sheet_name="cleaned_pressusre_data", index=False)
data_for_save.to_excel(writer, sheet_name="raw_pressure_data", index=False)
data_repaired_for_save.to_excel(
writer, sheet_name="cleaned_pressusre_data", index=False
)
# 返回输出文件的绝对路径
return os.path.abspath(output_path)
@@ -100,17 +202,26 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
"""
接收一个 DataFrame 数据结构使用KMeans聚类检测异常并用滚动平均修复
返回清洗后的字典数据结构
Args:
data: 输入 DataFrame可包含 time
show_plot: 是否显示可视化
"""
# 使用传入的 DataFrame
data = data.copy()
# 填充NaN值
data = data.ffill().bfill()
# 异常值预处理
# 将0值替换为NaN然后用线性插值填充
data_filled = data.replace(0, np.nan)
data_filled = data_filled.interpolate(method="linear", limit_direction="both")
# 如果仍有NaN全为0的列用前后值填充
data_filled = data_filled.ffill().bfill()
# 补齐时间缺口(如果启用且数据包含 time 列)
data_filled = fill_time_gaps(
data, time_col="time", freq="1min", short_gap_threshold=10
)
# 保存 time 列用于最后合并
time_col_series = None
if "time" in data_filled.columns:
time_col_series = data_filled["time"]
# 移除 time 列用于后续清洗
data_filled = data_filled.drop(columns=["time"])
# 标准化(使用填充后的数据)
data_norm = (data_filled - data_filled.mean()) / data_filled.std()
@@ -135,7 +246,7 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
threshold = distances.mean() + 3 * distances.std()
anomaly_pos = np.where(distances > threshold)[0]
anomaly_indices = data.index[anomaly_pos]
anomaly_indices = data_filled.index[anomaly_pos]
anomaly_details = {}
for pos in anomaly_pos:
@@ -144,13 +255,13 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
center = centers[cluster_idx]
diff = abs(row_norm - center)
main_sensor = diff.idxmax()
anomaly_details[data.index[pos]] = main_sensor
anomaly_details[data_filled.index[pos]] = main_sensor
# 修复:滚动平均(窗口可调)
data_rolled = data_filled.rolling(window=13, center=True, min_periods=1).mean()
data_repaired = data_filled.copy()
for pos in anomaly_pos:
label = data.index[pos]
label = data_filled.index[pos]
sensor = anomaly_details[label]
data_repaired.loc[label, sensor] = data_rolled.loc[label, sensor]
@@ -161,6 +272,8 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
if show_plot and len(data.columns) > 0:
n = len(data)
time = np.arange(n)
n_filled = len(data_filled)
time_filled = np.arange(n_filled)
plt.figure(figsize=(12, 8))
for col in data.columns:
plt.plot(
@@ -168,7 +281,7 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
)
for col in data_filled.columns:
plt.plot(
time,
time_filled,
data_filled[col].values,
marker="x",
markersize=3,
@@ -176,7 +289,7 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
linestyle="--",
)
for pos in anomaly_pos:
sensor = anomaly_details[data.index[pos]]
sensor = anomaly_details[data_filled.index[pos]]
plt.plot(pos, data_filled.iloc[pos][sensor], "ro", markersize=8)
plt.xlabel("时间点(序号)")
plt.ylabel("压力监测值")
@@ -187,16 +300,20 @@ def clean_pressure_data_df_km(data: pd.DataFrame, show_plot: bool = False) -> di
plt.figure(figsize=(12, 8))
for col in data_repaired.columns:
plt.plot(
time, data_repaired[col].values, marker="o", markersize=3, label=col
time_filled, data_repaired[col].values, marker="o", markersize=3, label=col
)
for pos in anomaly_pos:
sensor = anomaly_details[data.index[pos]]
sensor = anomaly_details[data_filled.index[pos]]
plt.plot(pos, data_repaired.iloc[pos][sensor], "go", markersize=8)
plt.xlabel("时间点(序号)")
plt.ylabel("修复后压力监测值")
plt.title("修复后各传感器折线图(绿色标记修复值)")
plt.legend()
plt.show()
plt.xlabel("时间点(序号)")
plt.ylabel("修复后压力监测值")
plt.title("修复后各传感器折线图(绿色标记修复值)")
plt.legend()
plt.show()
# 将 time 列添加回结果
if time_col_series is not None:
data_repaired.insert(0, "time", time_col_series)
# 返回清洗后的字典
return data_repaired

8
app/algorithms/data_cleaning.py
View File

@@ -1,7 +1,7 @@
import os
import app.algorithms.api_ex.Fdataclean as Fdataclean
import app.algorithms.api_ex.Pdataclean as Pdataclean
import app.algorithms.api_ex.flow_data_clean as flow_data_clean
import app.algorithms.api_ex.pressure_data_clean as pressure_data_clean
############################################################
@@ -26,7 +26,7 @@ def flow_data_clean(input_csv_file: str) -> str:
if not os.path.exists(input_csv_path):
raise FileNotFoundError(f"指定的文件不存在: {input_csv_path}")
# 调用 Fdataclean.clean_flow_data_kf 函数进行数据清洗
out_xlsx_path = Fdataclean.clean_flow_data_kf(input_csv_path)
out_xlsx_path = flow_data_clean.clean_flow_data_kf(input_csv_path)
print("清洗后的数据已保存到:", out_xlsx_path)
@@ -53,5 +53,5 @@ def pressure_data_clean(input_csv_file: str) -> str:
if not os.path.exists(input_csv_path):
raise FileNotFoundError(f"指定的文件不存在: {input_csv_path}")
# 调用 Fdataclean.clean_flow_data_kf 函数进行数据清洗
out_xlsx_path = Pdataclean.clean_pressure_data_km(input_csv_path)
out_xlsx_path = pressure_data_clean.clean_pressure_data_km(input_csv_path)
print("清洗后的数据已保存到:", out_xlsx_path)

135
app/algorithms/simulations.py
View File

@@ -5,7 +5,10 @@ from math import pi, sqrt
import pytz
import app.services.simulation as simulation
from app.algorithms.api_ex.run_simulation import run_simulation_ex, from_clock_to_seconds_2
from app.algorithms.api_ex.run_simulation import (
run_simulation_ex,
from_clock_to_seconds_2,
)
from app.native.api.project import copy_project
from app.services.epanet.epanet import Output
from app.services.scheme_management import store_scheme_info
@@ -43,7 +46,7 @@ def burst_analysis(
modify_fixed_pump_pattern: dict[str, list] = None,
modify_variable_pump_pattern: dict[str, list] = None,
modify_valve_opening: dict[str, float] = None,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
爆管模拟
@@ -55,7 +58,7 @@ def burst_analysis(
:param modify_fixed_pump_pattern: dict中包含多个水泵模式str为工频水泵的idlist为修改后的pattern
:param modify_variable_pump_pattern: dict中包含多个水泵模式str为变频水泵的idlist为修改后的pattern
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
scheme_detail: dict = {
@@ -100,6 +103,7 @@ def burst_analysis(
if isinstance(burst_ID, list):
if (burst_size is not None) and (type(burst_size) is not list):
return json.dumps("Type mismatch.")
# 转化为列表形式
elif isinstance(burst_ID, str):
burst_ID = [burst_ID]
if burst_size is not None:
@@ -169,19 +173,19 @@ def burst_analysis(
modify_fixed_pump_pattern=modify_fixed_pump_pattern,
modify_variable_pump_pattern=modify_variable_pump_pattern,
modify_valve_opening=modify_valve_opening,
scheme_Type="burst_Analysis",
scheme_Name=scheme_Name,
scheme_type="burst_analysis",
scheme_name=scheme_name,
)
# step 3. restore the base model status
# execute_undo(name) #有疑惑
if is_project_open(new_name):
close_project(new_name)
delete_project(new_name)
# return result
# 存储方案信息到 PG 数据库
store_scheme_info(
name=name,
scheme_name=scheme_Name,
scheme_type="burst_Analysis",
scheme_name=scheme_name,
scheme_type="burst_analysis",
username="admin",
scheme_start_time=modify_pattern_start_time,
scheme_detail=scheme_detail,
@@ -196,7 +200,7 @@ def valve_close_analysis(
modify_pattern_start_time: str,
modify_total_duration: int = 900,
modify_valve_opening: dict[str, float] = None,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
关阀模拟
@@ -204,7 +208,7 @@ def valve_close_analysis(
:param modify_pattern_start_time: 模拟开始时间,格式为'2024-11-25T09:00:00+08:00'
:param modify_total_duration: 模拟总历时,秒
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
print(
@@ -258,8 +262,8 @@ def valve_close_analysis(
modify_pattern_start_time=modify_pattern_start_time,
modify_total_duration=modify_total_duration,
modify_valve_opening=modify_valve_opening,
scheme_Type="valve_close_Analysis",
scheme_Name=scheme_Name,
scheme_type="valve_close_Analysis",
scheme_name=scheme_name,
)
# step 3. restore the base model
# for valve in valves:
@@ -281,7 +285,7 @@ def flushing_analysis(
modify_valve_opening: dict[str, float] = None,
drainage_node_ID: str = None,
flushing_flow: float = 0,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
管道冲洗模拟
@@ -291,9 +295,15 @@ def flushing_analysis(
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param drainage_node_ID: 冲洗排放口所在节点ID
:param flushing_flow: 冲洗水量传入参数单位为m3/h
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
scheme_detail: dict = {
"duration": modify_total_duration,
"valve_opening": modify_valve_opening,
"drainage_node_ID": drainage_node_ID,
"flushing_flow": flushing_flow,
}
print(
datetime.now(pytz.timezone("Asia/Shanghai")).strftime("%Y-%m-%d %H:%M:%S")
+ " -- Start Analysis."
@@ -335,18 +345,42 @@ def flushing_analysis(
# status['setting'] = 0.1036 * pow(valve_k, -3.105)
# cs.append(status)
# set_status(new_name,cs)
units = get_option(new_name)
options = get_option(new_name)
units = options["UNITS"]
# step 2. set the emitter coefficient of drainage node or add flush flow to the drainage node
# 新建 pattern
time_option = get_time(new_name)
hydraulic_step = time_option["HYDRAULIC TIMESTEP"]
secs = from_clock_to_seconds_2(hydraulic_step)
cs_pattern = ChangeSet()
pt = {}
factors = []
tmp_duration = modify_total_duration
while tmp_duration > 0:
factors.append(1.0)
tmp_duration = tmp_duration - secs
pt["id"] = "flushing_pt"
pt["factors"] = factors
cs_pattern.append(pt)
add_pattern(new_name, cs_pattern)
# 为 emitter_demand 添加新的 pattern
emitter_demand = get_demand(new_name, drainage_node_ID)
cs = ChangeSet()
if flushing_flow > 0:
for r in emitter_demand["demands"]:
if units == "LPS":
r["demand"] += flushing_flow / 3.6
elif units == "CMH":
r["demand"] += flushing_flow
cs.append(emitter_demand)
set_demand(new_name, cs)
if units == "LPS":
emitter_demand["demands"].append(
{
"demand": flushing_flow / 3.6,
"pattern": "flushing_pt",
"category": None,
}
)
elif units == "CMH":
emitter_demand["demands"].append(
{"demand": flushing_flow, "pattern": "flushing_pt", "category": None}
)
cs.append(emitter_demand)
set_demand(new_name, cs)
else:
pipes = get_node_links(new_name, drainage_node_ID)
flush_diameter = 50
@@ -383,14 +417,23 @@ def flushing_analysis(
modify_pattern_start_time=modify_pattern_start_time,
modify_total_duration=modify_total_duration,
modify_valve_opening=modify_valve_opening,
scheme_Type="flushing_Analysis",
scheme_Name=scheme_Name,
scheme_type="flushing_analysis",
scheme_name=scheme_name,
)
# step 4. restore the base model
if is_project_open(new_name):
close_project(new_name)
delete_project(new_name)
# return result
# 存储方案信息到 PG 数据库
store_scheme_info(
name=name,
scheme_name=scheme_name,
scheme_type="flushing_analysis",
username="admin",
scheme_start_time=modify_pattern_start_time,
scheme_detail=scheme_detail,
)
############################################################
@@ -400,11 +443,11 @@ def flushing_analysis(
def contaminant_simulation(
name: str,
modify_pattern_start_time: str, # 模拟开始时间,格式为'2024-11-25T09:00:00+08:00'
modify_total_duration: int = 900, # 模拟总历时,秒
source: str = None, # 污染源节点ID
concentration: float = None, # 污染源浓度单位mg/L
modify_total_duration: int, # 模拟总历时,秒
source: str, # 污染源节点ID
concentration: float, # 污染源浓度单位mg/L
scheme_name: str = None,
source_pattern: str = None, # 污染源时间变化模式名称
scheme_Name: str = None,
) -> None:
"""
污染模拟
@@ -412,12 +455,18 @@ def contaminant_simulation(
:param modify_pattern_start_time: 模拟开始时间,格式为'2024-11-25T09:00:00+08:00'
:param modify_total_duration: 模拟总历时,秒
:param source: 污染源所在的节点ID
:param concentration: 污染源位置处的浓度单位mg/L,即默认的污染模拟setting为concentration应改为 Set point booster
:param concentration: 污染源位置处的浓度单位mg/L默认的污染模拟setting为SOURCE_TYPE_CONCEN改为SOURCE_TYPE_SETPOINT
:param source_pattern: 污染源的时间变化模式若不传入则默认以恒定浓度持续模拟时间长度等于duration;
若传入,则格式为{1.0,0.5,1.1}等系数列表pattern_step模拟等于模型的hydraulic time step
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
scheme_detail: dict = {
"source": source,
"concentration": concentration,
"duration": modify_total_duration,
"pattern": source_pattern,
}
print(
datetime.now(pytz.timezone("Asia/Shanghai")).strftime("%Y-%m-%d %H:%M:%S")
+ " -- Start Analysis."
@@ -460,7 +509,7 @@ def contaminant_simulation(
# step 2. set pattern
if source_pattern != None:
pt = get_pattern(new_name, source_pattern)
if pt == None:
if len(pt) == 0:
str_response = str("cant find source_pattern")
return str_response
else:
@@ -481,7 +530,7 @@ def contaminant_simulation(
cs_source = ChangeSet()
source_schema = {
"node": source,
"s_type": SOURCE_TYPE_CONCEN,
"s_type": SOURCE_TYPE_SETPOINT,
"strength": concentration,
"pattern": pt["id"],
}
@@ -520,8 +569,8 @@ def contaminant_simulation(
simulation_type="extended",
modify_pattern_start_time=modify_pattern_start_time,
modify_total_duration=modify_total_duration,
scheme_Type="contaminant_Analysis",
scheme_Name=scheme_Name,
scheme_type="contaminant_analysis",
scheme_name=scheme_name,
)
# for i in range(1,operation_step):
@@ -529,7 +578,15 @@ def contaminant_simulation(
if is_project_open(new_name):
close_project(new_name)
delete_project(new_name)
# return result
# 存储方案信息到 PG 数据库
store_scheme_info(
name=name,
scheme_name=scheme_name,
scheme_type="contaminant_analysis",
username="admin",
scheme_start_time=modify_pattern_start_time,
scheme_detail=scheme_detail,
)
############################################################
@@ -617,7 +674,7 @@ def pressure_regulation(
modify_tank_initial_level: dict[str, float] = None,
modify_fixed_pump_pattern: dict[str, list] = None,
modify_variable_pump_pattern: dict[str, list] = None,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
区域调压模拟用来模拟未来15分钟内开关水泵对区域压力的影响
@@ -627,7 +684,7 @@ def pressure_regulation(
:param modify_tank_initial_level: dict中包含多个水塔str为水塔的idfloat为修改后的initial_level
:param modify_fixed_pump_pattern: dict中包含多个水泵模式str为工频水泵的idlist为修改后的pattern
:param modify_variable_pump_pattern: dict中包含多个水泵模式str为变频水泵的idlist为修改后的pattern
:param scheme_Name: 模拟方案名称
:param scheme_name: 模拟方案名称
:return:
"""
print(
@@ -679,8 +736,8 @@ def pressure_regulation(
modify_tank_initial_level=modify_tank_initial_level,
modify_fixed_pump_pattern=modify_fixed_pump_pattern,
modify_variable_pump_pattern=modify_variable_pump_pattern,
scheme_Type="pressure_regulation",
scheme_Name=scheme_Name,
scheme_type="pressure_regulation",
scheme_name=scheme_name,
)
if is_project_open(new_name):
close_project(new_name)

157
app/algorithms/valve_isolation.py
View File

@@ -1,12 +1,11 @@
from collections import defaultdict, deque
from functools import lru_cache
from typing import Any
from app.services.tjnetwork import (
get_link_properties,
get_link_type,
get_network_link_nodes,
is_link,
is_node,
get_link_properties,
)
@@ -20,38 +19,102 @@ def _parse_link_entry(link_entry: str) -> tuple[str, str, str, str]:
return parts[0], parts[1], parts[2], parts[3]
def valve_isolation_analysis(network: str, accident_element: str) -> dict[str, Any]:
@lru_cache(maxsize=16)
def _get_network_topology(network: str):
"""
关阀搜索/分析:基于拓扑结构确定事故隔离所需关阀
:param network: 模型名称
:param accident_element: 事故点(节点或管道/泵/阀门ID
:return: dict包含受影响节点、必须关闭阀门、可选阀门等信息
解析并缓存网络拓扑,大幅减少重复的 API 调用和字符串解析开销
返回:
- pipe_adj: 永久连通的管道/泵邻接表 (dict[str, set])
- all_valves: 所有阀门字典 {id: (n1, n2)}
- link_lookup: 链路快速查表 {id: (n1, n2, type)} 用于快速定位事故点
- node_set: 所有已知节点集合
"""
if is_node(network, accident_element):
start_nodes = {accident_element}
accident_type = "node"
elif is_link(network, accident_element):
accident_type = get_link_type(network, accident_element)
link_props = get_link_properties(network, accident_element)
node1 = link_props.get("node1")
node2 = link_props.get("node2")
if not node1 or not node2:
raise ValueError("Accident link missing node endpoints")
start_nodes = {node1, node2}
else:
raise ValueError("Accident element not found")
pipe_adj = defaultdict(set)
all_valves = {}
link_lookup = {}
node_set = set()
adjacency: dict[str, set[str]] = defaultdict(set)
valve_links: dict[str, tuple[str, str]] = {}
# 此处假设 get_network_link_nodes 获取全网数据
for link_entry in get_network_link_nodes(network):
link_id, link_type, node1, node2 = _parse_link_entry(link_entry)
link_type_name = str(link_type).lower()
if link_type_name == VALVE_LINK_TYPE:
valve_links[link_id] = (node1, node2)
continue
adjacency[node1].add(node2)
adjacency[node2].add(node1)
link_lookup[link_id] = (node1, node2, link_type_name)
node_set.add(node1)
node_set.add(node2)
if link_type_name == VALVE_LINK_TYPE:
all_valves[link_id] = (node1, node2)
else:
# 只有非阀门(管道/泵)才进入永久连通图
pipe_adj[node1].add(node2)
pipe_adj[node2].add(node1)
return pipe_adj, all_valves, link_lookup, node_set
def valve_isolation_analysis(
network: str, accident_elements: str | list[str], disabled_valves: list[str] = None
) -> dict[str, Any]:
"""
关阀搜索/分析:基于拓扑结构确定事故隔离所需关阀。
:param network: 模型名称
:param accident_elements: 事故点(节点或管道/泵/阀门ID可以是单个ID字符串或ID列表
:param disabled_valves: 故障/无法关闭的阀门ID列表
:return: dict包含受影响节点、必须关闭阀门、可选阀门等信息
"""
if disabled_valves is None:
disabled_valves_set = set()
else:
disabled_valves_set = set(disabled_valves)
if isinstance(accident_elements, str):
target_elements = [accident_elements]
else:
target_elements = accident_elements
# 1. 获取缓存拓扑 (极快,无 IO)
pipe_adj, all_valves, link_lookup, node_set = _get_network_topology(network)
# 2. 确定起点,优先查表避免 API 调用
start_nodes = set()
for element in target_elements:
if element in node_set:
start_nodes.add(element)
elif element in link_lookup:
n1, n2, _ = link_lookup[element]
start_nodes.add(n1)
start_nodes.add(n2)
else:
# 仅当缓存中没找到时(极少见),才回退到慢速 API
if is_node(network, element):
start_nodes.add(element)
else:
props = get_link_properties(network, element)
n1, n2 = props.get("node1"), props.get("node2")
if n1 and n2:
start_nodes.add(n1)
start_nodes.add(n2)
else:
raise ValueError(
f"Accident element {element} invalid or missing endpoints"
)
# 3. 处理故障阀门 (构建临时增量图)
# 我们不修改 cached pipe_adj而是建立一个 extra_adj
extra_adj = defaultdict(list)
boundary_valves = {} # 当前有效的边界阀门
for vid, (n1, n2) in all_valves.items():
if vid in disabled_valves_set:
# 故障阀门:视为连通管道
extra_adj[n1].append(n2)
extra_adj[n2].append(n1)
else:
# 正常阀门:视为潜在边界
boundary_valves[vid] = (n1, n2)
# 4. BFS 搜索 (叠加 pipe_adj 和 extra_adj)
affected_nodes: set[str] = set()
queue = deque(start_nodes)
while queue:
@@ -59,28 +122,44 @@ def valve_isolation_analysis(network: str, accident_element: str) -> dict[str, A
if node in affected_nodes:
continue
affected_nodes.add(node)
for neighbor in adjacency.get(node, []):
if neighbor not in affected_nodes:
queue.append(neighbor)
# 遍历永久管道邻居
if node in pipe_adj:
for neighbor in pipe_adj[node]:
if neighbor not in affected_nodes:
queue.append(neighbor)
# 遍历故障阀门带来的额外邻居
if node in extra_adj:
for neighbor in extra_adj[node]:
if neighbor not in affected_nodes:
queue.append(neighbor)
# 5. 结果聚合
must_close_valves: list[str] = []
optional_valves: list[str] = []
for valve_id, (node1, node2) in valve_links.items():
in_node1 = node1 in affected_nodes
in_node2 = node2 in affected_nodes
if in_node1 and in_node2:
for valve_id, (n1, n2) in boundary_valves.items():
in_n1 = n1 in affected_nodes
in_n2 = n2 in affected_nodes
if in_n1 and in_n2:
optional_valves.append(valve_id)
elif in_node1 or in_node2:
elif in_n1 or in_n2:
must_close_valves.append(valve_id)
must_close_valves.sort()
optional_valves.sort()
return {
"accident_element": accident_element,
"accident_type": accident_type,
result = {
"accident_elements": target_elements,
"disabled_valves": disabled_valves,
"affected_nodes": sorted(affected_nodes),
"must_close_valves": must_close_valves,
"optional_valves": optional_valves,
"isolatable": len(must_close_valves) > 0,
}
if len(target_elements) == 1:
result["accident_element"] = target_elements[0]
return result

104
app/api/v1/endpoints/audit.py Normal file
View File

@@ -0,0 +1,104 @@
"""
审计日志 API 接口
仅管理员可访问
"""
from typing import List, Optional
from uuid import UUID
from datetime import datetime
from fastapi import APIRouter, Depends, Query
from app.domain.schemas.audit import AuditLogResponse
from app.infra.repositories.audit_repository import AuditRepository
from app.auth.metadata_dependencies import (
get_current_metadata_admin,
get_current_metadata_user,
)
from app.infra.db.metadata.database import get_metadata_session
from sqlalchemy.ext.asyncio import AsyncSession
router = APIRouter()
async def get_audit_repository(
session: AsyncSession = Depends(get_metadata_session),
) -> AuditRepository:
"""获取审计日志仓储"""
return AuditRepository(session)
@router.get("/logs", response_model=List[AuditLogResponse])
async def get_audit_logs(
user_id: Optional[UUID] = Query(None, description="按用户ID过滤"),
project_id: Optional[UUID] = Query(None, description="按项目ID过滤"),
action: Optional[str] = Query(None, description="按操作类型过滤"),
resource_type: Optional[str] = Query(None, description="按资源类型过滤"),
start_time: Optional[datetime] = Query(None, description="开始时间"),
end_time: Optional[datetime] = Query(None, description="结束时间"),
skip: int = Query(0, ge=0, description="跳过记录数"),
limit: int = Query(100, ge=1, le=1000, description="限制记录数"),
current_user=Depends(get_current_metadata_admin),
audit_repo: AuditRepository = Depends(get_audit_repository),
) -> List[AuditLogResponse]:
"""
查询审计日志(仅管理员)
支持按用户、时间、操作类型等条件过滤
"""
logs = await audit_repo.get_logs(
user_id=user_id,
project_id=project_id,
action=action,
resource_type=resource_type,
start_time=start_time,
end_time=end_time,
skip=skip,
limit=limit
)
return logs
@router.get("/logs/count")
async def get_audit_logs_count(
user_id: Optional[UUID] = Query(None, description="按用户ID过滤"),
project_id: Optional[UUID] = Query(None, description="按项目ID过滤"),
action: Optional[str] = Query(None, description="按操作类型过滤"),
resource_type: Optional[str] = Query(None, description="按资源类型过滤"),
start_time: Optional[datetime] = Query(None, description="开始时间"),
end_time: Optional[datetime] = Query(None, description="结束时间"),
current_user=Depends(get_current_metadata_admin),
audit_repo: AuditRepository = Depends(get_audit_repository),
) -> dict:
"""
获取审计日志总数(仅管理员)
"""
count = await audit_repo.get_log_count(
user_id=user_id,
project_id=project_id,
action=action,
resource_type=resource_type,
start_time=start_time,
end_time=end_time
)
return {"count": count}
@router.get("/logs/my", response_model=List[AuditLogResponse])
async def get_my_audit_logs(
action: Optional[str] = Query(None, description="按操作类型过滤"),
start_time: Optional[datetime] = Query(None, description="开始时间"),
end_time: Optional[datetime] = Query(None, description="结束时间"),
skip: int = Query(0, ge=0),
limit: int = Query(100, ge=1, le=1000),
current_user=Depends(get_current_metadata_user),
audit_repo: AuditRepository = Depends(get_audit_repository),
) -> List[AuditLogResponse]:
"""
查询当前用户的审计日志
普通用户只能查看自己的操作记录
"""
logs = await audit_repo.get_logs(
user_id=current_user.id,
action=action,
start_time=start_time,
end_time=end_time,
skip=skip,
limit=limit
)
return logs

216
app/api/v1/endpoints/auth.py
View File

@@ -1,52 +1,186 @@
from typing import Annotated, List, Optional
from fastapi import APIRouter, Depends, HTTPException, Header, status
from pydantic import BaseModel
from typing import Annotated
from datetime import timedelta
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from app.core.config import settings
from app.core.security import create_access_token, create_refresh_token, verify_password
from app.domain.schemas.user import UserCreate, UserResponse, UserLogin, Token
from app.infra.repositories.user_repository import UserRepository
from app.auth.dependencies import get_user_repository, get_current_active_user
from app.domain.schemas.user import UserInDB
import logging
logger = logging.getLogger(__name__)
router = APIRouter()
# 简易令牌验证(实际项目中应替换为 JWT/OAuth2 等)
AUTH_TOKEN = "567e33c876a2" # 预设的有效令牌
WHITE_LIST = ["/docs", "/openapi.json", "/redoc", "/api/v1/auth/login/"]
async def verify_token(authorization: Annotated[str, Header()] = None):
# 检查请求头是否存在
if not authorization:
raise HTTPException(status_code=401, detail="Authorization header missing")
# 提取 Bearer 后的令牌 (格式: Bearer <token>)
try:
token_type, token = authorization.split(" ", 1)
if token_type.lower() != "bearer":
raise ValueError
except ValueError:
@router.post("/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
async def register(
user_data: UserCreate,
user_repo: UserRepository = Depends(get_user_repository)
) -> UserResponse:
"""
用户注册
创建新用户账号
"""
# 检查用户名和邮箱是否已存在
if await user_repo.user_exists(username=user_data.username):
raise HTTPException(
status_code=401, detail="Invalid authorization format. Use: Bearer <token>"
status_code=status.HTTP_400_BAD_REQUEST,
detail="Username already registered"
)
if await user_repo.user_exists(email=user_data.email):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered"
)
# 创建用户
try:
user = await user_repo.create_user(user_data)
if not user:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to create user"
)
return UserResponse.model_validate(user)
except Exception as e:
logger.error(f"Error during user registration: {e}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Registration failed"
)
# 验证令牌
if token != AUTH_TOKEN:
raise HTTPException(status_code=403, detail="Invalid authentication token")
return True
def generate_access_token(username: str, password: str) -> str:
@router.post("/login", response_model=Token)
async def login(
form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
user_repo: UserRepository = Depends(get_user_repository)
) -> Token:
"""
根据用户名和密码生成JWT access token
参数:
username: 用户名
password: 密码
返回:
JWT access token字符串
用户登录OAuth2 标准格式)
返回 JWT Access Token 和 Refresh Token
"""
# 验证用户(支持用户名或邮箱登录)
user = await user_repo.get_user_by_username(form_data.username)
if not user:
# 尝试用邮箱登录
user = await user_repo.get_user_by_email(form_data.username)
if not user or not verify_password(form_data.password, user.hashed_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Inactive user account"
)
# 生成 Token
access_token = create_access_token(subject=user.username)
refresh_token = create_refresh_token(subject=user.username)
return Token(
access_token=access_token,
refresh_token=refresh_token,
token_type="bearer",
expires_in=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
)
if username != "tjwater" or password != "tjwater@123":
raise ValueError("用户名或密码错误")
@router.post("/login/simple", response_model=Token)
async def login_simple(
username: str,
password: str,
user_repo: UserRepository = Depends(get_user_repository)
) -> Token:
"""
简化版登录接口(保持向后兼容)
直接使用 username 和 password 参数
"""
# 验证用户
user = await user_repo.get_user_by_username(username)
if not user:
user = await user_repo.get_user_by_email(username)
if not user or not verify_password(password, user.hashed_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password"
)
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Inactive user account"
)
# 生成 Token
access_token = create_access_token(subject=user.username)
refresh_token = create_refresh_token(subject=user.username)
return Token(
access_token=access_token,
refresh_token=refresh_token,
token_type="bearer",
expires_in=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
)
token = "567e33c876a2"
return token
@router.get("/me", response_model=UserResponse)
async def get_current_user_info(
current_user: UserInDB = Depends(get_current_active_user)
) -> UserResponse:
"""
获取当前登录用户信息
"""
return UserResponse.model_validate(current_user)
@router.post("/login/")
async def login(username: str, password: str) -> str:
return generate_access_token(username, password)
@router.post("/refresh", response_model=Token)
async def refresh_token(
refresh_token: str,
user_repo: UserRepository = Depends(get_user_repository)
) -> Token:
"""
刷新 Access Token
使用 Refresh Token 获取新的 Access Token
"""
from jose import jwt, JWTError
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate refresh token",
headers={"WWW-Authenticate": "Bearer"},
)
try:
payload = jwt.decode(refresh_token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
username: str = payload.get("sub")
token_type: str = payload.get("type")
if username is None or token_type != "refresh":
raise credentials_exception
except JWTError:
raise credentials_exception
# 验证用户仍然存在且激活
user = await user_repo.get_user_by_username(username)
if not user or not user.is_active:
raise credentials_exception
# 生成新的 Access Token
new_access_token = create_access_token(subject=user.username)
return Token(
access_token=new_access_token,
refresh_token=refresh_token, # 保持原 refresh token
token_type="bearer",
expires_in=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
)

4
app/api/v1/endpoints/data_query.py
View File

@@ -316,7 +316,7 @@ async def fastapi_query_all_scheme_all_records(
return loaded_dict
results = influxdb_api.query_scheme_all_record(
scheme_Type=schemetype, scheme_Name=schemename, query_date=querydate
scheme_type=schemetype, scheme_name=schemename, query_date=querydate
)
packed = msgpack.packb(results, default=encode_datetime)
redis_client.set(cache_key, packed)
@@ -334,7 +334,7 @@ async def fastapi_query_all_scheme_all_records_property(
all_results = msgpack.unpackb(data, object_hook=decode_datetime)
else:
all_results = influxdb_api.query_scheme_all_record(
scheme_Type=schemetype, scheme_Name=schemename, query_date=querydate
scheme_type=schemetype, scheme_name=schemename, query_date=querydate
)
packed = msgpack.packb(all_results, default=encode_datetime)
redis_client.set(cache_key, packed)

2
app/api/v1/endpoints/extension.py
View File

@@ -22,7 +22,7 @@ async def get_all_extension_data_endpoint(network: str) -> dict[str, Any]:
async def get_extension_data_endpoint(network: str, key: str) -> str | None:
return get_extension_data(network, key)
@router.post("/setextensiondata", response_model=None)
@router.post("/setextensiondata/", response_model=None)
async def set_extension_data_endpoint(network: str, req: Request) -> ChangeSet:
props = await req.json()
print(props)

101
app/api/v1/endpoints/meta.py Normal file
View File

@@ -0,0 +1,101 @@
import logging
from fastapi import APIRouter, Depends, HTTPException, status
from psycopg import AsyncConnection
from sqlalchemy import text
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.ext.asyncio import AsyncSession
from app.auth.project_dependencies import (
ProjectContext,
get_project_context,
get_project_pg_session,
get_project_timescale_connection,
get_metadata_repository,
)
from app.auth.metadata_dependencies import get_current_metadata_user
from app.core.config import settings
from app.domain.schemas.metadata import (
GeoServerConfigResponse,
ProjectMetaResponse,
ProjectSummaryResponse,
)
from app.infra.repositories.metadata_repository import MetadataRepository
router = APIRouter()
logger = logging.getLogger(__name__)
@router.get("/meta/project", response_model=ProjectMetaResponse)
async def get_project_metadata(
ctx: ProjectContext = Depends(get_project_context),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
):
project = await metadata_repo.get_project_by_id(ctx.project_id)
if not project:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND, detail="Project not found"
)
geoserver = await metadata_repo.get_geoserver_config(ctx.project_id)
geoserver_payload = (
GeoServerConfigResponse(
gs_base_url=geoserver.gs_base_url,
gs_admin_user=geoserver.gs_admin_user,
gs_datastore_name=geoserver.gs_datastore_name,
default_extent=geoserver.default_extent,
srid=geoserver.srid,
)
if geoserver
else None
)
return ProjectMetaResponse(
project_id=project.id,
name=project.name,
code=project.code,
description=project.description,
gs_workspace=project.gs_workspace,
status=project.status,
project_role=ctx.project_role,
geoserver=geoserver_payload,
)
@router.get("/meta/projects", response_model=list[ProjectSummaryResponse])
async def list_user_projects(
current_user=Depends(get_current_metadata_user),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
):
try:
projects = await metadata_repo.list_projects_for_user(current_user.id)
except SQLAlchemyError as exc:
logger.error(
"Metadata DB error while listing projects for user %s",
current_user.id,
exc_info=True,
)
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail=f"Metadata database error: {exc}",
) from exc
return [
ProjectSummaryResponse(
project_id=project.project_id,
name=project.name,
code=project.code,
description=project.description,
gs_workspace=project.gs_workspace,
status=project.status,
project_role=project.project_role,
)
for project in projects
]
@router.get("/meta/db/health")
async def project_db_health(
pg_session: AsyncSession = Depends(get_project_pg_session),
ts_conn: AsyncConnection = Depends(get_project_timescale_connection),
):
await pg_session.execute(text("SELECT 1"))
async with ts_conn.cursor() as cur:
await cur.execute("SELECT 1")
return {"postgres": "ok", "timescale": "ok"}

2
app/api/v1/endpoints/network/geometry.py
View File

@@ -1,7 +1,7 @@
from fastapi import APIRouter, Request, Depends
from typing import Any, List, Dict, Union
from app.services.tjnetwork import *
from app.api.v1.endpoints.auth import verify_token
from app.auth.dependencies import get_current_user as verify_token
from app.infra.cache.redis_client import redis_client, encode_datetime, decode_datetime
import msgpack

24
app/api/v1/endpoints/project.py
View File

@@ -4,6 +4,8 @@ from fastapi.responses import PlainTextResponse
from typing import Any, Dict
import app.services.project_info as project_info
from app.native.api import ChangeSet
from app.infra.db.postgresql.database import get_database_instance as get_pg_db
from app.infra.db.timescaledb.database import get_database_instance as get_ts_db
from app.services.tjnetwork import (
list_project,
have_project,
@@ -62,6 +64,28 @@ async def is_project_open_endpoint(network: str):
@router.post("/openproject/")
async def open_project_endpoint(network: str):
open_project(network)
# 尝试连接指定数据库
try:
# 初始化 PostgreSQL 连接池
pg_instance = await get_pg_db(network)
async with pg_instance.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute("SELECT 1")
# 初始化 TimescaleDB 连接池
ts_instance = await get_ts_db(network)
async with ts_instance.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute("SELECT 1")
except Exception as e:
# 记录错误但不阻断项目打开,或者根据需求决定是否阻断
# 这里选择打印错误,因为 open_project 原本只负责原生部分
print(f"Failed to connect to databases for {network}: {str(e)}")
# 如果数据库连接是必须的,可以抛出异常:
# raise HTTPException(status_code=500, detail=f"Database connection failed: {str(e)}")
return network
@router.post("/closeproject/")

109
app/api/v1/endpoints/simulation.py
View File

@@ -30,8 +30,8 @@ from app.algorithms.sensors import (
pressure_sensor_placement_sensitivity,
pressure_sensor_placement_kmeans,
)
import app.algorithms.api_ex.Fdataclean as Fdataclean
import app.algorithms.api_ex.Pdataclean as Pdataclean
import app.algorithms.api_ex.flow_data_clean as flow_data_clean
import app.algorithms.api_ex.pressure_data_clean as pressure_data_clean
from app.services.network_import import network_update
from app.services.simulation_ops import (
project_management,
@@ -60,7 +60,7 @@ class BurstAnalysis(BaseModel):
modify_fixed_pump_pattern: Optional[dict[str, list]] = None
modify_variable_pump_pattern: Optional[dict[str, list]] = None
modify_valve_opening: Optional[dict[str, float]] = None
scheme_Name: Optional[str] = None
scheme_name: Optional[str] = None
class SchedulingAnalysis(BaseModel):
@@ -78,7 +78,7 @@ class PressureRegulation(BaseModel):
pump_control: dict
tank_init_level: Optional[dict] = None
duration: Optional[int] = 900
scheme_Name: Optional[str] = None
scheme_name: Optional[str] = None
class ProjectManagement(BaseModel):
@@ -115,7 +115,15 @@ class PressureSensorPlacement(BaseModel):
def run_simulation_manually_by_date(
network_name: str, base_date: datetime, start_time: str, duration: int
) -> None:
start_hour, start_minute, start_second = map(int, start_time.split(":"))
time_parts = list(map(int, start_time.split(":")))
if len(time_parts) == 2:
start_hour, start_minute = time_parts
start_second = 0
elif len(time_parts) == 3:
start_hour, start_minute, start_second = time_parts
else:
raise ValueError("Invalid start_time format. Use HH:MM or HH:MM:SS")
start_datetime = base_date.replace(
hour=start_hour, minute=start_minute, second=start_second
)
@@ -192,19 +200,22 @@ async def burst_analysis_endpoint(
return burst_analysis(network, pipe_id, start_time, end_time, burst_flow)
@router.post("/burst_analysis/")
async def fastapi_burst_analysis(data: BurstAnalysis) -> str:
item = data.dict()
@router.get("/burst_analysis/")
async def fastapi_burst_analysis(
network: str = Query(...),
modify_pattern_start_time: str = Query(...),
burst_ID: list[str] = Query(...),
burst_size: list[float] = Query(...),
modify_total_duration: int = Query(...),
scheme_name: str = Query(...),
) -> str:
burst_analysis(
name=item["name"],
modify_pattern_start_time=item["modify_pattern_start_time"],
burst_ID=item["burst_ID"],
burst_size=item["burst_size"],
modify_total_duration=item["modify_total_duration"],
modify_fixed_pump_pattern=item["modify_fixed_pump_pattern"],
modify_variable_pump_pattern=item["modify_variable_pump_pattern"],
modify_valve_opening=item["modify_valve_opening"],
scheme_Name=item["scheme_Name"],
name=network,
modify_pattern_start_time=modify_pattern_start_time,
burst_ID=burst_ID,
burst_size=burst_size,
modify_total_duration=modify_total_duration,
scheme_name=scheme_name,
)
return "success"
@@ -232,9 +243,31 @@ async def fastapi_valve_close_analysis(
return result or "success"
@router.get("/valveisolation/")
async def valve_isolation_endpoint(network: str, accident_element: str):
return analyze_valve_isolation(network, accident_element)
@router.get("/valve_isolation_analysis/")
async def valve_isolation_endpoint(
network: str,
accident_element: List[str] = Query(...),
disabled_valves: List[str] = Query(None),
):
result = {
"accident_element": "P461309",
"accident_elements": ["P461309"],
"affected_nodes": [
"J316629_A",
"J317037_B",
"J317060_B",
"J408189_B",
"J499996",
"J524940",
"J535933",
"J58841",
],
"isolatable": True,
"must_close_valves": ["210521658", "V12974", "V12986", "V12993"],
"optional_valves": [],
}
result = analyze_valve_isolation(network, accident_element, disabled_valves)
return result
@router.get("/flushinganalysis/")
@@ -253,8 +286,11 @@ async def fastapi_flushing_analysis(
drainage_node_ID: str = Query(...),
flush_flow: float = 0,
duration: int | None = None,
scheme_name: str | None = None,
) -> str:
valve_opening = {valve_id: float(valves_k[idx]) for idx, valve_id in enumerate(valves)}
valve_opening = {
valve_id: float(valves_k[idx]) for idx, valve_id in enumerate(valves)
}
result = flushing_analysis(
name=network,
modify_pattern_start_time=start_time,
@@ -262,29 +298,25 @@ async def fastapi_flushing_analysis(
modify_valve_opening=valve_opening,
drainage_node_ID=drainage_node_ID,
flushing_flow=flush_flow,
scheme_name=scheme_name,
)
return result or "success"
@router.get("/contaminantsimulation/")
async def contaminant_simulation_endpoint(
network: str, node_id: str, start_time: str, duration: float, concentration: float
):
return contaminant_simulation(network, node_id, start_time, duration, concentration)
@router.get("/contaminant_simulation/", response_class=PlainTextResponse)
async def fastapi_contaminant_simulation(
network: str,
start_time: str,
source: str,
concentration: float,
duration: int = 900,
duration: int,
scheme_name: str | None = None,
pattern: str | None = None,
) -> str:
result = contaminant_simulation(
name=network,
modify_pattern_start_time=start_time,
scheme_name=scheme_name,
modify_total_duration=duration,
source=source,
concentration=concentration,
@@ -338,7 +370,7 @@ async def fastapi_pressure_regulation(data: PressureRegulation) -> str:
modify_tank_initial_level=item["tank_init_level"],
modify_fixed_pump_pattern=fixed_pump_pattern or None,
modify_variable_pump_pattern=variable_pump_pattern or None,
scheme_Name=item["scheme_Name"],
scheme_name=item["scheme_name"],
)
return "success"
@@ -431,9 +463,7 @@ async def fastapi_network_update(file: UploadFile = File()) -> str:
async def fastapi_pump_failure(data: PumpFailureState) -> str:
item = data.dict()
with open("./pump_failure_message.txt", "a", encoding="utf-8-sig") as f1:
f1.write(
"[{}] {}\n".format(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), item)
)
f1.write("[{}] {}\n".format(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), item))
with open("./pump_failure_status.txt", "r", encoding="utf-8-sig") as f2:
lines = f2.readlines()
first_stage_pump_status_dict = json.loads(json.dumps(eval(lines[0])))
@@ -587,11 +617,10 @@ async def fastapi_scada_device_data_cleaning(
if device_id in type_scada_data:
values = [record["value"] for record in type_scada_data[device_id]]
df[device_id] = values
value_df = df.drop(columns=["time"])
if device_type == "pressure":
cleaned_value_df = Pdataclean.clean_pressure_data_df_km(value_df)
cleaned_value_df = pressure_data_clean.clean_pressure_data_df_km(df)
elif device_type == "pipe_flow":
cleaned_value_df = Fdataclean.clean_flow_data_df_kf(value_df)
cleaned_value_df = flow_data_clean.clean_flow_data_df_kf(df)
cleaned_value_df = pd.DataFrame(cleaned_value_df)
cleaned_df = pd.concat([df["time"], cleaned_value_df], axis=1)
influxdb_api.import_multicolumn_data_from_dict(
@@ -633,13 +662,9 @@ async def fastapi_run_simulation_manually_by_date(
globals.realtime_region_pipe_flow_and_demand_id,
)
base_date = datetime.strptime(item["simulation_date"], "%Y-%m-%d")
thread = threading.Thread(
target=lambda: run_simulation_manually_by_date(
item["name"], base_date, item["start_time"], item["duration"]
)
run_simulation_manually_by_date(
item["name"], base_date, item["start_time"], item["duration"]
)
thread.start()
thread.join()
return {"status": "success"}
except Exception as exc:
return {"status": "error", "message": str(exc)}

180
app/api/v1/endpoints/user_management.py Normal file
View File

@@ -0,0 +1,180 @@
"""
用户管理 API 接口
演示权限控制的使用
"""
from typing import List
from fastapi import APIRouter, Depends, HTTPException, status
from app.domain.schemas.user import UserResponse, UserUpdate, UserCreate
from app.domain.models.role import UserRole
from app.domain.schemas.user import UserInDB
from app.infra.repositories.user_repository import UserRepository
from app.auth.dependencies import get_user_repository, get_current_active_user
from app.auth.permissions import get_current_admin, require_role, check_resource_owner
router = APIRouter()
@router.get("/", response_model=List[UserResponse])
async def list_users(
skip: int = 0,
limit: int = 100,
current_user: UserInDB = Depends(require_role(UserRole.ADMIN)),
user_repo: UserRepository = Depends(get_user_repository)
) -> List[UserResponse]:
"""
获取用户列表(仅管理员)
"""
users = await user_repo.get_all_users(skip=skip, limit=limit)
return [UserResponse.model_validate(user) for user in users]
@router.get("/{user_id}", response_model=UserResponse)
async def get_user(
user_id: int,
current_user: UserInDB = Depends(get_current_active_user),
user_repo: UserRepository = Depends(get_user_repository)
) -> UserResponse:
"""
获取用户详情
管理员可查看所有用户,普通用户只能查看自己
"""
# 检查权限
if not check_resource_owner(user_id, current_user):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="You don't have permission to view this user"
)
user = await user_repo.get_user_by_id(user_id)
if not user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
return UserResponse.model_validate(user)
@router.put("/{user_id}", response_model=UserResponse)
async def update_user(
user_id: int,
user_update: UserUpdate,
current_user: UserInDB = Depends(get_current_active_user),
user_repo: UserRepository = Depends(get_user_repository)
) -> UserResponse:
"""
更新用户信息
管理员可更新所有用户,普通用户只能更新自己(且不能修改角色)
"""
# 检查用户是否存在
target_user = await user_repo.get_user_by_id(user_id)
if not target_user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
# 权限检查
is_owner = current_user.id == user_id
is_admin = UserRole(current_user.role).has_permission(UserRole.ADMIN)
if not is_owner and not is_admin:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="You don't have permission to update this user"
)
# 非管理员不能修改角色和激活状态
if not is_admin:
if user_update.role is not None:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Only admins can change user roles"
)
if user_update.is_active is not None:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Only admins can change user active status"
)
# 更新用户
updated_user = await user_repo.update_user(user_id, user_update)
if not updated_user:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to update user"
)
return UserResponse.model_validate(updated_user)
@router.delete("/{user_id}")
async def delete_user(
user_id: int,
current_user: UserInDB = Depends(get_current_admin),
user_repo: UserRepository = Depends(get_user_repository)
) -> dict:
"""
删除用户(仅管理员)
"""
# 不能删除自己
if current_user.id == user_id:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="You cannot delete your own account"
)
success = await user_repo.delete_user(user_id)
if not success:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
return {"message": "User deleted successfully"}
@router.post("/{user_id}/activate")
async def activate_user(
user_id: int,
current_user: UserInDB = Depends(get_current_admin),
user_repo: UserRepository = Depends(get_user_repository)
) -> UserResponse:
"""
激活用户(仅管理员)
"""
user_update = UserUpdate(is_active=True)
updated_user = await user_repo.update_user(user_id, user_update)
if not updated_user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
return UserResponse.model_validate(updated_user)
@router.post("/{user_id}/deactivate")
async def deactivate_user(
user_id: int,
current_user: UserInDB = Depends(get_current_admin),
user_repo: UserRepository = Depends(get_user_repository)
) -> UserResponse:
"""
停用用户(仅管理员)
"""
# 不能停用自己
if current_user.id == user_id:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="You cannot deactivate your own account"
)
user_update = UserUpdate(is_active=False)
updated_user = await user_repo.update_user(user_id, user_update)
if not updated_user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
return UserResponse.model_validate(updated_user)

8
app/api/v1/router.py
View File

@@ -12,6 +12,9 @@ from app.api.v1.endpoints import (
misc,
risk,
cache,
user_management, # 新增:用户管理
audit, # 新增:审计日志
meta,
)
from app.api.v1.endpoints.network import (
general,
@@ -41,7 +44,10 @@ from app.infra.db.timescaledb import router as timescaledb_router
api_router = APIRouter()
# Core Services
api_router.include_router(auth.router, tags=["Auth"])
api_router.include_router(auth.router, prefix="/auth", tags=["Auth"])
api_router.include_router(user_management.router, prefix="/users", tags=["User Management"]) # 新增
api_router.include_router(audit.router, prefix="/audit", tags=["Audit Logs"]) # 新增
api_router.include_router(meta.router, tags=["Metadata"])
api_router.include_router(project.router, tags=["Project"])
# Network Elements (Node/Link Types)

91
app/auth/dependencies.py
View File

@@ -1,21 +1,100 @@
from fastapi import Depends, HTTPException, status
from typing import Annotated, Optional
from fastapi import Depends, HTTPException, status, Request
from fastapi.security import OAuth2PasswordBearer
from app.core.config import settings
from jose import jwt, JWTError
from app.core.config import settings
from app.domain.schemas.user import UserInDB, TokenPayload
from app.infra.repositories.user_repository import UserRepository
from app.infra.db.postgresql.database import Database
oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/login/access-token")
oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/auth/login")
async def get_current_user(token: str = Depends(oauth2_scheme)):
# 数据库依赖
async def get_db(request: Request) -> Database:
"""
获取数据库实例
从 FastAPI app.state 中获取在启动时初始化的数据库连接
"""
if not hasattr(request.app.state, "db"):
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Database not initialized",
)
return request.app.state.db
async def get_user_repository(db: Database = Depends(get_db)) -> UserRepository:
"""获取用户仓储实例"""
return UserRepository(db)
async def get_current_user(
token: str = Depends(oauth2_scheme),
user_repo: UserRepository = Depends(get_user_repository),
) -> UserInDB:
"""
获取当前登录用户
从 JWT Token 中解析用户信息,并从数据库验证
"""
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
try:
payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
payload = jwt.decode(
token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]
)
username: str = payload.get("sub")
token_type: str = payload.get("type", "access")
if username is None:
raise credentials_exception
if token_type != "access":
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token type. Access token required.",
headers={"WWW-Authenticate": "Bearer"},
)
except JWTError:
raise credentials_exception
return username
# 从数据库获取用户
user = await user_repo.get_user_by_username(username)
if user is None:
raise credentials_exception
return user
async def get_current_active_user(
current_user: UserInDB = Depends(get_current_user),
) -> UserInDB:
"""
获取当前活跃用户(必须是激活状态)
"""
if not current_user.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user"
)
return current_user
async def get_current_superuser(
current_user: UserInDB = Depends(get_current_user),
) -> UserInDB:
"""
获取当前超级管理员用户
"""
if not current_user.is_superuser:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not enough privileges. Superuser access required.",
)
return current_user

63
app/auth/keycloak_dependencies.py Normal file
View File

@@ -0,0 +1,63 @@
# import logging
from uuid import UUID
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt
from app.core.config import settings
oauth2_optional = OAuth2PasswordBearer(
tokenUrl=f"{settings.API_V1_STR}/auth/login", auto_error=False
)
# logger = logging.getLogger(__name__)
async def get_current_keycloak_sub(
token: str | None = Depends(oauth2_optional),
) -> UUID:
if not token:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not authenticated",
headers={"WWW-Authenticate": "Bearer"},
)
if settings.KEYCLOAK_PUBLIC_KEY:
key = settings.KEYCLOAK_PUBLIC_KEY.replace("\\n", "\n")
algorithms = [settings.KEYCLOAK_ALGORITHM]
else:
key = settings.SECRET_KEY
algorithms = [settings.ALGORITHM]
try:
payload = jwt.decode(
token,
key,
algorithms=algorithms,
audience=settings.KEYCLOAK_AUDIENCE or None,
)
except JWTError as exc:
# logger.warning("Keycloak token validation failed: %s", exc)
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token",
headers={"WWW-Authenticate": "Bearer"},
) from exc
sub = payload.get("sub")
if not sub:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Missing subject claim",
headers={"WWW-Authenticate": "Bearer"},
)
try:
return UUID(sub)
except ValueError as exc:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid subject claim",
headers={"WWW-Authenticate": "Bearer"},
) from exc

60
app/auth/metadata_dependencies.py Normal file
View File

@@ -0,0 +1,60 @@
from dataclasses import dataclass
from uuid import UUID
import logging
from fastapi import Depends, HTTPException, status
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.ext.asyncio import AsyncSession
from app.auth.keycloak_dependencies import get_current_keycloak_sub
from app.core.config import settings
from app.infra.db.metadata.database import get_metadata_session
from app.infra.repositories.metadata_repository import MetadataRepository
logger = logging.getLogger(__name__)
async def get_metadata_repository(
session: AsyncSession = Depends(get_metadata_session),
) -> MetadataRepository:
return MetadataRepository(session)
async def get_current_metadata_user(
keycloak_sub: UUID = Depends(get_current_keycloak_sub),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
):
try:
user = await metadata_repo.get_user_by_keycloak_id(keycloak_sub)
except SQLAlchemyError as exc:
logger.error(
"Metadata DB error while resolving current user",
exc_info=True,
)
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail=f"Metadata database error: {exc}",
) from exc
if not user or not user.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user"
)
return user
async def get_current_metadata_admin(
user=Depends(get_current_metadata_user),
):
if user.is_superuser or user.role == "admin":
return user
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required"
)
@dataclass(frozen=True)
class _AuthBypassUser:
id: UUID = UUID(int=0)
role: str = "admin"
is_superuser: bool = True
is_active: bool = True

106
app/auth/permissions.py Normal file
View File

@@ -0,0 +1,106 @@
"""
权限控制依赖项和装饰器
基于角色的访问控制RBAC
"""
from typing import Callable
from fastapi import Depends, HTTPException, status
from app.domain.models.role import UserRole
from app.domain.schemas.user import UserInDB
from app.auth.dependencies import get_current_active_user
def require_role(required_role: UserRole):
"""
要求特定角色或更高权限
用法:
@router.get("/admin-only")
async def admin_endpoint(user: UserInDB = Depends(require_role(UserRole.ADMIN))):
...
Args:
required_role: 需要的最低角色
Returns:
依赖函数
"""
async def role_checker(
current_user: UserInDB = Depends(get_current_active_user)
) -> UserInDB:
user_role = UserRole(current_user.role)
if not user_role.has_permission(required_role):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=f"Insufficient permissions. Required role: {required_role.value}, "
f"Your role: {user_role.value}"
)
return current_user
return role_checker
# 预定义的权限检查依赖
require_admin = require_role(UserRole.ADMIN)
require_operator = require_role(UserRole.OPERATOR)
require_user = require_role(UserRole.USER)
def get_current_admin(
current_user: UserInDB = Depends(require_admin)
) -> UserInDB:
"""
获取当前管理员用户
等同于 Depends(require_role(UserRole.ADMIN))
"""
return current_user
def get_current_operator(
current_user: UserInDB = Depends(require_operator)
) -> UserInDB:
"""
获取当前操作员用户(或更高权限)
等同于 Depends(require_role(UserRole.OPERATOR))
"""
return current_user
def check_resource_owner(user_id: int, current_user: UserInDB) -> bool:
"""
检查是否是资源拥有者或管理员
Args:
user_id: 资源拥有者ID
current_user: 当前用户
Returns:
是否有权限
"""
# 管理员可以访问所有资源
if UserRole(current_user.role).has_permission(UserRole.ADMIN):
return True
# 检查是否是资源拥有者
return current_user.id == user_id
def require_owner_or_admin(user_id: int):
"""
要求是资源拥有者或管理员
Args:
user_id: 资源拥有者ID
Returns:
依赖函数
"""
async def owner_or_admin_checker(
current_user: UserInDB = Depends(get_current_active_user)
) -> UserInDB:
if not check_resource_owner(user_id, current_user):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="You don't have permission to access this resource"
)
return current_user
return owner_or_admin_checker

213
app/auth/project_dependencies.py Normal file
View File

@@ -0,0 +1,213 @@
from dataclasses import dataclass
from typing import AsyncGenerator
from uuid import UUID
import logging
from fastapi import Depends, Header, HTTPException, status
from psycopg import AsyncConnection
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.ext.asyncio import AsyncSession
from app.auth.keycloak_dependencies import get_current_keycloak_sub
from app.core.config import settings
from app.infra.db.dynamic_manager import project_connection_manager
from app.infra.db.metadata.database import get_metadata_session
from app.infra.repositories.metadata_repository import MetadataRepository
DB_ROLE_BIZ_DATA = "biz_data"
DB_ROLE_IOT_DATA = "iot_data"
DB_TYPE_POSTGRES = "postgresql"
DB_TYPE_TIMESCALE = "timescaledb"
logger = logging.getLogger(__name__)
@dataclass(frozen=True)
class ProjectContext:
project_id: UUID
user_id: UUID
project_role: str
async def get_metadata_repository(
session: AsyncSession = Depends(get_metadata_session),
) -> MetadataRepository:
return MetadataRepository(session)
async def get_project_context(
x_project_id: str = Header(..., alias="X-Project-Id"),
keycloak_sub: UUID = Depends(get_current_keycloak_sub),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
) -> ProjectContext:
try:
project_uuid = UUID(x_project_id)
except ValueError as exc:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid project id"
) from exc
try:
project = await metadata_repo.get_project_by_id(project_uuid)
if not project:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND, detail="Project not found"
)
if project.status != "active":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Project is not active"
)
user = await metadata_repo.get_user_by_keycloak_id(keycloak_sub)
if not user:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="User not registered"
)
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user"
)
membership_role = await metadata_repo.get_membership_role(project_uuid, user.id)
if not membership_role:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="No access to project"
)
except SQLAlchemyError as exc:
logger.error(
"Metadata DB error while resolving project context",
exc_info=True,
)
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail=f"Metadata database error: {exc}",
) from exc
return ProjectContext(
project_id=project.id,
user_id=user.id,
project_role=membership_role,
)
async def get_project_pg_session(
ctx: ProjectContext = Depends(get_project_context),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
) -> AsyncGenerator[AsyncSession, None]:
try:
routing = await metadata_repo.get_project_db_routing(
ctx.project_id, DB_ROLE_BIZ_DATA
)
except ValueError as exc:
logger.error(
"Invalid project PostgreSQL routing DSN configuration",
exc_info=True,
)
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail=f"Project PostgreSQL routing DSN is invalid: {exc}",
) from exc
if not routing:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Project PostgreSQL not configured",
)
if routing.db_type != DB_TYPE_POSTGRES:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Project PostgreSQL type mismatch",
)
pool_min_size = routing.pool_min_size or settings.PROJECT_PG_POOL_SIZE
pool_max_size = routing.pool_max_size or settings.PROJECT_PG_POOL_SIZE
sessionmaker = await project_connection_manager.get_pg_sessionmaker(
ctx.project_id,
DB_ROLE_BIZ_DATA,
routing.dsn,
pool_min_size,
pool_max_size,
)
async with sessionmaker() as session:
yield session
async def get_project_pg_connection(
ctx: ProjectContext = Depends(get_project_context),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
) -> AsyncGenerator[AsyncConnection, None]:
try:
routing = await metadata_repo.get_project_db_routing(
ctx.project_id, DB_ROLE_BIZ_DATA
)
except ValueError as exc:
logger.error(
"Invalid project PostgreSQL routing DSN configuration",
exc_info=True,
)
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail=f"Project PostgreSQL routing DSN is invalid: {exc}",
) from exc
if not routing:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Project PostgreSQL not configured",
)
if routing.db_type != DB_TYPE_POSTGRES:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Project PostgreSQL type mismatch",
)
pool_min_size = routing.pool_min_size or settings.PROJECT_PG_POOL_SIZE
pool_max_size = routing.pool_max_size or settings.PROJECT_PG_POOL_SIZE
pool = await project_connection_manager.get_pg_pool(
ctx.project_id,
DB_ROLE_BIZ_DATA,
routing.dsn,
pool_min_size,
pool_max_size,
)
async with pool.connection() as conn:
yield conn
async def get_project_timescale_connection(
ctx: ProjectContext = Depends(get_project_context),
metadata_repo: MetadataRepository = Depends(get_metadata_repository),
) -> AsyncGenerator[AsyncConnection, None]:
try:
routing = await metadata_repo.get_project_db_routing(
ctx.project_id, DB_ROLE_IOT_DATA
)
except ValueError as exc:
logger.error(
"Invalid project TimescaleDB routing DSN configuration",
exc_info=True,
)
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail=f"Project TimescaleDB routing DSN is invalid: {exc}",
) from exc
if not routing:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Project TimescaleDB not configured",
)
if routing.db_type != DB_TYPE_TIMESCALE:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Project TimescaleDB type mismatch",
)
pool_min_size = routing.pool_min_size or settings.PROJECT_TS_POOL_MIN_SIZE
pool_max_size = routing.pool_max_size or settings.PROJECT_TS_POOL_MAX_SIZE
pool = await project_connection_manager.get_timescale_pool(
ctx.project_id,
DB_ROLE_IOT_DATA,
routing.dsn,
pool_min_size,
pool_max_size,
)
async with pool.connection() as conn:
yield conn

149
app/core/audit.py
View File

@@ -1,3 +1,146 @@
# Placeholder for audit logic
async def log_audit_event(event_type: str, user_id: str, details: dict):
pass
"""
审计日志模块
记录系统关键操作,用于安全审计和合规追踪
"""
from typing import Optional
from datetime import datetime
import logging
from uuid import UUID
logger = logging.getLogger(__name__)
class AuditAction:
"""审计操作类型常量"""
# 认证相关
LOGIN = "LOGIN"
LOGOUT = "LOGOUT"
REGISTER = "REGISTER"
PASSWORD_CHANGE = "PASSWORD_CHANGE"
# 数据操作
CREATE = "CREATE"
READ = "READ"
UPDATE = "UPDATE"
DELETE = "DELETE"
# 权限相关
PERMISSION_CHANGE = "PERMISSION_CHANGE"
ROLE_CHANGE = "ROLE_CHANGE"
# 系统操作
CONFIG_CHANGE = "CONFIG_CHANGE"
SYSTEM_START = "SYSTEM_START"
SYSTEM_STOP = "SYSTEM_STOP"
async def log_audit_event(
action: str,
user_id: Optional[UUID] = None,
project_id: Optional[UUID] = None,
resource_type: Optional[str] = None,
resource_id: Optional[str] = None,
ip_address: Optional[str] = None,
request_method: Optional[str] = None,
request_path: Optional[str] = None,
request_data: Optional[dict] = None,
response_status: Optional[int] = None,
session=None,
):
"""
记录审计日志
Args:
action: 操作类型
user_id: 用户ID
project_id: 项目ID
resource_type: 资源类型
resource_id: 资源ID
ip_address: IP地址
request_method: 请求方法
request_path: 请求路径
request_data: 请求数据(敏感字段需脱敏)
response_status: 响应状态码
session: 元数据库会话(可选)
"""
from app.infra.db.metadata.database import SessionLocal
from app.infra.repositories.audit_repository import AuditRepository
if request_data:
request_data = sanitize_sensitive_data(request_data)
if session is None:
async with SessionLocal() as session:
audit_repo = AuditRepository(session)
await audit_repo.create_log(
user_id=user_id,
project_id=project_id,
action=action,
resource_type=resource_type,
resource_id=resource_id,
ip_address=ip_address,
request_method=request_method,
request_path=request_path,
request_data=request_data,
response_status=response_status,
)
else:
audit_repo = AuditRepository(session)
await audit_repo.create_log(
user_id=user_id,
project_id=project_id,
action=action,
resource_type=resource_type,
resource_id=resource_id,
ip_address=ip_address,
request_method=request_method,
request_path=request_path,
request_data=request_data,
response_status=response_status,
)
logger.info(
"Audit log created: action=%s, user=%s, project=%s, resource=%s:%s",
action,
user_id,
project_id,
resource_type,
resource_id,
)
def sanitize_sensitive_data(data: dict) -> dict:
"""
脱敏敏感数据
Args:
data: 原始数据
Returns:
脱敏后的数据
"""
sensitive_fields = [
"password",
"passwd",
"pwd",
"secret",
"token",
"api_key",
"apikey",
"credit_card",
"ssn",
"social_security",
]
sanitized = data.copy()
for key in sanitized:
if isinstance(sanitized[key], dict):
sanitized[key] = sanitize_sensitive_data(sanitized[key])
elif any(sensitive in key.lower() for sensitive in sensitive_fields):
sanitized[key] = "***REDACTED***"
return sanitized

66
app/core/config.py
View File

@@ -1,12 +1,24 @@
from pydantic_settings import BaseSettings
from pathlib import Path
from urllib.parse import quote_plus
from pydantic_settings import BaseSettings, SettingsConfigDict
class Settings(BaseSettings):
PROJECT_NAME: str = "TJWater Server"
API_V1_STR: str = "/api/v1"
SECRET_KEY: str = "your-secret-key-here" # Change in production
# JWT 配置
SECRET_KEY: str = (
"your-secret-key-here-change-in-production-use-openssl-rand-hex-32"
)
ALGORITHM: str = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
REFRESH_TOKEN_EXPIRE_DAYS: int = 7
# 数据加密密钥 (使用 Fernet)
ENCRYPTION_KEY: str = "" # 必须从环境变量设置
DATABASE_ENCRYPTION_KEY: str = "" # project_databases.dsn_encrypted 专用
# Database Config (PostgreSQL)
DB_NAME: str = "tjwater"
DB_HOST: str = "localhost"
@@ -14,17 +26,57 @@ class Settings(BaseSettings):
DB_USER: str = "postgres"
DB_PASSWORD: str = "password"
# Database Config (TimescaleDB)
TIMESCALEDB_DB_NAME: str = "tjwater"
TIMESCALEDB_DB_HOST: str = "localhost"
TIMESCALEDB_DB_PORT: str = "5433"
TIMESCALEDB_DB_USER: str = "postgres"
TIMESCALEDB_DB_PASSWORD: str = "password"
# InfluxDB
INFLUXDB_URL: str = "http://localhost:8086"
INFLUXDB_TOKEN: str = "token"
INFLUXDB_ORG: str = "org"
INFLUXDB_BUCKET: str = "bucket"
# Metadata Database Config (PostgreSQL)
METADATA_DB_NAME: str = "system_hub"
METADATA_DB_HOST: str = "localhost"
METADATA_DB_PORT: str = "5432"
METADATA_DB_USER: str = "postgres"
METADATA_DB_PASSWORD: str = "password"
METADATA_DB_POOL_SIZE: int = 5
METADATA_DB_MAX_OVERFLOW: int = 10
PROJECT_PG_CACHE_SIZE: int = 50
PROJECT_TS_CACHE_SIZE: int = 50
PROJECT_PG_POOL_SIZE: int = 5
PROJECT_PG_MAX_OVERFLOW: int = 10
PROJECT_TS_POOL_MIN_SIZE: int = 1
PROJECT_TS_POOL_MAX_SIZE: int = 10
# Keycloak JWT (optional override)
KEYCLOAK_PUBLIC_KEY: str = ""
KEYCLOAK_ALGORITHM: str = "RS256"
KEYCLOAK_AUDIENCE: str = ""
@property
def SQLALCHEMY_DATABASE_URI(self) -> str:
return f"postgresql://{self.DB_USER}:{self.DB_PASSWORD}@{self.DB_HOST}:{self.DB_PORT}/{self.DB_NAME}"
class Config:
env_file = ".env"
db_password = quote_plus(self.DB_PASSWORD)
return f"postgresql://{self.DB_USER}:{db_password}@{self.DB_HOST}:{self.DB_PORT}/{self.DB_NAME}"
@property
def METADATA_DATABASE_URI(self) -> str:
metadata_password = quote_plus(self.METADATA_DB_PASSWORD)
return (
f"postgresql+psycopg://{self.METADATA_DB_USER}:{metadata_password}"
f"@{self.METADATA_DB_HOST}:{self.METADATA_DB_PORT}/{self.METADATA_DB_NAME}"
)
model_config = SettingsConfigDict(
env_file=Path(__file__).resolve().parents[2] / ".env",
extra="ignore",
)
settings = Settings()

125
app/core/encryption.py
View File

@@ -1,9 +1,126 @@
# Placeholder for encryption logic
from cryptography.fernet import Fernet
from typing import Optional
import base64
import os
from app.core.config import settings
class Encryptor:
"""
使用 Fernet (对称加密) 实现数据加密/解密
适用于加密敏感配置、用户数据等
"""
def __init__(self, key: Optional[bytes] = None):
"""
初始化加密器
Args:
key: 加密密钥,如果为 None 则从环境变量读取
"""
if key is None:
key_str = os.getenv("ENCRYPTION_KEY") or settings.ENCRYPTION_KEY
if not key_str:
raise ValueError(
"ENCRYPTION_KEY not found in environment variables or .env. "
"Generate one using: Encryptor.generate_key()"
)
key = key_str.encode()
self.fernet = Fernet(key)
def encrypt(self, data: str) -> str:
return data # Implement actual encryption
"""
加密字符串
Args:
data: 待加密的明文字符串
Returns:
Base64 编码的加密字符串
"""
if not data:
return data
encrypted_bytes = self.fernet.encrypt(data.encode())
return encrypted_bytes.decode()
def decrypt(self, data: str) -> str:
return data # Implement actual decryption
"""
解密字符串
encryptor = Encryptor()
Args:
data: Base64 编码的加密字符串
Returns:
解密后的明文字符串
"""
if not data:
return data
decrypted_bytes = self.fernet.decrypt(data.encode())
return decrypted_bytes.decode()
@staticmethod
def generate_key() -> str:
"""
生成新的 Fernet 加密密钥
Returns:
Base64 编码的密钥字符串
"""
key = Fernet.generate_key()
return key.decode()
# 全局加密器实例(懒加载)
_encryptor: Optional[Encryptor] = None
_database_encryptor: Optional[Encryptor] = None
def is_encryption_configured() -> bool:
return bool(os.getenv("ENCRYPTION_KEY") or settings.ENCRYPTION_KEY)
def is_database_encryption_configured() -> bool:
return bool(
os.getenv("DATABASE_ENCRYPTION_KEY")
or settings.DATABASE_ENCRYPTION_KEY
or os.getenv("ENCRYPTION_KEY")
or settings.ENCRYPTION_KEY
)
def get_encryptor() -> Encryptor:
"""获取全局加密器实例"""
global _encryptor
if _encryptor is None:
_encryptor = Encryptor()
return _encryptor
def get_database_encryptor() -> Encryptor:
"""获取 project DB DSN 专用加密器实例"""
global _database_encryptor
if _database_encryptor is None:
key_str = (
os.getenv("DATABASE_ENCRYPTION_KEY")
or settings.DATABASE_ENCRYPTION_KEY
or os.getenv("ENCRYPTION_KEY")
or settings.ENCRYPTION_KEY
)
if not key_str:
raise ValueError(
"DATABASE_ENCRYPTION_KEY not found in environment variables or .env. "
"Generate one using: Encryptor.generate_key()"
)
_database_encryptor = Encryptor(key=key_str.encode())
return _database_encryptor
# 向后兼容(延迟加载)
def __getattr__(name):
if name == "encryptor":
return get_encryptor()
raise AttributeError(f"module '{__name__}' has no attribute '{name}'")

80
app/core/security.py
View File

@@ -1,23 +1,91 @@
from datetime import datetime, timedelta
from typing import Optional, Union, Any
from jose import jwt
from passlib.context import CryptContext
from app.core.config import settings
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
def create_access_token(subject: Union[str, Any], expires_delta: Optional[timedelta] = None) -> str:
def create_access_token(
subject: Union[str, Any], expires_delta: Optional[timedelta] = None
) -> str:
"""
创建 JWT Access Token
Args:
subject: 用户标识通常是用户名或用户ID
expires_delta: 过期时间增量
Returns:
JWT token 字符串
"""
if expires_delta:
expire = datetime.utcnow() + expires_delta
expire = datetime.now() + expires_delta
else:
expire = datetime.utcnow() + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
to_encode = {"exp": expire, "sub": str(subject)}
encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
expire = datetime.now() + timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES
)
to_encode = {
"exp": expire,
"sub": str(subject),
"type": "access",
"iat": datetime.now(),
}
encoded_jwt = jwt.encode(
to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM
)
return encoded_jwt
def create_refresh_token(subject: Union[str, Any]) -> str:
"""
创建 JWT Refresh Token长期有效
Args:
subject: 用户标识
Returns:
JWT refresh token 字符串
"""
expire = datetime.now() + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS)
to_encode = {
"exp": expire,
"sub": str(subject),
"type": "refresh",
"iat": datetime.now(),
}
encoded_jwt = jwt.encode(
to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM
)
return encoded_jwt
def verify_password(plain_password: str, hashed_password: str) -> bool:
"""
验证密码
Args:
plain_password: 明文密码
hashed_password: 密码哈希
Returns:
是否匹配
"""
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password: str) -> str:
"""
生成密码哈希
Args:
password: 明文密码
Returns:
bcrypt 哈希字符串
"""
return pwd_context.hash(password)

36
app/domain/models/role.py Normal file
View File

@@ -0,0 +1,36 @@
from enum import Enum
class UserRole(str, Enum):
"""用户角色枚举"""
ADMIN = "ADMIN" # 管理员 - 完全权限
OPERATOR = "OPERATOR" # 操作员 - 可修改数据
USER = "USER" # 普通用户 - 读写权限
VIEWER = "VIEWER" # 观察者 - 仅查询权限
def __str__(self):
return self.value
@classmethod
def get_hierarchy(cls) -> dict:
"""
获取角色层级(数字越大权限越高)
"""
return {
cls.VIEWER: 1,
cls.USER: 2,
cls.OPERATOR: 3,
cls.ADMIN: 4,
}
def has_permission(self, required_role: 'UserRole') -> bool:
"""
检查当前角色是否有足够权限
Args:
required_role: 需要的最低角色
Returns:
True if has permission
"""
hierarchy = self.get_hierarchy()
return hierarchy[self] >= hierarchy[required_role]

45
app/domain/schemas/audit.py Normal file
View File

@@ -0,0 +1,45 @@
from datetime import datetime
from typing import Optional
from uuid import UUID
from pydantic import BaseModel, ConfigDict, Field
class AuditLogCreate(BaseModel):
"""创建审计日志"""
user_id: Optional[UUID] = None
project_id: Optional[UUID] = None
action: str
resource_type: Optional[str] = None
resource_id: Optional[str] = None
ip_address: Optional[str] = None
request_method: Optional[str] = None
request_path: Optional[str] = None
request_data: Optional[dict] = None
response_status: Optional[int] = None
class AuditLogResponse(BaseModel):
"""审计日志响应"""
id: UUID
user_id: Optional[UUID]
project_id: Optional[UUID]
action: str
resource_type: Optional[str]
resource_id: Optional[str]
ip_address: Optional[str]
request_method: Optional[str]
request_path: Optional[str]
request_data: Optional[dict]
response_status: Optional[int]
timestamp: datetime
model_config = ConfigDict(from_attributes=True)
class AuditLogQuery(BaseModel):
"""审计日志查询参数"""
user_id: Optional[UUID] = None
project_id: Optional[UUID] = None
action: Optional[str] = None
resource_type: Optional[str] = None
start_time: Optional[datetime] = None
end_time: Optional[datetime] = None
skip: int = Field(default=0, ge=0)
limit: int = Field(default=100, ge=1, le=1000)

33
app/domain/schemas/metadata.py Normal file
View File

@@ -0,0 +1,33 @@
from typing import Optional
from uuid import UUID
from pydantic import BaseModel
class GeoServerConfigResponse(BaseModel):
gs_base_url: Optional[str]
gs_admin_user: Optional[str]
gs_datastore_name: str
default_extent: Optional[dict]
srid: int
class ProjectMetaResponse(BaseModel):
project_id: UUID
name: str
code: str
description: Optional[str]
gs_workspace: str
status: str
project_role: str
geoserver: Optional[GeoServerConfigResponse]
class ProjectSummaryResponse(BaseModel):
project_id: UUID
name: str
code: str
description: Optional[str]
gs_workspace: str
status: str
project_role: str

68
app/domain/schemas/user.py Normal file
View File

@@ -0,0 +1,68 @@
from datetime import datetime
from typing import Optional
from pydantic import BaseModel, EmailStr, Field, ConfigDict
from app.domain.models.role import UserRole
# ============================================
# Request Schemas (输入)
# ============================================
class UserCreate(BaseModel):
"""用户注册"""
username: str = Field(..., min_length=3, max_length=50,
description="用户名3-50个字符")
email: EmailStr = Field(..., description="邮箱地址")
password: str = Field(..., min_length=6, max_length=100,
description="密码至少6个字符")
role: UserRole = Field(default=UserRole.USER, description="用户角色")
class UserLogin(BaseModel):
"""用户登录"""
username: str = Field(..., description="用户名或邮箱")
password: str = Field(..., description="密码")
class UserUpdate(BaseModel):
"""用户信息更新"""
email: Optional[EmailStr] = None
password: Optional[str] = Field(None, min_length=6, max_length=100)
role: Optional[UserRole] = None
is_active: Optional[bool] = None
# ============================================
# Response Schemas (输出)
# ============================================
class UserResponse(BaseModel):
"""用户信息响应(不含密码)"""
id: int
username: str
email: str
role: UserRole
is_active: bool
is_superuser: bool
created_at: datetime
updated_at: datetime
model_config = ConfigDict(from_attributes=True)
class UserInDB(UserResponse):
"""数据库中的用户(含密码哈希)"""
hashed_password: str
# ============================================
# Token Schemas
# ============================================
class Token(BaseModel):
"""JWT Token 响应"""
access_token: str
refresh_token: Optional[str] = None
token_type: str = "bearer"
expires_in: int = Field(..., description="过期时间(秒)")
class TokenPayload(BaseModel):
"""JWT Token Payload"""
sub: str = Field(..., description="用户ID或用户名")
exp: Optional[int] = None
iat: Optional[int] = None
type: str = Field(default="access", description="token类型: access 或 refresh")

224
app/infra/audit/middleware.py Normal file
View File

@@ -0,0 +1,224 @@
"""
审计日志中间件
自动记录关键HTTP请求到审计日志
"""
import time
import json
from uuid import UUID
from typing import Callable
from fastapi import Request, Response
from starlette.middleware.base import BaseHTTPMiddleware
from app.core.audit import log_audit_event, AuditAction
import logging
from jose import JWTError, jwt
from app.core.config import settings
from app.infra.db.metadata.database import SessionLocal
from app.infra.repositories.metadata_repository import MetadataRepository
logger = logging.getLogger(__name__)
class AuditMiddleware(BaseHTTPMiddleware):
"""
审计中间件
自动记录以下操作:
- 所有 POST/PUT/DELETE 请求
- 登录/登出
- 关键资源访问
"""
# 需要审计的路径前缀
AUDIT_PATHS = [
# "/api/v1/auth/",
# "/api/v1/users/",
# "/api/v1/projects/",
# "/api/v1/networks/",
]
# [新增] 需要审计的 API Tags (在 Router 或 api 函数中定义 tags=["Audit"])
AUDIT_TAGS = [
"Audit",
"Users",
"Project",
"Network General",
"Junctions",
"Pipes",
"Reservoirs",
"Tanks",
"Pumps",
"Valves",
]
# 需要审计的HTTP方法
AUDIT_METHODS = ["POST", "PUT", "DELETE", "PATCH"]
async def dispatch(self, request: Request, call_next: Callable) -> Response:
# 提取开始时间
start_time = time.time()
# 1. 预判是否需要读取Body (针对写操作)
# 注意:我们暂时移除早期的 return因为需要等待路由匹配后才能检查 Tag
should_capture_body = request.method in ["POST", "PUT", "PATCH"]
request_data = None
if should_capture_body:
try:
# 注意:读取 body 后需要重新设置,避免影响后续处理
body = await request.body()
if body:
request_data = json.loads(body.decode())
# 重新构造请求以供后续使用
async def receive():
return {"type": "http.request", "body": body}
request._receive = receive
except Exception as e:
logger.warning(f"Failed to read request body for audit: {e}")
# 2. 执行请求 (FastAPI在此过程中进行路由匹配)
response = await call_next(request)
# 3. 决定是否审计
# 检查方法
is_audit_method = request.method in self.AUDIT_METHODS
# 检查路径
is_audit_path = any(
request.url.path.startswith(path) for path in self.AUDIT_PATHS
)
# [新增] 检查 Tags (从 request.scope 中获取匹配的路由信息)
is_audit_tag = False
route = request.scope.get("route")
if route and hasattr(route, "tags"):
is_audit_tag = any(tag in self.AUDIT_TAGS for tag in route.tags)
should_audit = is_audit_method or is_audit_path or is_audit_tag
if not should_audit:
# 即便不审计,也要处理响应头中的时间(保持原有逻辑一致性)
process_time = time.time() - start_time
response.headers["X-Process-Time"] = str(process_time)
return response
# 4. 提取审计所需信息
user_id = await self._resolve_user_id(request)
project_id = self._resolve_project_id(request)
# 获取客户端信息
ip_address = request.client.host if request.client else None
# 确定操作类型
action = self._determine_action(request)
resource_type, resource_id = self._extract_resource_info(request)
# 记录审计日志
try:
await log_audit_event(
action=action,
user_id=user_id,
project_id=project_id,
resource_type=resource_type,
resource_id=resource_id,
ip_address=ip_address,
request_method=request.method,
request_path=str(request.url.path),
request_data=request_data,
response_status=response.status_code,
)
except Exception as e:
# 审计失败不应影响响应
logger.error(f"Failed to log audit event: {e}", exc_info=True)
# 添加处理时间到响应头
process_time = time.time() - start_time
response.headers["X-Process-Time"] = str(process_time)
return response
def _resolve_project_id(self, request: Request) -> UUID | None:
project_header = request.headers.get("X-Project-Id")
if not project_header:
return None
try:
return UUID(project_header)
except ValueError:
return None
async def _resolve_user_id(self, request: Request) -> UUID | None:
auth_header = request.headers.get("authorization")
if not auth_header or not auth_header.lower().startswith("bearer "):
return None
token = auth_header.split(" ", 1)[1].strip()
if not token:
return None
try:
key = (
settings.KEYCLOAK_PUBLIC_KEY.replace("\\n", "\n")
if settings.KEYCLOAK_PUBLIC_KEY
else settings.SECRET_KEY
)
algorithms = (
[settings.KEYCLOAK_ALGORITHM]
if settings.KEYCLOAK_PUBLIC_KEY
else [settings.ALGORITHM]
)
payload = jwt.decode(token, key, algorithms=algorithms)
sub = payload.get("sub")
if not sub:
return None
keycloak_id = UUID(sub)
except (JWTError, ValueError):
return None
async with SessionLocal() as session:
repo = MetadataRepository(session)
user = await repo.get_user_by_keycloak_id(keycloak_id)
if user and user.is_active:
return user.id
return None
def _determine_action(self, request: Request) -> str:
"""根据请求路径和方法确定操作类型"""
path = request.url.path.lower()
method = request.method
# 认证相关
if "login" in path:
return AuditAction.LOGIN
elif "logout" in path:
return AuditAction.LOGOUT
elif "register" in path:
return AuditAction.REGISTER
# CRUD 操作
if method == "POST":
return AuditAction.CREATE
elif method == "PUT" or method == "PATCH":
return AuditAction.UPDATE
elif method == "DELETE":
return AuditAction.DELETE
elif method == "GET":
return AuditAction.READ
return f"{method}_REQUEST"
def _extract_resource_info(self, request: Request) -> tuple:
"""从请求路径提取资源类型和ID"""
path_parts = request.url.path.strip("/").split("/")
resource_type = None
resource_id = None
# 尝试从路径中提取资源信息
# 例如: /api/v1/users/123 -> resource_type=user, resource_id=123
if len(path_parts) >= 4:
resource_type = path_parts[3].rstrip("s") # 移除复数s
if len(path_parts) >= 5 and path_parts[4].isdigit():
resource_id = path_parts[4]
return resource_type, resource_id

211
app/infra/db/dynamic_manager.py Normal file
View File

@@ -0,0 +1,211 @@
import asyncio
import logging
from collections import OrderedDict
from dataclasses import dataclass
from typing import Dict
from uuid import UUID
from psycopg_pool import AsyncConnectionPool
from psycopg.rows import dict_row
from sqlalchemy.engine.url import make_url
from sqlalchemy.ext.asyncio import (
AsyncEngine,
AsyncSession,
async_sessionmaker,
create_async_engine,
)
from app.core.config import settings
logger = logging.getLogger(__name__)
@dataclass(frozen=True)
class PgEngineEntry:
engine: AsyncEngine
sessionmaker: async_sessionmaker[AsyncSession]
@dataclass(frozen=True)
class CacheKey:
project_id: UUID
db_role: str
class ProjectConnectionManager:
def __init__(self) -> None:
self._pg_cache: Dict[CacheKey, PgEngineEntry] = OrderedDict()
self._ts_cache: Dict[CacheKey, AsyncConnectionPool] = OrderedDict()
self._pg_raw_cache: Dict[CacheKey, AsyncConnectionPool] = OrderedDict()
self._pg_lock = asyncio.Lock()
self._ts_lock = asyncio.Lock()
self._pg_raw_lock = asyncio.Lock()
def _normalize_pg_url(self, url: str) -> str:
parsed = make_url(url)
if parsed.drivername == "postgresql":
parsed = parsed.set(drivername="postgresql+psycopg")
return str(parsed)
async def get_pg_sessionmaker(
self,
project_id: UUID,
db_role: str,
connection_url: str,
pool_min_size: int,
pool_max_size: int,
) -> async_sessionmaker[AsyncSession]:
async with self._pg_lock:
key = CacheKey(project_id=project_id, db_role=db_role)
entry = self._pg_cache.get(key)
if entry:
self._pg_cache.move_to_end(key)
return entry.sessionmaker
normalized_url = self._normalize_pg_url(connection_url)
pool_min_size = max(1, pool_min_size)
pool_max_size = max(pool_min_size, pool_max_size)
engine = create_async_engine(
normalized_url,
pool_size=pool_min_size,
max_overflow=max(0, pool_max_size - pool_min_size),
pool_pre_ping=True,
)
sessionmaker = async_sessionmaker(engine, expire_on_commit=False)
self._pg_cache[key] = PgEngineEntry(
engine=engine,
sessionmaker=sessionmaker,
)
await self._evict_pg_if_needed()
logger.info(
"Created PostgreSQL engine for project %s (%s)", project_id, db_role
)
return sessionmaker
async def get_timescale_pool(
self,
project_id: UUID,
db_role: str,
connection_url: str,
pool_min_size: int,
pool_max_size: int,
) -> AsyncConnectionPool:
async with self._ts_lock:
key = CacheKey(project_id=project_id, db_role=db_role)
pool = self._ts_cache.get(key)
if pool:
self._ts_cache.move_to_end(key)
return pool
pool_min_size = max(1, pool_min_size)
pool_max_size = max(pool_min_size, pool_max_size)
pool = AsyncConnectionPool(
conninfo=connection_url,
min_size=pool_min_size,
max_size=pool_max_size,
open=False,
kwargs={"row_factory": dict_row},
)
await pool.open()
self._ts_cache[key] = pool
await self._evict_ts_if_needed()
logger.info(
"Created TimescaleDB pool for project %s (%s)", project_id, db_role
)
return pool
async def get_pg_pool(
self,
project_id: UUID,
db_role: str,
connection_url: str,
pool_min_size: int,
pool_max_size: int,
) -> AsyncConnectionPool:
async with self._pg_raw_lock:
key = CacheKey(project_id=project_id, db_role=db_role)
pool = self._pg_raw_cache.get(key)
if pool:
self._pg_raw_cache.move_to_end(key)
return pool
pool_min_size = max(1, pool_min_size)
pool_max_size = max(pool_min_size, pool_max_size)
pool = AsyncConnectionPool(
conninfo=connection_url,
min_size=pool_min_size,
max_size=pool_max_size,
open=False,
kwargs={"row_factory": dict_row},
)
await pool.open()
self._pg_raw_cache[key] = pool
await self._evict_pg_raw_if_needed()
logger.info(
"Created PostgreSQL pool for project %s (%s)", project_id, db_role
)
return pool
async def _evict_pg_if_needed(self) -> None:
while len(self._pg_cache) > settings.PROJECT_PG_CACHE_SIZE:
key, entry = self._pg_cache.popitem(last=False)
await entry.engine.dispose()
logger.info(
"Evicted PostgreSQL engine for project %s (%s)",
key.project_id,
key.db_role,
)
async def _evict_ts_if_needed(self) -> None:
while len(self._ts_cache) > settings.PROJECT_TS_CACHE_SIZE:
key, pool = self._ts_cache.popitem(last=False)
await pool.close()
logger.info(
"Evicted TimescaleDB pool for project %s (%s)",
key.project_id,
key.db_role,
)
async def _evict_pg_raw_if_needed(self) -> None:
while len(self._pg_raw_cache) > settings.PROJECT_PG_CACHE_SIZE:
key, pool = self._pg_raw_cache.popitem(last=False)
await pool.close()
logger.info(
"Evicted PostgreSQL pool for project %s (%s)",
key.project_id,
key.db_role,
)
async def close_all(self) -> None:
async with self._pg_lock:
for key, entry in list(self._pg_cache.items()):
await entry.engine.dispose()
logger.info(
"Closed PostgreSQL engine for project %s (%s)",
key.project_id,
key.db_role,
)
self._pg_cache.clear()
async with self._ts_lock:
for key, pool in list(self._ts_cache.items()):
await pool.close()
logger.info(
"Closed TimescaleDB pool for project %s (%s)",
key.project_id,
key.db_role,
)
self._ts_cache.clear()
async with self._pg_raw_lock:
for key, pool in list(self._pg_raw_cache.items()):
await pool.close()
logger.info(
"Closed PostgreSQL pool for project %s (%s)",
key.project_id,
key.db_role,
)
self._pg_raw_cache.clear()
project_connection_manager = ProjectConnectionManager()

208
app/infra/db/influxdb/api.py
View File

@@ -13,8 +13,8 @@ from typing import List, Dict
from datetime import datetime, timedelta, timezone
from influxdb_client.client.write_api import SYNCHRONOUS, ASYNCHRONOUS
from dateutil import parser
import get_realValue
import get_data
# import get_realValue
# import get_data
import psycopg
import time
import app.services.simulation as simulation
@@ -404,8 +404,8 @@ def create_and_initialize_buckets(org_name: str) -> None:
Point("link")
.tag("date", None)
.tag("ID", None)
.tag("scheme_Type", None)
.tag("scheme_Name", None)
.tag("scheme_type", None)
.tag("scheme_name", None)
.field("flow", 0.0)
.field("leakage", 0.0)
.field("velocity", 0.0)
@@ -420,8 +420,8 @@ def create_and_initialize_buckets(org_name: str) -> None:
Point("node")
.tag("date", None)
.tag("ID", None)
.tag("scheme_Type", None)
.tag("scheme_Name", None)
.tag("scheme_type", None)
.tag("scheme_name", None)
.field("head", 0.0)
.field("pressure", 0.0)
.field("actualdemand", 0.0)
@@ -436,8 +436,8 @@ def create_and_initialize_buckets(org_name: str) -> None:
.tag("date", None)
.tag("description", None)
.tag("device_ID", None)
.tag("scheme_Type", None)
.tag("scheme_Name", None)
.tag("scheme_type", None)
.tag("scheme_name", None)
.field("monitored_value", 0.0)
.field("datacleaning_value", 0.0)
.field("scheme_simulation_value", 0.0)
@@ -1811,8 +1811,8 @@ def query_SCADA_data_by_device_ID_and_time(
def query_scheme_SCADA_data_by_device_ID_and_time(
query_ids_list: List[str],
query_time: str,
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
bucket: str = "scheme_simulation_result",
) -> Dict[str, float]:
"""
@@ -1843,7 +1843,7 @@ def query_scheme_SCADA_data_by_device_ID_and_time(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["device_ID"] == "{device_id}" and r["_field"] == "monitored_value" and r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}")
|> filter(fn: (r) => r["device_ID"] == "{device_id}" and r["_field"] == "monitored_value" and r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}")
"""
# 执行查询
try:
@@ -2585,7 +2585,7 @@ def query_all_scheme_record_by_time_property(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["scheme_Name"] == "{scheme_name}" and r["_measurement"] == "{measurement}" and r["_field"] == "{property}")
|> filter(fn: (r) => r["scheme_name"] == "{scheme_name}" and r["_measurement"] == "{measurement}" and r["_field"] == "{property}")
"""
# 执行查询
tables = query_api.query(flux_query)
@@ -2635,7 +2635,7 @@ def query_scheme_simulation_result_by_ID_time(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["scheme_Name"] == "{scheme_name}" and r["_measurement"] == "node" and r["ID"] == "{ID}")
|> filter(fn: (r) => r["scheme_name"] == "{scheme_name}" and r["_measurement"] == "node" and r["ID"] == "{ID}")
|> pivot(
rowKey:["_time"],
columnKey:["_field"],
@@ -2660,7 +2660,7 @@ def query_scheme_simulation_result_by_ID_time(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["scheme_Name"] == "{scheme_name}" and r["_measurement"] == "link" and r["ID"] == "{ID}")
|> filter(fn: (r) => r["scheme_name"] == "{scheme_name}" and r["_measurement"] == "link" and r["ID"] == "{ID}")
|> pivot(
rowKey:["_time"],
columnKey:["_field"],
@@ -3227,8 +3227,8 @@ def store_scheme_simulation_result_to_influxdb(
link_result_list: List[Dict[str, any]],
scheme_start_time: str,
num_periods: int = 1,
scheme_Type: str = None,
scheme_Name: str = None,
scheme_type: str = None,
scheme_name: str = None,
bucket: str = "scheme_simulation_result",
):
"""
@@ -3237,8 +3237,8 @@ def store_scheme_simulation_result_to_influxdb(
:param link_result_list: (List[Dict[str, any]]): 包含连接和结果数据的字典列表。
:param scheme_start_time: (str): 方案模拟开始时间。
:param num_periods: (int): 方案模拟的周期数
:param scheme_Type: (str): 方案类型
:param scheme_Name: (str): 方案名称
:param scheme_type: (str): 方案类型
:param scheme_name: (str): 方案名称
:param bucket: (str): InfluxDB 的 bucket 名称,默认值为 "scheme_simulation_result"
:return:
"""
@@ -3298,8 +3298,8 @@ def store_scheme_simulation_result_to_influxdb(
Point("node")
.tag("date", date_str)
.tag("ID", node_id)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("head", data.get("head", 0.0))
.field("pressure", data.get("pressure", 0.0))
.field("actualdemand", data.get("demand", 0.0))
@@ -3322,8 +3322,8 @@ def store_scheme_simulation_result_to_influxdb(
Point("link")
.tag("date", date_str)
.tag("ID", link_id)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("flow", data.get("flow", 0.0))
.field("velocity", data.get("velocity", 0.0))
.field("headloss", data.get("headloss", 0.0))
@@ -3409,14 +3409,14 @@ def query_corresponding_query_id_and_element_id(name: str) -> None:
# 2025/03/11
def fill_scheme_simulation_result_to_SCADA(
scheme_Type: str = None,
scheme_Name: str = None,
scheme_type: str = None,
scheme_name: str = None,
query_date: str = None,
bucket: str = "scheme_simulation_result",
):
"""
:param scheme_Type: 方案类型
:param scheme_Name: 方案名称
:param scheme_type: 方案类型
:param scheme_name: 方案名称
:param query_date: 查询日期,格式为 'YYYY-MM-DD'
:param bucket: InfluxDB 的 bucket 名称,默认值为 "scheme_simulation_result"
:return:
@@ -3457,8 +3457,8 @@ def fill_scheme_simulation_result_to_SCADA(
# 查找associated_element_id的对应值
for key, value in globals.scheme_source_outflow_ids.items():
scheme_source_outflow_result = query_scheme_curve_by_ID_property(
scheme_Type=scheme_Type,
scheme_Name=scheme_Name,
scheme_type=scheme_type,
scheme_name=scheme_name,
query_date=query_date,
ID=value,
type="link",
@@ -3470,8 +3470,8 @@ def fill_scheme_simulation_result_to_SCADA(
Point("scheme_source_outflow")
.tag("date", query_date)
.tag("device_ID", key)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("monitored_value", data["value"])
.time(data["time"], write_precision="s")
)
@@ -3480,8 +3480,8 @@ def fill_scheme_simulation_result_to_SCADA(
for key, value in globals.scheme_pipe_flow_ids.items():
scheme_pipe_flow_result = query_scheme_curve_by_ID_property(
scheme_Type=scheme_Type,
scheme_Name=scheme_Name,
scheme_type=scheme_type,
scheme_name=scheme_name,
query_date=query_date,
ID=value,
type="link",
@@ -3492,8 +3492,8 @@ def fill_scheme_simulation_result_to_SCADA(
Point("scheme_pipe_flow")
.tag("date", query_date)
.tag("device_ID", key)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("monitored_value", data["value"])
.time(data["time"], write_precision="s")
)
@@ -3502,8 +3502,8 @@ def fill_scheme_simulation_result_to_SCADA(
for key, value in globals.scheme_pressure_ids.items():
scheme_pressure_result = query_scheme_curve_by_ID_property(
scheme_Type=scheme_Type,
scheme_Name=scheme_Name,
scheme_type=scheme_type,
scheme_name=scheme_name,
query_date=query_date,
ID=value,
type="node",
@@ -3514,8 +3514,8 @@ def fill_scheme_simulation_result_to_SCADA(
Point("scheme_pressure")
.tag("date", query_date)
.tag("device_ID", key)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("monitored_value", data["value"])
.time(data["time"], write_precision="s")
)
@@ -3524,8 +3524,8 @@ def fill_scheme_simulation_result_to_SCADA(
for key, value in globals.scheme_demand_ids.items():
scheme_demand_result = query_scheme_curve_by_ID_property(
scheme_Type=scheme_Type,
scheme_Name=scheme_Name,
scheme_type=scheme_type,
scheme_name=scheme_name,
query_date=query_date,
ID=value,
type="node",
@@ -3536,8 +3536,8 @@ def fill_scheme_simulation_result_to_SCADA(
Point("scheme_demand")
.tag("date", query_date)
.tag("device_ID", key)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("monitored_value", data["value"])
.time(data["time"], write_precision="s")
)
@@ -3546,8 +3546,8 @@ def fill_scheme_simulation_result_to_SCADA(
for key, value in globals.scheme_quality_ids.items():
scheme_quality_result = query_scheme_curve_by_ID_property(
scheme_Type=scheme_Type,
scheme_Name=scheme_Name,
scheme_type=scheme_type,
scheme_name=scheme_name,
query_date=query_date,
ID=value,
type="node",
@@ -3558,8 +3558,8 @@ def fill_scheme_simulation_result_to_SCADA(
Point("scheme_quality")
.tag("date", query_date)
.tag("device_ID", key)
.tag("scheme_Type", scheme_Type)
.tag("scheme_Name", scheme_Name)
.tag("scheme_type", scheme_type)
.tag("scheme_name", scheme_name)
.field("monitored_value", data["value"])
.time(data["time"], write_precision="s")
)
@@ -3629,15 +3629,15 @@ def query_SCADA_data_curve(
# 2025/02/18
def query_scheme_all_record_by_time(
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
query_time: str,
bucket: str = "scheme_simulation_result",
) -> tuple:
"""
查询指定方案某一时刻的所有记录包括node'link分别以指定格式返回。
:param scheme_Type: 方案类型
:param scheme_Name: 方案名称
:param scheme_type: 方案类型
:param scheme_name: 方案名称
:param query_time: 输入的北京时间,格式为 '2024-11-24T17:30:00+08:00'
:param bucket: 数据存储的 bucket 名称。
:return: dict: tuple: (node_records, link_records)
@@ -3660,7 +3660,7 @@ def query_scheme_all_record_by_time(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}" and r["_measurement"] == "node" or r["_measurement"] == "link")
|> filter(fn: (r) => r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}" and r["_measurement"] == "node" or r["_measurement"] == "link")
|> pivot(
rowKey:["_time"],
columnKey:["_field"],
@@ -3710,8 +3710,8 @@ def query_scheme_all_record_by_time(
# 2025/03/04
def query_scheme_all_record_by_time_property(
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
query_time: str,
type: str,
property: str,
@@ -3719,8 +3719,8 @@ def query_scheme_all_record_by_time_property(
) -> list:
"""
查询指定方案某一时刻node'link某一属性值以指定格式返回。
:param scheme_Type: 方案类型
:param scheme_Name: 方案名称
:param scheme_type: 方案类型
:param scheme_name: 方案名称
:param query_time: 输入的北京时间,格式为 '2024-11-24T17:30:00+08:00'
:param type: 查询的类型(决定 measurement
:param property: 查询的字段名称field
@@ -3752,7 +3752,7 @@ def query_scheme_all_record_by_time_property(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}" and r["_measurement"] == "{measurement}" and r["_field"] == "{property}")
|> filter(fn: (r) => r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}" and r["_measurement"] == "{measurement}" and r["_field"] == "{property}")
"""
# 执行查询
tables = query_api.query(flux_query)
@@ -3767,8 +3767,8 @@ def query_scheme_all_record_by_time_property(
# 2025/02/19
def query_scheme_curve_by_ID_property(
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
query_date: str,
ID: str,
type: str,
@@ -3776,9 +3776,9 @@ def query_scheme_curve_by_ID_property(
bucket: str = "scheme_simulation_result",
) -> list:
"""
根据scheme_Type和scheme_Name,查询该模拟方案中某一node或link的某一属性值的所有时间的结果
:param scheme_Type: 方案类型
:param scheme_Name: 方案名称
根据scheme_Type和scheme_name,查询该模拟方案中某一node或link的某一属性值的所有时间的结果
:param scheme_type: 方案类型
:param scheme_name: 方案名称
:param query_date: 查询日期,格式为 'YYYY-MM-DD'
:param ID: 元素的ID
:param type: 元素的类型node或link
@@ -3817,7 +3817,7 @@ def query_scheme_curve_by_ID_property(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {start_time}, stop: {stop_time})
|> filter(fn: (r) => r["_measurement"] == "{measurement}" and r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}" and r["ID"] == "{ID}" and r["_field"] == "{property}")
|> filter(fn: (r) => r["_measurement"] == "{measurement}" and r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}" and r["ID"] == "{ID}" and r["_field"] == "{property}")
"""
# 执行查询
tables = query_api.query(flux_query)
@@ -3832,15 +3832,15 @@ def query_scheme_curve_by_ID_property(
# 2025/02/21
def query_scheme_all_record(
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
query_date: str,
bucket: str = "scheme_simulation_result",
) -> tuple:
"""
查询指定方案的所有记录包括node'link分别以指定格式返回。
:param scheme_Type: 方案类型
:param scheme_Name: 方案名称
:param scheme_type: 方案类型
:param scheme_name: 方案名称
:param query_date: 查询日期,格式为 'YYYY-MM-DD'
:param bucket: 数据存储的 bucket 名称。
:return: dict: tuple: (node_records, link_records)
@@ -3867,7 +3867,7 @@ def query_scheme_all_record(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {utc_start_time.isoformat()}, stop: {utc_stop_time.isoformat()})
|> filter(fn: (r) => r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}" and r["_measurement"] == "node" or r["_measurement"] == "link")
|> filter(fn: (r) => r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}" and r["_measurement"] == "node" or r["_measurement"] == "link")
|> pivot(
rowKey:["_time"],
columnKey:["_field"],
@@ -3917,8 +3917,8 @@ def query_scheme_all_record(
# 2025/03/04
def query_scheme_all_record_property(
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
query_date: str,
type: str,
property: str,
@@ -3926,8 +3926,8 @@ def query_scheme_all_record_property(
) -> list:
"""
查询指定方案的node'link的某一属性值以指定格式返回。
:param scheme_Type: 方案类型
:param scheme_Name: 方案名称
:param scheme_type: 方案类型
:param scheme_name: 方案名称
:param query_date: 查询日期,格式为 'YYYY-MM-DD'
:param type: 查询的类型(决定 measurement
:param property: 查询的字段名称field
@@ -3964,7 +3964,7 @@ def query_scheme_all_record_property(
flux_query = f"""
from(bucket: "{bucket}")
|> range(start: {start_time}, stop: {stop_time})
|> filter(fn: (r) => r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}" and r["date"] == "{query_date}" and r["_measurement"] == "{measurement}" and r["_field"] == "{property}")
|> filter(fn: (r) => r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}" and r["date"] == "{query_date}" and r["_measurement"] == "{measurement}" and r["_field"] == "{property}")
"""
# 执行查询
tables = query_api.query(flux_query)
@@ -4245,8 +4245,8 @@ def export_scheme_simulation_result_to_csv_time(
link_data[key][field] = record.get_value()
link_data[key]["measurement"] = record.get_measurement()
link_data[key]["date"] = record.values.get("date", None)
link_data[key]["scheme_Type"] = record.values.get("scheme_Type", None)
link_data[key]["scheme_Name"] = record.values.get("scheme_Name", None)
link_data[key]["scheme_type"] = record.values.get("scheme_type", None)
link_data[key]["scheme_name"] = record.values.get("scheme_name", None)
# 构建 Flux 查询语句,查询指定时间范围内的数据
flux_query_node = f"""
from(bucket: "{bucket}")
@@ -4267,8 +4267,8 @@ def export_scheme_simulation_result_to_csv_time(
node_data[key][field] = record.get_value()
node_data[key]["measurement"] = record.get_measurement()
node_data[key]["date"] = record.values.get("date", None)
node_data[key]["scheme_Type"] = record.values.get("scheme_Type", None)
node_data[key]["scheme_Name"] = record.values.get("scheme_Name", None)
node_data[key]["scheme_type"] = record.values.get("scheme_type", None)
node_data[key]["scheme_name"] = record.values.get("scheme_name", None)
for key in set(link_data.keys()):
row = {"time": key[0], "ID": key[1]}
row.update(link_data.get(key, {}))
@@ -4288,8 +4288,8 @@ def export_scheme_simulation_result_to_csv_time(
"time",
"measurement",
"date",
"scheme_Type",
"scheme_Name",
"scheme_type",
"scheme_name",
"ID",
"flow",
"leakage",
@@ -4311,8 +4311,8 @@ def export_scheme_simulation_result_to_csv_time(
"time",
"measurement",
"date",
"scheme_Type",
"scheme_Name",
"scheme_type",
"scheme_name",
"ID",
"head",
"pressure",
@@ -4330,15 +4330,15 @@ def export_scheme_simulation_result_to_csv_time(
# 2025/02/18
def export_scheme_simulation_result_to_csv_scheme(
scheme_Type: str,
scheme_Name: str,
scheme_type: str,
scheme_name: str,
query_date: str,
bucket: str = "scheme_simulation_result",
) -> None:
"""
导出influxdb中scheme_simulation_result这个bucket的数据到csv中
:param scheme_Type: 查询的方案类型
:param scheme_Name: 查询的方案名
:param scheme_type: 查询的方案类型
:param scheme_name: 查询的方案名
:param query_date: 查询日期,格式为 'YYYY-MM-DD'
:param bucket: 数据存储的 bucket 名称,默认值为 "SCADA_data"
:return:
@@ -4366,7 +4366,7 @@ def export_scheme_simulation_result_to_csv_scheme(
flux_query_link = f"""
from(bucket: "{bucket}")
|> range(start: {start_time}, stop: {stop_time})
|> filter(fn: (r) => r["_measurement"] == "link" and r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}")
|> filter(fn: (r) => r["_measurement"] == "link" and r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}")
"""
# 执行查询
link_tables = query_api.query(flux_query_link)
@@ -4382,13 +4382,13 @@ def export_scheme_simulation_result_to_csv_scheme(
link_data[key][field] = record.get_value()
link_data[key]["measurement"] = record.get_measurement()
link_data[key]["date"] = record.values.get("date", None)
link_data[key]["scheme_Type"] = record.values.get("scheme_Type", None)
link_data[key]["scheme_Name"] = record.values.get("scheme_Name", None)
link_data[key]["scheme_type"] = record.values.get("scheme_type", None)
link_data[key]["scheme_name"] = record.values.get("scheme_name", None)
# 构建 Flux 查询语句,查询指定时间范围内的数据
flux_query_node = f"""
from(bucket: "{bucket}")
|> range(start: {start_time}, stop: {stop_time})
|> filter(fn: (r) => r["_measurement"] == "node" and r["scheme_Type"] == "{scheme_Type}" and r["scheme_Name"] == "{scheme_Name}")
|> filter(fn: (r) => r["_measurement"] == "node" and r["scheme_type"] == "{scheme_type}" and r["scheme_name"] == "{scheme_name}")
"""
# 执行查询
node_tables = query_api.query(flux_query_node)
@@ -4404,8 +4404,8 @@ def export_scheme_simulation_result_to_csv_scheme(
node_data[key][field] = record.get_value()
node_data[key]["measurement"] = record.get_measurement()
node_data[key]["date"] = record.values.get("date", None)
node_data[key]["scheme_Type"] = record.values.get("scheme_Type", None)
node_data[key]["scheme_Name"] = record.values.get("scheme_Name", None)
node_data[key]["scheme_type"] = record.values.get("scheme_type", None)
node_data[key]["scheme_name"] = record.values.get("scheme_name", None)
for key in set(link_data.keys()):
row = {"time": key[0], "ID": key[1]}
row.update(link_data.get(key, {}))
@@ -4416,10 +4416,10 @@ def export_scheme_simulation_result_to_csv_scheme(
node_rows.append(row)
# 动态生成 CSV 文件名
csv_filename_link = (
f"scheme_simulation_link_result_{scheme_Name}_of_{scheme_Type}.csv"
f"scheme_simulation_link_result_{scheme_name}_of_{scheme_type}.csv"
)
csv_filename_node = (
f"scheme_simulation_node_result_{scheme_Name}_of_{scheme_Type}.csv"
f"scheme_simulation_node_result_{scheme_name}_of_{scheme_type}.csv"
)
# 写入到 CSV 文件
with open(csv_filename_link, mode="w", newline="") as file:
@@ -4429,8 +4429,8 @@ def export_scheme_simulation_result_to_csv_scheme(
"time",
"measurement",
"date",
"scheme_Type",
"scheme_Name",
"scheme_type",
"scheme_name",
"ID",
"flow",
"leakage",
@@ -4452,8 +4452,8 @@ def export_scheme_simulation_result_to_csv_scheme(
"time",
"measurement",
"date",
"scheme_Type",
"scheme_Name",
"scheme_type",
"scheme_name",
"ID",
"head",
"pressure",
@@ -4878,15 +4878,15 @@ if __name__ == "__main__":
# export_scheme_simulation_result_to_csv_time(start_date='2025-02-13', end_date='2025-02-15')
# 示例9export_scheme_simulation_result_to_csv_scheme
# export_scheme_simulation_result_to_csv_scheme(scheme_Type='burst_Analysis', scheme_Name='scheme1', query_date='2025-03-10')
# export_scheme_simulation_result_to_csv_scheme(scheme_type='burst_Analysis', scheme_name='scheme1', query_date='2025-03-10')
# 示例10query_scheme_all_record_by_time
# node_records, link_records = query_scheme_all_record_by_time(scheme_Type='burst_Analysis', scheme_Name='scheme1', query_time="2025-02-14T10:30:00+08:00")
# node_records, link_records = query_scheme_all_record_by_time(scheme_type='burst_Analysis', scheme_name='scheme1', query_time="2025-02-14T10:30:00+08:00")
# print("Node 数据:", node_records)
# print("Link 数据:", link_records)
# 示例11query_scheme_curve_by_ID_property
# curve_result = query_scheme_curve_by_ID_property(scheme_Type='burst_Analysis', scheme_Name='scheme1', ID='ZBBDTZDP000022',
# curve_result = query_scheme_curve_by_ID_property(scheme_type='burst_Analysis', scheme_name='scheme1', ID='ZBBDTZDP000022',
# type='node', property='head')
# print(curve_result)
@@ -4896,7 +4896,7 @@ if __name__ == "__main__":
# print("Link 数据:", link_records)
# 示例13query_scheme_all_record
# node_records, link_records = query_scheme_all_record(scheme_Type='burst_Analysis', scheme_Name='scheme1', query_date='2025-03-10')
# node_records, link_records = query_scheme_all_record(scheme_type='burst_Analysis', scheme_name='scheme1', query_date='2025-03-10')
# print("Node 数据:", node_records)
# print("Link 数据:", link_records)
@@ -4909,16 +4909,16 @@ if __name__ == "__main__":
# print(result_records)
# 示例16query_scheme_all_record_by_time_property
# result_records = query_scheme_all_record_by_time_property(scheme_Type='burst_Analysis', scheme_Name='scheme1',
# result_records = query_scheme_all_record_by_time_property(scheme_type='burst_Analysis', scheme_name='scheme1',
# query_time='2025-02-14T10:30:00+08:00', type='node', property='head')
# print(result_records)
# 示例17query_scheme_all_record_property
# result_records = query_scheme_all_record_property(scheme_Type='burst_Analysis', scheme_Name='scheme1', query_date='2025-03-10', type='node', property='head')
# result_records = query_scheme_all_record_property(scheme_type='burst_Analysis', scheme_name='scheme1', query_date='2025-03-10', type='node', property='head')
# print(result_records)
# 示例18fill_scheme_simulation_result_to_SCADA
# fill_scheme_simulation_result_to_SCADA(scheme_Type='burst_Analysis', scheme_Name='burst0330', query_date='2025-03-30')
# fill_scheme_simulation_result_to_SCADA(scheme_type='burst_Analysis', scheme_name='burst0330', query_date='2025-03-30')
# 示例19query_SCADA_data_by_device_ID_and_timerange
# result = query_SCADA_data_by_device_ID_and_timerange(query_ids_list=globals.pressure_non_realtime_ids, start_time='2025-04-16T00:00:00+08:00',
@@ -4926,7 +4926,7 @@ if __name__ == "__main__":
# print(result)
# 示例manually_get_burst_flow
# leakage = manually_get_burst_flow(scheme_Type='burst_Analysis', scheme_Name='burst_scheme', scheme_start_time='2025-03-10T12:00:00+08:00')
# leakage = manually_get_burst_flow(scheme_type='burst_Analysis', scheme_name='burst_scheme', scheme_start_time='2025-03-10T12:00:00+08:00')
# print(leakage)
# 示例upload_cleaned_SCADA_data_to_influxdb

3
app/infra/db/metadata/__init__.py Normal file
View File

@@ -0,0 +1,3 @@
from .database import get_metadata_session, close_metadata_engine
__all__ = ["get_metadata_session", "close_metadata_engine"]

27
app/infra/db/metadata/database.py Normal file
View File

@@ -0,0 +1,27 @@
import logging
from typing import AsyncGenerator
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from app.core.config import settings
logger = logging.getLogger(__name__)
engine = create_async_engine(
settings.METADATA_DATABASE_URI,
pool_size=settings.METADATA_DB_POOL_SIZE,
max_overflow=settings.METADATA_DB_MAX_OVERFLOW,
pool_pre_ping=True,
)
SessionLocal = async_sessionmaker(engine, expire_on_commit=False)
async def get_metadata_session() -> AsyncGenerator[AsyncSession, None]:
async with SessionLocal() as session:
yield session
async def close_metadata_engine() -> None:
await engine.dispose()
logger.info("Metadata database engine disposed.")

115
app/infra/db/metadata/models.py Normal file
View File

@@ -0,0 +1,115 @@
from datetime import datetime
from uuid import UUID
from sqlalchemy import Boolean, DateTime, Integer, String, Text
from sqlalchemy.dialects.postgresql import JSONB, UUID as PGUUID
from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column
class Base(DeclarativeBase):
pass
class User(Base):
__tablename__ = "users"
id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), primary_key=True)
keycloak_id: Mapped[UUID] = mapped_column(
PGUUID(as_uuid=True), unique=True, index=True
)
username: Mapped[str] = mapped_column(String(50), unique=True)
email: Mapped[str] = mapped_column(String(100), unique=True)
role: Mapped[str] = mapped_column(String(20), default="user")
is_active: Mapped[bool] = mapped_column(Boolean, default=True)
is_superuser: Mapped[bool] = mapped_column(Boolean, default=False)
attributes: Mapped[dict | None] = mapped_column(JSONB, nullable=True)
created_at: Mapped[datetime] = mapped_column(
DateTime(timezone=True), default=datetime.utcnow
)
updated_at: Mapped[datetime] = mapped_column(
DateTime(timezone=True), default=datetime.utcnow
)
last_login_at: Mapped[datetime | None] = mapped_column(
DateTime(timezone=True), nullable=True
)
class Project(Base):
__tablename__ = "projects"
id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), primary_key=True)
name: Mapped[str] = mapped_column(String(100))
code: Mapped[str] = mapped_column(String(50), unique=True)
description: Mapped[str | None] = mapped_column(Text, nullable=True)
gs_workspace: Mapped[str] = mapped_column(String(100), unique=True)
status: Mapped[str] = mapped_column(String(20), default="active")
created_at: Mapped[datetime] = mapped_column(
DateTime(timezone=True), default=datetime.utcnow
)
updated_at: Mapped[datetime] = mapped_column(
DateTime(timezone=True), default=datetime.utcnow
)
class ProjectDatabase(Base):
__tablename__ = "project_databases"
id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), primary_key=True)
project_id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), index=True)
db_role: Mapped[str] = mapped_column(String(20))
db_type: Mapped[str] = mapped_column(String(20))
dsn_encrypted: Mapped[str] = mapped_column(Text)
pool_min_size: Mapped[int] = mapped_column(Integer, default=2)
pool_max_size: Mapped[int] = mapped_column(Integer, default=10)
class ProjectGeoServerConfig(Base):
__tablename__ = "project_geoserver_configs"
id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), primary_key=True)
project_id: Mapped[UUID] = mapped_column(
PGUUID(as_uuid=True), unique=True, index=True
)
gs_base_url: Mapped[str | None] = mapped_column(Text, nullable=True)
gs_admin_user: Mapped[str | None] = mapped_column(String(50), nullable=True)
gs_admin_password_encrypted: Mapped[str | None] = mapped_column(
Text, nullable=True
)
gs_datastore_name: Mapped[str] = mapped_column(String(100), default="ds_postgis")
default_extent: Mapped[dict | None] = mapped_column(JSONB, nullable=True)
srid: Mapped[int] = mapped_column(Integer, default=4326)
updated_at: Mapped[datetime] = mapped_column(
DateTime(timezone=True), default=datetime.utcnow
)
class UserProjectMembership(Base):
__tablename__ = "user_project_membership"
id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), primary_key=True)
user_id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), index=True)
project_id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), index=True)
project_role: Mapped[str] = mapped_column(String(20), default="viewer")
class AuditLog(Base):
__tablename__ = "audit_logs"
id: Mapped[UUID] = mapped_column(PGUUID(as_uuid=True), primary_key=True)
user_id: Mapped[UUID | None] = mapped_column(
PGUUID(as_uuid=True), nullable=True, index=True
)
project_id: Mapped[UUID | None] = mapped_column(
PGUUID(as_uuid=True), nullable=True, index=True
)
action: Mapped[str] = mapped_column(String(50))
resource_type: Mapped[str | None] = mapped_column(String(50), nullable=True)
resource_id: Mapped[str | None] = mapped_column(String(100), nullable=True)
ip_address: Mapped[str | None] = mapped_column(String(45), nullable=True)
request_method: Mapped[str | None] = mapped_column(String(10), nullable=True)
request_path: Mapped[str | None] = mapped_column(Text, nullable=True)
request_data: Mapped[dict | None] = mapped_column(JSONB, nullable=True)
response_status: Mapped[int | None] = mapped_column(Integer, nullable=True)
timestamp: Mapped[datetime] = mapped_column(
DateTime(timezone=True), default=datetime.utcnow
)

11
app/infra/db/postgresql/database.py
View File

@@ -17,7 +17,14 @@ class Database:
def init_pool(self, db_name=None):
"""Initialize the connection pool."""
# Use provided db_name, or the one from constructor, or default from config
conn_string = postgresql_info.get_pgconn_string()
target_db_name = db_name or self.db_name
# Get connection string, handling default case where target_db_name might be None
if target_db_name:
conn_string = postgresql_info.get_pgconn_string(db_name=target_db_name)
else:
conn_string = postgresql_info.get_pgconn_string()
try:
self.pool = psycopg_pool.AsyncConnectionPool(
conninfo=conn_string,
@@ -26,7 +33,7 @@ class Database:
open=False, # Don't open immediately, wait for startup
kwargs={"row_factory": dict_row}, # Return rows as dictionaries
)
logger.info(f"PostgreSQL connection pool initialized for database: default")
logger.info(f"PostgreSQL connection pool initialized for database: {target_db_name or 'default'}")
except Exception as e:
logger.error(f"Failed to initialize postgresql connection pool: {e}")
raise

16
app/infra/db/postgresql/router.py
View File

@@ -1,24 +1,18 @@
from fastapi import APIRouter, Depends, HTTPException, Query
from typing import Optional
from fastapi import APIRouter, Depends, HTTPException
from psycopg import AsyncConnection
from .database import get_database_instance
from .scada_info import ScadaRepository
from .scheme import SchemeRepository
from app.auth.project_dependencies import get_project_pg_connection
router = APIRouter()
# 创建支持数据库选择的连接依赖函数
# 动态项目 PostgreSQL 连接依赖
async def get_database_connection(
db_name: Optional[str] = Query(
None, description="指定要连接的数据库名称,为空时使用默认数据库"
)
conn: AsyncConnection = Depends(get_project_pg_connection),
):
"""获取数据库连接,支持通过查询参数指定数据库名称"""
instance = await get_database_instance(db_name)
async with instance.get_connection() as conn:
yield conn
yield conn
@router.get("/scada-info")

16
app/infra/db/timescaledb/composite_queries.py
View File

@@ -4,8 +4,8 @@ from datetime import datetime, timedelta
from psycopg import AsyncConnection
import pandas as pd
import numpy as np
from app.algorithms.api_ex.Fdataclean import clean_flow_data_df_kf
from app.algorithms.api_ex.Pdataclean import clean_pressure_data_df_km
from app.algorithms.api_ex.flow_data_clean import clean_flow_data_df_kf
from app.algorithms.api_ex.pressure_data_clean import clean_pressure_data_df_km
from app.algorithms.api_ex.pipeline_health_analyzer import PipelineHealthAnalyzer
from app.infra.db.postgresql.internal_queries import InternalQueries
@@ -405,12 +405,8 @@ class CompositeQueries:
pressure_df = df[pressure_ids]
# 重置索引,将 time 变为普通列
pressure_df = pressure_df.reset_index()
# 移除 time 列,准备输入给清洗方法
value_df = pressure_df.drop(columns=["time"])
# 调用清洗方法
cleaned_value_df = clean_pressure_data_df_km(value_df)
# 添加 time 列到首列
cleaned_df = pd.concat([pressure_df["time"], cleaned_value_df], axis=1)
cleaned_df = clean_pressure_data_df_km(pressure_df)
# 将清洗后的数据写回数据库
for device_id in pressure_ids:
if device_id in cleaned_df.columns:
@@ -432,12 +428,8 @@ class CompositeQueries:
flow_df = df[flow_ids]
# 重置索引,将 time 变为普通列
flow_df = flow_df.reset_index()
# 移除 time 列,准备输入给清洗方法
value_df = flow_df.drop(columns=["time"])
# 调用清洗方法
cleaned_value_df = clean_flow_data_df_kf(value_df)
# 添加 time 列到首列
cleaned_df = pd.concat([flow_df["time"], cleaned_value_df], axis=1)
cleaned_df = clean_flow_data_df_kf(flow_df)
# 将清洗后的数据写回数据库
for device_id in flow_ids:
if device_id in cleaned_df.columns:

15
app/infra/db/timescaledb/database.py
View File

@@ -17,7 +17,14 @@ class Database:
def init_pool(self, db_name=None):
"""Initialize the connection pool."""
# Use provided db_name, or the one from constructor, or default from config
conn_string = timescaledb_info.get_pgconn_string()
target_db_name = db_name or self.db_name
# Get connection string, handling default case where target_db_name might be None
if target_db_name:
conn_string = timescaledb_info.get_pgconn_string(db_name=target_db_name)
else:
conn_string = timescaledb_info.get_pgconn_string()
try:
self.pool = psycopg_pool.AsyncConnectionPool(
conninfo=conn_string,
@@ -27,7 +34,7 @@ class Database:
kwargs={"row_factory": dict_row}, # Return rows as dictionaries
)
logger.info(
f"TimescaleDB connection pool initialized for database: default"
f"TimescaleDB connection pool initialized for database: {target_db_name or 'default'}"
)
except Exception as e:
logger.error(f"Failed to initialize TimescaleDB connection pool: {e}")
@@ -46,7 +53,9 @@ class Database:
def get_pgconn_string(self, db_name=None):
"""Get the TimescaleDB connection string."""
target_db_name = db_name or self.db_name
return timescaledb_info.get_pgconn_string(db_name=target_db_name)
if target_db_name:
return timescaledb_info.get_pgconn_string(db_name=target_db_name)
return timescaledb_info.get_pgconn_string()
@asynccontextmanager
async def get_connection(self) -> AsyncGenerator:

32
app/infra/db/timescaledb/router.py
View File

@@ -1,40 +1,32 @@
from fastapi import APIRouter, Depends, HTTPException, Query
from typing import List, Optional
from typing import List
from datetime import datetime
from psycopg import AsyncConnection
from .database import get_database_instance
from .schemas.realtime import RealtimeRepository
from .schemas.scheme import SchemeRepository
from .schemas.scada import ScadaRepository
from .composite_queries import CompositeQueries
from app.infra.db.postgresql.database import get_database_instance as get_postgres_database_instance
from app.auth.project_dependencies import (
get_project_pg_connection,
get_project_timescale_connection,
)
router = APIRouter()
# 创建支持数据库选择的连接依赖函数
# 动态项目 TimescaleDB 连接依赖
async def get_database_connection(
db_name: Optional[str] = Query(
None, description="指定要连接的数据库名称,为空时使用默认数据库"
)
conn: AsyncConnection = Depends(get_project_timescale_connection),
):
"""获取数据库连接,支持通过查询参数指定数据库名称"""
instance = await get_database_instance(db_name)
async with instance.get_connection() as conn:
yield conn
yield conn
# PostgreSQL 数据库连接依赖函数
# 动态项目 PostgreSQL 连接依赖
async def get_postgres_connection(
db_name: Optional[str] = Query(
None, description="指定要连接的 PostgreSQL 数据库名称,为空时使用默认数据库"
)
conn: AsyncConnection = Depends(get_project_pg_connection),
):
"""获取 PostgreSQL 数据库连接,支持通过查询参数指定数据库名称"""
instance = await get_postgres_database_instance(db_name)
async with instance.get_connection() as conn:
yield conn
yield conn
# --- Realtime Endpoints ---
@@ -152,7 +144,7 @@ async def query_realtime_simulation_by_id_time(
results = await RealtimeRepository.query_simulation_result_by_id_time(
conn, id, type, query_time
)
return {"results": results}
return {"result": results}
except ValueError as e:
raise HTTPException(status_code=400, detail=str(e))

112
app/infra/repositories/audit_repository.py Normal file
View File

@@ -0,0 +1,112 @@
from datetime import datetime
from typing import Optional, List
from uuid import UUID
from sqlalchemy import func, select
from sqlalchemy.ext.asyncio import AsyncSession
from app.domain.schemas.audit import AuditLogResponse
from app.infra.db.metadata import models
class AuditRepository:
"""审计日志数据访问层system_hub"""
def __init__(self, session: AsyncSession):
self.session = session
async def create_log(
self,
action: str,
user_id: Optional[UUID] = None,
project_id: Optional[UUID] = None,
resource_type: Optional[str] = None,
resource_id: Optional[str] = None,
ip_address: Optional[str] = None,
request_method: Optional[str] = None,
request_path: Optional[str] = None,
request_data: Optional[dict] = None,
response_status: Optional[int] = None,
) -> AuditLogResponse:
log = models.AuditLog(
user_id=user_id,
project_id=project_id,
action=action,
resource_type=resource_type,
resource_id=resource_id,
ip_address=ip_address,
request_method=request_method,
request_path=request_path,
request_data=request_data,
response_status=response_status,
timestamp=datetime.utcnow(),
)
self.session.add(log)
await self.session.commit()
await self.session.refresh(log)
return AuditLogResponse.model_validate(log)
async def get_logs(
self,
user_id: Optional[UUID] = None,
project_id: Optional[UUID] = None,
action: Optional[str] = None,
resource_type: Optional[str] = None,
start_time: Optional[datetime] = None,
end_time: Optional[datetime] = None,
skip: int = 0,
limit: int = 100,
) -> List[AuditLogResponse]:
conditions = []
if user_id is not None:
conditions.append(models.AuditLog.user_id == user_id)
if project_id is not None:
conditions.append(models.AuditLog.project_id == project_id)
if action:
conditions.append(models.AuditLog.action == action)
if resource_type:
conditions.append(models.AuditLog.resource_type == resource_type)
if start_time:
conditions.append(models.AuditLog.timestamp >= start_time)
if end_time:
conditions.append(models.AuditLog.timestamp <= end_time)
stmt = (
select(models.AuditLog)
.where(*conditions)
.order_by(models.AuditLog.timestamp.desc())
.offset(skip)
.limit(limit)
)
result = await self.session.execute(stmt)
return [
AuditLogResponse.model_validate(log)
for log in result.scalars().all()
]
async def get_log_count(
self,
user_id: Optional[UUID] = None,
project_id: Optional[UUID] = None,
action: Optional[str] = None,
resource_type: Optional[str] = None,
start_time: Optional[datetime] = None,
end_time: Optional[datetime] = None,
) -> int:
conditions = []
if user_id is not None:
conditions.append(models.AuditLog.user_id == user_id)
if project_id is not None:
conditions.append(models.AuditLog.project_id == project_id)
if action:
conditions.append(models.AuditLog.action == action)
if resource_type:
conditions.append(models.AuditLog.resource_type == resource_type)
if start_time:
conditions.append(models.AuditLog.timestamp >= start_time)
if end_time:
conditions.append(models.AuditLog.timestamp <= end_time)
stmt = select(func.count()).select_from(models.AuditLog).where(*conditions)
result = await self.session.execute(stmt)
return int(result.scalar() or 0)

197
app/infra/repositories/metadata_repository.py Normal file
View File

@@ -0,0 +1,197 @@
from dataclasses import dataclass
from typing import Optional, List
from uuid import UUID
from cryptography.fernet import InvalidToken
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.encryption import (
get_database_encryptor,
get_encryptor,
is_database_encryption_configured,
is_encryption_configured,
)
from app.infra.db.metadata import models
def _normalize_postgres_dsn(dsn: str) -> str:
if not dsn or "://" not in dsn:
return dsn
scheme, rest = dsn.split("://", 1)
if scheme not in ("postgresql", "postgres", "postgresql+psycopg"):
return dsn
if "@" not in rest:
return dsn
userinfo, hostinfo = rest.rsplit("@", 1)
if ":" not in userinfo:
return dsn
username, password = userinfo.split(":", 1)
if "@" not in password:
return dsn
password = password.replace("@", "%40")
return f"{scheme}://{username}:{password}@{hostinfo}"
@dataclass(frozen=True)
class ProjectDbRouting:
project_id: UUID
db_role: str
db_type: str
dsn: str
pool_min_size: int
pool_max_size: int
@dataclass(frozen=True)
class ProjectGeoServerInfo:
project_id: UUID
gs_base_url: Optional[str]
gs_admin_user: Optional[str]
gs_admin_password: Optional[str]
gs_datastore_name: str
default_extent: Optional[dict]
srid: int
@dataclass(frozen=True)
class ProjectSummary:
project_id: UUID
name: str
code: str
description: Optional[str]
gs_workspace: str
status: str
project_role: str
class MetadataRepository:
"""元数据访问层system_hub"""
def __init__(self, session: AsyncSession):
self.session = session
async def get_user_by_keycloak_id(self, keycloak_id: UUID) -> Optional[models.User]:
result = await self.session.execute(
select(models.User).where(models.User.keycloak_id == keycloak_id)
)
return result.scalar_one_or_none()
async def get_project_by_id(self, project_id: UUID) -> Optional[models.Project]:
result = await self.session.execute(
select(models.Project).where(models.Project.id == project_id)
)
return result.scalar_one_or_none()
async def get_membership_role(
self, project_id: UUID, user_id: UUID
) -> Optional[str]:
result = await self.session.execute(
select(models.UserProjectMembership.project_role).where(
models.UserProjectMembership.project_id == project_id,
models.UserProjectMembership.user_id == user_id,
)
)
return result.scalar_one_or_none()
async def get_project_db_routing(
self, project_id: UUID, db_role: str
) -> Optional[ProjectDbRouting]:
result = await self.session.execute(
select(models.ProjectDatabase).where(
models.ProjectDatabase.project_id == project_id,
models.ProjectDatabase.db_role == db_role,
)
)
record = result.scalar_one_or_none()
if not record:
return None
if not is_database_encryption_configured():
raise ValueError("DATABASE_ENCRYPTION_KEY is not configured")
encryptor = get_database_encryptor()
try:
dsn = encryptor.decrypt(record.dsn_encrypted)
except InvalidToken:
raise ValueError(
"Failed to decrypt project DB DSN: DATABASE_ENCRYPTION_KEY mismatch "
"or invalid dsn_encrypted value"
)
dsn = _normalize_postgres_dsn(dsn)
return ProjectDbRouting(
project_id=record.project_id,
db_role=record.db_role,
db_type=record.db_type,
dsn=dsn,
pool_min_size=record.pool_min_size,
pool_max_size=record.pool_max_size,
)
async def get_geoserver_config(
self, project_id: UUID
) -> Optional[ProjectGeoServerInfo]:
result = await self.session.execute(
select(models.ProjectGeoServerConfig).where(
models.ProjectGeoServerConfig.project_id == project_id
)
)
record = result.scalar_one_or_none()
if not record:
return None
if record.gs_admin_password_encrypted:
if is_encryption_configured():
encryptor = get_encryptor()
password = encryptor.decrypt(record.gs_admin_password_encrypted)
else:
password = record.gs_admin_password_encrypted
else:
password = None
return ProjectGeoServerInfo(
project_id=record.project_id,
gs_base_url=record.gs_base_url,
gs_admin_user=record.gs_admin_user,
gs_admin_password=password,
gs_datastore_name=record.gs_datastore_name,
default_extent=record.default_extent,
srid=record.srid,
)
async def list_projects_for_user(self, user_id: UUID) -> List[ProjectSummary]:
stmt = (
select(models.Project, models.UserProjectMembership.project_role)
.join(
models.UserProjectMembership,
models.UserProjectMembership.project_id == models.Project.id,
)
.where(models.UserProjectMembership.user_id == user_id)
.order_by(models.Project.name)
)
result = await self.session.execute(stmt)
return [
ProjectSummary(
project_id=project.id,
name=project.name,
code=project.code,
description=project.description,
gs_workspace=project.gs_workspace,
status=project.status,
project_role=role,
)
for project, role in result.all()
]
async def list_all_projects(self) -> List[ProjectSummary]:
result = await self.session.execute(
select(models.Project).order_by(models.Project.name)
)
return [
ProjectSummary(
project_id=project.id,
name=project.name,
code=project.code,
description=project.description,
gs_workspace=project.gs_workspace,
status=project.status,
project_role="owner",
)
for project in result.scalars().all()
]

235
app/infra/repositories/user_repository.py Normal file
View File

@@ -0,0 +1,235 @@
from typing import Optional, List
from datetime import datetime
from app.infra.db.postgresql.database import Database
from app.domain.schemas.user import UserCreate, UserUpdate, UserInDB
from app.domain.models.role import UserRole
from app.core.security import get_password_hash
import logging
logger = logging.getLogger(__name__)
class UserRepository:
"""用户数据访问层"""
def __init__(self, db: Database):
self.db = db
async def create_user(self, user: UserCreate) -> Optional[UserInDB]:
"""
创建新用户
Args:
user: 用户创建数据
Returns:
创建的用户对象
"""
hashed_password = get_password_hash(user.password)
query = """
INSERT INTO users (username, email, hashed_password, role, is_active, is_superuser)
VALUES (%(username)s, %(email)s, %(hashed_password)s, %(role)s, TRUE, FALSE)
RETURNING id, username, email, hashed_password, role, is_active, is_superuser,
created_at, updated_at
"""
try:
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, {
'username': user.username,
'email': user.email,
'hashed_password': hashed_password,
'role': user.role.value
})
row = await cur.fetchone()
if row:
return UserInDB(**row)
except Exception as e:
logger.error(f"Error creating user: {e}")
raise
return None
async def get_user_by_id(self, user_id: int) -> Optional[UserInDB]:
"""根据ID获取用户"""
query = """
SELECT id, username, email, hashed_password, role, is_active, is_superuser,
created_at, updated_at
FROM users
WHERE id = %(user_id)s
"""
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, {'user_id': user_id})
row = await cur.fetchone()
if row:
return UserInDB(**row)
return None
async def get_user_by_username(self, username: str) -> Optional[UserInDB]:
"""根据用户名获取用户"""
query = """
SELECT id, username, email, hashed_password, role, is_active, is_superuser,
created_at, updated_at
FROM users
WHERE username = %(username)s
"""
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, {'username': username})
row = await cur.fetchone()
if row:
return UserInDB(**row)
return None
async def get_user_by_email(self, email: str) -> Optional[UserInDB]:
"""根据邮箱获取用户"""
query = """
SELECT id, username, email, hashed_password, role, is_active, is_superuser,
created_at, updated_at
FROM users
WHERE email = %(email)s
"""
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, {'email': email})
row = await cur.fetchone()
if row:
return UserInDB(**row)
return None
async def get_all_users(self, skip: int = 0, limit: int = 100) -> List[UserInDB]:
"""获取所有用户(分页)"""
query = """
SELECT id, username, email, hashed_password, role, is_active, is_superuser,
created_at, updated_at
FROM users
ORDER BY created_at DESC
LIMIT %(limit)s OFFSET %(skip)s
"""
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, {'skip': skip, 'limit': limit})
rows = await cur.fetchall()
return [UserInDB(**row) for row in rows]
async def update_user(self, user_id: int, user_update: UserUpdate) -> Optional[UserInDB]:
"""
更新用户信息
Args:
user_id: 用户ID
user_update: 更新数据
Returns:
更新后的用户对象
"""
# 构建动态更新语句
update_fields = []
params = {'user_id': user_id}
if user_update.email is not None:
update_fields.append("email = %(email)s")
params['email'] = user_update.email
if user_update.password is not None:
update_fields.append("hashed_password = %(hashed_password)s")
params['hashed_password'] = get_password_hash(user_update.password)
if user_update.role is not None:
update_fields.append("role = %(role)s")
params['role'] = user_update.role.value
if user_update.is_active is not None:
update_fields.append("is_active = %(is_active)s")
params['is_active'] = user_update.is_active
if not update_fields:
return await self.get_user_by_id(user_id)
query = f"""
UPDATE users
SET {', '.join(update_fields)}, updated_at = CURRENT_TIMESTAMP
WHERE id = %(user_id)s
RETURNING id, username, email, hashed_password, role, is_active, is_superuser,
created_at, updated_at
"""
try:
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, params)
row = await cur.fetchone()
if row:
return UserInDB(**row)
except Exception as e:
logger.error(f"Error updating user {user_id}: {e}")
raise
return None
async def delete_user(self, user_id: int) -> bool:
"""
删除用户
Args:
user_id: 用户ID
Returns:
是否成功删除
"""
query = "DELETE FROM users WHERE id = %(user_id)s"
try:
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, {'user_id': user_id})
return cur.rowcount > 0
except Exception as e:
logger.error(f"Error deleting user {user_id}: {e}")
return False
async def user_exists(self, username: str = None, email: str = None) -> bool:
"""
检查用户是否存在
Args:
username: 用户名
email: 邮箱
Returns:
是否存在
"""
conditions = []
params = {}
if username:
conditions.append("username = %(username)s")
params['username'] = username
if email:
conditions.append("email = %(email)s")
params['email'] = email
if not conditions:
return False
query = f"""
SELECT EXISTS(
SELECT 1 FROM users WHERE {' OR '.join(conditions)}
)
"""
async with self.db.get_connection() as conn:
async with conn.cursor() as cur:
await cur.execute(query, params)
result = await cur.fetchone()
return result['exists'] if result else False

53
app/main.py
View File

@@ -9,7 +9,13 @@ import app.services.project_info as project_info
from app.api.v1.router import api_router
from app.infra.db.timescaledb.database import db as tsdb
from app.infra.db.postgresql.database import db as pgdb
from app.infra.db.dynamic_manager import project_connection_manager
from app.infra.db.metadata.database import close_metadata_engine
from app.services.tjnetwork import open_project
from app.core.config import settings
# 导入审计中间件
from app.infra.audit.middleware import AuditMiddleware
logger = logging.getLogger()
@@ -30,30 +36,51 @@ async def lifespan(app: FastAPI):
await tsdb.open()
await pgdb.open()
# 将数据库实例存储到 app.state供依赖项使用
app.state.db = pgdb
logger.info("Database connection pool initialized and stored in app.state")
if project_info.name:
print(project_info.name)
open_project(project_info.name)
yield
# 清理资源
tsdb.close()
pgdb.close()
await tsdb.close()
await pgdb.close()
await project_connection_manager.close_all()
await close_metadata_engine()
logger.info("Database connections closed")
app = FastAPI(lifespan=lifespan)
# 配置 CORS 中间件
app.add_middleware(
CORSMiddleware,
allow_origins=["*"], # 允许所有来源
allow_credentials=True, # 允许传递凭证Cookie、HTTP 头等)
allow_methods=["*"], # 允许所有 HTTP 方法
allow_headers=["*"], # 允许所有 HTTP 头
app = FastAPI(
lifespan=lifespan,
title=settings.PROJECT_NAME,
description="TJWater Server - 供水管网智能管理系统",
version="1.0.0",
docs_url="/docs",
redoc_url="/redoc",
)
app.add_middleware(GZipMiddleware, minimum_size=1000)
# Include Routers
app.include_router(api_router, prefix="/api/v1")
# Legcy Routers without version prefix
# app.include_router(api_router)
app.include_router(api_router)
# 配置中间件
app.add_middleware(GZipMiddleware, minimum_size=1000)
# 添加审计中间件(可选,记录关键操作)
app.add_middleware(AuditMiddleware)
# 配置 CORS 中间件
# 确保这是你最后一个添加的 app.add_middleware
app.add_middleware(
CORSMiddleware,
allow_origins=[
"http://localhost:3000", # 必须明确指定
"http://127.0.0.1:3000", # 建议同时加上这个
],
allow_credentials=True, # 既然这里是 True
allow_methods=["*"],
allow_headers=["*"],
)

16
app/services/epanet/epanet.py
View File

@@ -30,11 +30,11 @@ class Output:
if platform.system() == "Windows":
self._lib = ctypes.CDLL(
os.path.join(os.getcwd(), "epanet", "epanet-output.dll")
os.path.join(os.path.dirname(__file__), "windows", "epanet-output.dll")
)
else:
self._lib = ctypes.CDLL(
os.path.join(os.getcwd(), "epanet", "linux", "libepanet-output.so")
os.path.join(os.path.dirname(__file__), "linux", "libepanet-output.so")
)
self._handle = ctypes.c_void_p()
@@ -314,9 +314,9 @@ def run_project_return_dict(name: str, readable_output: bool = False) -> dict[st
input = name + ".db"
if platform.system() == "Windows":
exe = os.path.join(os.path.join(dir, "epanet"), "runepanet.exe")
exe = os.path.join(os.path.dirname(__file__), "windows", "runepanet.exe")
else:
exe = os.path.join(os.path.join(dir, "epanet"), "linux", "runepanet")
exe = os.path.join(os.path.dirname(__file__), "linux", "runepanet")
inp = os.path.join(os.path.join(dir, "db_inp"), input + ".inp")
rpt = os.path.join(os.path.join(dir, "temp"), input + ".rpt")
opt = os.path.join(os.path.join(dir, "temp"), input + ".opt")
@@ -364,9 +364,9 @@ def run_project(name: str, readable_output: bool = False) -> str:
input = name + ".db"
if platform.system() == "Windows":
exe = os.path.join(os.path.join(dir, "epanet"), "runepanet.exe")
exe = os.path.join(os.path.dirname(__file__), "windows", "runepanet.exe")
else:
exe = os.path.join(os.path.join(dir, "epanet"), "linux", "runepanet")
exe = os.path.join(os.path.dirname(__file__), "linux", "runepanet")
inp = os.path.join(os.path.join(dir, "db_inp"), input + ".inp")
rpt = os.path.join(os.path.join(dir, "temp"), input + ".rpt")
opt = os.path.join(os.path.join(dir, "temp"), input + ".opt")
@@ -416,9 +416,9 @@ def run_inp(name: str) -> str:
dir = os.path.abspath(os.getcwd())
if platform.system() == "Windows":
exe = os.path.join(os.path.join(dir, "epanet"), "runepanet.exe")
exe = os.path.join(os.path.dirname(__file__), "windows", "runepanet.exe")
else:
exe = os.path.join(os.path.join(dir, "epanet"), "linux", "runepanet")
exe = os.path.join(os.path.dirname(__file__), "linux", "runepanet")
inp = os.path.join(os.path.join(dir, "inp"), name + ".inp")
rpt = os.path.join(os.path.join(dir, "temp"), name + ".rpt")
opt = os.path.join(os.path.join(dir, "temp"), name + ".opt")

0
app/services/epanet/epanet-output.dll → app/services/epanet/windows/epanet-output.dll
View File

0
app/services/epanet/epanet2.dll → app/services/epanet/windows/epanet2.dll
View File

0
app/services/epanet/runepanet.exe → app/services/epanet/windows/runepanet.exe
View File

22
app/services/project_info.py
View File

@@ -1,22 +1,4 @@
import os
import yaml
# 获取当前项目根目录的路径
_current_file = os.path.abspath(__file__)
project_root = os.path.dirname(os.path.dirname(os.path.dirname(_current_file)))
# 尝试读取 .yml 或 .yaml 文件
config_file = os.path.join(project_root, "configs", "project_info.yml")
if not os.path.exists(config_file):
config_file = os.path.join(project_root, "configs", "project_info.yaml")
if not os.path.exists(config_file):
raise FileNotFoundError(f"未找到项目配置文件 (project_info.yaml 或 .yml): {os.path.dirname(config_file)}")
with open(config_file, 'r', encoding='utf-8') as f:
_config = yaml.safe_load(f)
if not _config or 'name' not in _config:
raise KeyError(f"项目配置文件中缺少 'name' 配置: {config_file}")
name = _config['name']
# 从环境变量 NETWORK_NAME 读取
name = os.getenv("NETWORK_NAME")

37
app/services/simulation.py
View File

@@ -21,8 +21,12 @@ import app.services.globals as globals
import uuid
import app.services.project_info as project_info
from app.native.api.postgresql_info import get_pgconn_string
from app.infra.db.timescaledb.internal_queries import InternalQueries as TimescaleInternalQueries
from app.infra.db.timescaledb.internal_queries import InternalStorage as TimescaleInternalStorage
from app.infra.db.timescaledb.internal_queries import (
InternalQueries as TimescaleInternalQueries,
)
from app.infra.db.timescaledb.internal_queries import (
InternalStorage as TimescaleInternalStorage,
)
logging.basicConfig(
level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s"
@@ -679,8 +683,8 @@ def run_simulation(
modify_fixed_pump_pattern: dict[str, list] = None,
modify_variable_pump_pattern: dict[str, list] = None,
modify_valve_opening: dict[str, float] = None,
scheme_Type: str = None,
scheme_Name: str = None,
scheme_type: str = None,
scheme_name: str = None,
) -> None:
"""
传入需要修改的参数,改变数据库中对应位置的值,然后计算,返回结果
@@ -695,8 +699,8 @@ def run_simulation(
:param modify_fixed_pump_pattern: dict中包含多个水泵模式str为工频水泵的idlist为修改后的pattern
:param modify_variable_pump_pattern: dict中包含多个水泵模式str为变频水泵的idlist为修改后的pattern
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param scheme_Type: 模拟方案类型
:param scheme_Name模拟方案名称
:param scheme_type: 模拟方案类型
:param scheme_name模拟方案名称
:return:
"""
# 记录开始时间
@@ -1186,12 +1190,12 @@ def run_simulation(
if modify_valve_opening[valve_name] == 0:
valve_status["status"] = "CLOSED"
valve_status["setting"] = 0
if modify_valve_opening[valve_name] < 1:
elif modify_valve_opening[valve_name] < 1:
valve_status["status"] = "OPEN"
valve_status["setting"] = 0.1036 * pow(
modify_valve_opening[valve_name], -3.105
)
if modify_valve_opening[valve_name] == 1:
elif modify_valve_opening[valve_name] == 1:
valve_status["status"] = "OPEN"
valve_status["setting"] = 0
cs = ChangeSet()
@@ -1231,21 +1235,22 @@ def run_simulation(
starttime = time.time()
if simulation_type.upper() == "REALTIME":
TimescaleInternalStorage.store_realtime_simulation(
node_result, link_result, modify_pattern_start_time
node_result, link_result, modify_pattern_start_time, db_name=name
)
elif simulation_type.upper() == "EXTENDED":
TimescaleInternalStorage.store_scheme_simulation(
scheme_Type,
scheme_Name,
scheme_type,
scheme_name,
node_result,
link_result,
modify_pattern_start_time,
num_periods_result,
db_name=name,
)
endtime = time.time()
logging.info("store time: %f", endtime - starttime)
# 暂不需要再次存储 SCADA 模拟信息
# TimescaleInternalQueries.fill_scheme_simulation_result_to_SCADA(scheme_Type=scheme_Type, scheme_Name=scheme_Name)
# TimescaleInternalQueries.fill_scheme_simulation_result_to_SCADA(scheme_type=scheme_type, scheme_name=scheme_name)
# if simulation_type.upper() == "REALTIME":
# influxdb_api.store_realtime_simulation_result_to_influxdb(
@@ -1257,11 +1262,11 @@ def run_simulation(
# link_result,
# modify_pattern_start_time,
# num_periods_result,
# scheme_Type,
# scheme_Name,
# scheme_type,
# scheme_name,
# )
# 暂不需要再次存储 SCADA 模拟信息
# influxdb_api.fill_scheme_simulation_result_to_SCADA(scheme_Type=scheme_Type, scheme_Name=scheme_Name)
# influxdb_api.fill_scheme_simulation_result_to_SCADA(scheme_type=scheme_type, scheme_name=scheme_name)
print("after store result")
@@ -1341,7 +1346,7 @@ if __name__ == "__main__":
# run_simulation(name='bb', simulation_type="realtime", modify_pattern_start_time='2025-02-25T23:45:00+08:00')
# 模拟示例2
# run_simulation(name='bb', simulation_type="extended", modify_pattern_start_time='2025-03-10T12:00:00+08:00',
# modify_total_duration=1800, scheme_Type="burst_Analysis", scheme_Name="scheme1")
# modify_total_duration=1800, scheme_type="burst_Analysis", scheme_name="scheme1")
# 查询示例1query_SCADA_ID_corresponding_info
# result = query_SCADA_ID_corresponding_info(name='bb', SCADA_ID='P10755')

8
app/services/valve_isolation.py
View File

@@ -3,5 +3,9 @@ from typing import Any
from app.algorithms.valve_isolation import valve_isolation_analysis
def analyze_valve_isolation(network: str, accident_element: str) -> dict[str, Any]:
return valve_isolation_analysis(network, accident_element)
def analyze_valve_isolation(
network: str,
accident_element: str | list[str],
disabled_valves: list[str] = None,
) -> dict[str, Any]:
return valve_isolation_analysis(network, accident_element, disabled_valves)

1
configs/project_info.yml
View File

@@ -1 +0,0 @@
name: szh

13
infra/docker/Dockerfile
View File

@@ -1,13 +0,0 @@
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY app ./app
COPY resources ./resources
ENV PYTHONPATH=/app
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

3
infra/docker/docker-compose.yml
View File

@@ -65,6 +65,7 @@ services:
POSTGRES_DB: ${KEYCLOAK_DB_NAME}
POSTGRES_USER: ${KEYCLOAK_DB_USER}
POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
command: postgres -c wal_level=logical
ports:
- "${KEYCLOAK_DB_PORT}:5432"
volumes:
@@ -153,7 +154,7 @@ services:
- GEOSERVER_ADMIN_USER=${GEOSERVER_ADMIN_USER}
- GEOSERVER_ADMIN_PASSWORD=${GEOSERVER_ADMIN_PASSWORD}
- INSTALL_EXTENSIONS=true
- STABLE_EXTENSIONS=css,vectortiles
- STABLE_EXTENSIONS=vectortiles
- CORS_ENABLED=true
- CORS_ALLOWED_ORIGINS=*
volumes:

41
readme.md Normal file
View File

@@ -0,0 +1,41 @@
# TJWater Server (FastAPI)
基于 FastAPI 的水务业务服务端提供模拟计算、SCADA 数据、网络元素、项目管理等接口。
## 目录结构
```
app/
main.py # FastAPI 入口lifespan、CORS、路由挂载
api/
v1/
router.py # API 路由汇总(/api/v1 前缀)
endpoints/ # 业务接口实现auth、simulation、scada 等)
endpoints/network/ # 管网要素与特性接口
endpoints/components/ # 组件/控制相关接口
services/ # 业务服务层simulation、tjnetwork 等)
infra/
db/ # 数据库访问层timescaledb / postgresql / influxdb
cache/ # 缓存与 Redis 客户端
algorithms/ # 算法与分析模块
core/ # 配置与安全相关
configs/
project_info.yml # 默认工程配置(启动时自动打开)
scripts/
run_server.py # Uvicorn 启动脚本
tests/ # 测试
```
## 启动方式
1. 安装依赖(示例):
```bash
pip install -r requirements.txt
```
2. 启动服务:
```bash
python scripts/run_server.py
```
默认监听:`http://0.0.0.0:8000`
API 前缀:`/api/v1`(见 `app/main.py` 与 `app/api/v1/router.py`

5
requirements.txt
View File

@@ -83,6 +83,7 @@ opentelemetry-semantic-conventions==0.60b1
osqp==1.0.5
packaging==25.0
pandas==2.2.3
passlib==1.7.4
pathable==0.4.4
pathvalidate==3.3.1
pillow==11.2.1
@@ -94,7 +95,6 @@ prometheus_client==0.24.1
psycopg==3.2.5
psycopg-binary==3.2.5
psycopg-pool==3.3.0
psycopg2==2.9.10
PuLP==3.1.1
py-key-value-aio==0.3.0
py-key-value-shared==0.3.0
@@ -120,6 +120,7 @@ pyproj==3.7.1
pytest==8.3.5
python-dateutil==2.9.0.post0
python-dotenv==1.2.1
python-jose==3.5.0
python-json-logger==4.0.0
python-multipart==0.0.20
pytz==2025.2
@@ -155,8 +156,6 @@ starlette==0.50.0
threadpoolctl==3.6.0
tqdm==4.67.1
typer==0.21.1
typing-inspection==0.4.0
typing_extensions==4.12.2
tzdata==2025.2
urllib3==2.2.3
uvicorn==0.34.0

67
resources/sql/001_create_users_table.sql Normal file
View File

@@ -0,0 +1,67 @@
-- ============================================
-- TJWater Server 用户系统数据库迁移脚本
-- ============================================
-- 创建用户表
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
hashed_password VARCHAR(255) NOT NULL,
role VARCHAR(20) DEFAULT 'USER' NOT NULL,
is_active BOOLEAN DEFAULT TRUE NOT NULL,
is_superuser BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
CONSTRAINT users_role_check CHECK (role IN ('ADMIN', 'OPERATOR', 'USER', 'VIEWER'))
);
-- 创建索引
CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
CREATE INDEX IF NOT EXISTS idx_users_role ON users(role);
CREATE INDEX IF NOT EXISTS idx_users_is_active ON users(is_active);
-- 创建触发器自动更新 updated_at
CREATE OR REPLACE FUNCTION update_updated_at_column()
RETURNS TRIGGER AS $$
BEGIN
NEW.updated_at = CURRENT_TIMESTAMP;
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
DROP TRIGGER IF EXISTS update_users_updated_at ON users;
CREATE TRIGGER update_users_updated_at
BEFORE UPDATE ON users
FOR EACH ROW
EXECUTE FUNCTION update_updated_at_column();
-- 创建默认管理员账号 (密码: admin123)
INSERT INTO users (username, email, hashed_password, role, is_superuser)
VALUES (
'admin',
'admin@tjwater.com',
'$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewY5aeAJK.1tYKAW',
'ADMIN',
TRUE
) ON CONFLICT (username) DO NOTHING;
-- 迁移现有硬编码用户 (tjwater/tjwater@123)
INSERT INTO users (username, email, hashed_password, role, is_superuser)
VALUES (
'tjwater',
'tjwater@tjwater.com',
'$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW',
'ADMIN',
TRUE
) ON CONFLICT (username) DO NOTHING;
-- 添加注释
COMMENT ON TABLE users IS '用户表 - 存储系统用户信息';
COMMENT ON COLUMN users.id IS '用户ID主键';
COMMENT ON COLUMN users.username IS '用户名(唯一)';
COMMENT ON COLUMN users.email IS '邮箱地址(唯一)';
COMMENT ON COLUMN users.hashed_password IS 'bcrypt 密码哈希';
COMMENT ON COLUMN users.role IS '用户角色: ADMIN, OPERATOR, USER, VIEWER';

45
resources/sql/002_create_audit_logs_table.sql Normal file
View File

@@ -0,0 +1,45 @@
-- ============================================
-- TJWater Server 审计日志表迁移脚本
-- ============================================
-- 创建审计日志表
CREATE TABLE IF NOT EXISTS audit_logs (
id SERIAL PRIMARY KEY,
user_id INTEGER REFERENCES users(id) ON DELETE SET NULL,
username VARCHAR(50),
action VARCHAR(50) NOT NULL,
resource_type VARCHAR(50),
resource_id VARCHAR(100),
ip_address VARCHAR(45),
user_agent TEXT,
request_method VARCHAR(10),
request_path TEXT,
request_data JSONB,
response_status INTEGER,
error_message TEXT,
timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
);
-- 创建索引以提高查询性能
CREATE INDEX IF NOT EXISTS idx_audit_logs_user_id ON audit_logs(user_id);
CREATE INDEX IF NOT EXISTS idx_audit_logs_username ON audit_logs(username);
CREATE INDEX IF NOT EXISTS idx_audit_logs_timestamp ON audit_logs(timestamp DESC);
CREATE INDEX IF NOT EXISTS idx_audit_logs_action ON audit_logs(action);
CREATE INDEX IF NOT EXISTS idx_audit_logs_resource ON audit_logs(resource_type, resource_id);
-- 添加注释
COMMENT ON TABLE audit_logs IS '审计日志表 - 记录所有关键操作';
COMMENT ON COLUMN audit_logs.id IS '日志ID主键';
COMMENT ON COLUMN audit_logs.user_id IS '用户ID外键';
COMMENT ON COLUMN audit_logs.username IS '用户名(冗余字段,用于用户删除后仍可查询)';
COMMENT ON COLUMN audit_logs.action IS '操作类型LOGIN, LOGOUT, CREATE, UPDATE, DELETE';
COMMENT ON COLUMN audit_logs.resource_type IS '资源类型user, project, network';
COMMENT ON COLUMN audit_logs.resource_id IS '资源ID';
COMMENT ON COLUMN audit_logs.ip_address IS '客户端IP地址';
COMMENT ON COLUMN audit_logs.user_agent IS '客户端User-Agent';
COMMENT ON COLUMN audit_logs.request_method IS 'HTTP请求方法';
COMMENT ON COLUMN audit_logs.request_path IS '请求路径';
COMMENT ON COLUMN audit_logs.request_data IS '请求数据JSON格式敏感信息已脱敏';
COMMENT ON COLUMN audit_logs.response_status IS 'HTTP响应状态码';
COMMENT ON COLUMN audit_logs.error_message IS '错误消息(如果有)';
COMMENT ON COLUMN audit_logs.timestamp IS '操作时间';

33
scripts/encrypt_string.py Normal file
View File

@@ -0,0 +1,33 @@
import os
import sys
# 将项目根目录添加到 python 路径
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "..")))
from app.core.encryption import get_database_encryptor
def main() -> int:
plaintext = None
if not sys.stdin.isatty():
stdin_text = sys.stdin.read()
if stdin_text != "":
plaintext = stdin_text.rstrip("\r\n")
if plaintext is None and len(sys.argv) >= 2:
plaintext = sys.argv[1]
if plaintext is None:
try:
plaintext = input("请输入要加密的文本: ")
except EOFError:
plaintext = ""
if not plaintext.strip():
print("Error: plaintext string cannot be empty.", file=sys.stderr)
return 1
token = get_database_encryptor().encrypt(plaintext)
print(token)
return 0
if __name__ == "__main__":
raise SystemExit(main())

55
scripts/get_data.py
View File

@@ -7,18 +7,19 @@ import csv
# get_data 是用来获取 历史数据,也就是非实时数据的接口
# get_realtime 是用来获取 实时数据
def convert_timestamp_to_beijing_time(timestamp: Union[int, float]) -> datetime:
# 将毫秒级时间戳转换为秒级时间戳
timestamp_seconds = timestamp / 1000
# 将时间戳转换为datetime对象
utc_time = datetime.utcfromtimestamp(timestamp_seconds)
utc_time = datetime.fromtimestamp(timestamp_seconds)
# 设定UTC时区
utc_timezone = pytz.timezone('UTC')
utc_timezone = pytz.timezone("UTC")
# 转换为北京时间
beijing_timezone = pytz.timezone('Asia/Shanghai')
beijing_timezone = pytz.timezone("Asia/Shanghai")
beijing_time = utc_time.replace(tzinfo=utc_timezone).astimezone(beijing_timezone)
return beijing_time
@@ -26,10 +27,10 @@ def convert_timestamp_to_beijing_time(timestamp: Union[int, float]) -> datetime:
def beijing_time_to_utc(beijing_time_str: str) -> str:
# 定义北京时区
beijing_timezone = pytz.timezone('Asia/Shanghai')
beijing_timezone = pytz.timezone("Asia/Shanghai")
# 将字符串转换为datetime对象
beijing_time = datetime.strptime(beijing_time_str, '%Y-%m-%d %H:%M:%S')
beijing_time = datetime.strptime(beijing_time_str, "%Y-%m-%d %H:%M:%S")
# 本地化时间对象
beijing_time = beijing_timezone.localize(beijing_time)
@@ -38,29 +39,31 @@ def beijing_time_to_utc(beijing_time_str: str) -> str:
utc_time = beijing_time.astimezone(pytz.utc)
# 转换为ISO 8601格式的字符串
return utc_time.strftime('%Y-%m-%dT%H:%M:%SZ')
return utc_time.strftime("%Y-%m-%dT%H:%M:%SZ")
def get_history_data(ids: str, begin_date: str, end_date: str, downsample: Optional[str]) -> List[Dict[str, Union[str, datetime, int, float]]]:
# def get_history_data(ids: str, begin_date: str, end_date: str, downsample: Optional[str]) -> None:
def get_history_data(
ids: str, begin_date: str, end_date: str, downsample: Optional[str]
) -> List[Dict[str, Union[str, datetime, int, float]]]:
# def get_history_data(ids: str, begin_date: str, end_date: str, downsample: Optional[str]) -> None:
# 转换输入的北京时间为UTC时间
begin_date_utc = beijing_time_to_utc(begin_date)
end_date_utc = beijing_time_to_utc(end_date)
# 数据接口的地址
url = 'http://183.64.62.100:9057/loong/api/curves/data'
url = "http://183.64.62.100:9057/loong/api/curves/data"
# url = 'http://10.101.15.16:9000/loong/api/curves/data'
# url_path = 'http://10.101.15.16:9000/loong' # 内网
# 设置 GET 请求的参数
params = {
'ids': ids,
'beginDate': begin_date_utc,
'endDate': end_date_utc,
'downsample': downsample
"ids": ids,
"beginDate": begin_date_utc,
"endDate": end_date_utc,
"downsample": downsample,
}
history_data_list =[]
history_data_list = []
try:
# 发送 GET 请求获取数据
@@ -73,24 +76,26 @@ def get_history_data(ids: str, begin_date: str, end_date: str, downsample: Optio
# 这里可以对获取到的数据进行进一步处理
# 打印 'mpointId' 和 'mpointName'
for item in data['items']:
mpoint_id = str(item['mpointId'])
mpoint_name = item['mpointName']
for item in data["items"]:
mpoint_id = str(item["mpointId"])
mpoint_name = item["mpointName"]
# print("mpointId:", item['mpointId'])
# print("mpointName:", item['mpointName'])
# 打印 'dataDate' 和 'dataValue'
for item_data in item['data']:
for item_data in item["data"]:
# 将时间戳转换为北京时间
beijing_time = convert_timestamp_to_beijing_time(item_data['dataDate'])
data_value = item_data['dataValue']
beijing_time = convert_timestamp_to_beijing_time(
item_data["dataDate"]
)
data_value = item_data["dataValue"]
# 创建一个字典存储每条数据
data_dict = {
'time': beijing_time,
'device_ID': str(mpoint_id),
'description': mpoint_name,
"time": beijing_time,
"device_ID": str(mpoint_id),
"description": mpoint_name,
# 'dataDate (Beijing Time)': beijing_time.strftime('%Y-%m-%d %H:%M:%S'),
'monitored_value': data_value # 保留原有类型
"monitored_value": data_value, # 保留原有类型
}
history_data_list.append(data_dict)
@@ -164,4 +169,4 @@ def get_history_data(ids: str, begin_date: str, end_date: str, downsample: Optio
# for data in data_list1:
# writer.writerow([data['measurement'], data['mpointId'], data['date'], data['dataValue'], data['datetime']])
#
# print(f"筛选后的数据已保存到 {filtered_csv_file_path}")
# print(f"筛选后的数据已保存到 {filtered_csv_file_path}")

57
scripts/get_hist_data.py
View File

@@ -8,35 +8,33 @@ def convert_timestamp_to_beijing_time(timestamp):
timestamp_seconds = timestamp / 1000
# 将时间戳转换为datetime对象
utc_time = datetime.utcfromtimestamp(timestamp_seconds)
utc_time = datetime.fromtimestamp(timestamp_seconds)
# 设定UTC时区
utc_timezone = pytz.timezone('UTC')
utc_timezone = pytz.timezone("UTC")
# 转换为北京时间
beijing_timezone = pytz.timezone('Asia/Shanghai')
beijing_timezone = pytz.timezone("Asia/Shanghai")
beijing_time = utc_time.replace(tzinfo=utc_timezone).astimezone(beijing_timezone)
return beijing_time
def conver_beingtime_to_ucttime(timestr:str):
beijing_time=datetime.strptime(timestr,'%Y-%m-%d %H:%M:%S')
utc_time=beijing_time.astimezone(pytz.utc)
str_utc=utc_time.strftime('%Y-%m-%dT%H:%M:%SZ')
#print(str_utc)
def conver_beingtime_to_ucttime(timestr: str):
beijing_time = datetime.strptime(timestr, "%Y-%m-%d %H:%M:%S")
utc_time = beijing_time.astimezone(pytz.utc)
str_utc = utc_time.strftime("%Y-%m-%dT%H:%M:%SZ")
# print(str_utc)
return str_utc
def get_hist_data(ids, begin_date,end_date)->dict[str,dict[datetime,float]]:
def get_hist_data(ids, begin_date, end_date) -> dict[str, dict[datetime, float]]:
# 数据接口的地址
url = 'http://183.64.62.100:9057/loong/api/curves/data'
url = "http://183.64.62.100:9057/loong/api/curves/data"
# 设置 GET 请求的参数
params = {
'ids': ids,
'beginDate': begin_date,
'endDate': end_date
}
lst_data={}
params = {"ids": ids, "beginDate": begin_date, "endDate": end_date}
lst_data = {}
try:
# 发送 GET 请求获取数据
response = requests.get(url, params=params)
@@ -48,22 +46,27 @@ def get_hist_data(ids, begin_date,end_date)->dict[str,dict[datetime,float]]:
# 这里可以对获取到的数据进行进一步处理
# 打印 'mpointId' 和 'mpointName'
for item in data['items']:
#print("mpointId:", item['mpointId'])
#print("mpointName:", item['mpointName'])
for item in data["items"]:
# print("mpointId:", item['mpointId'])
# print("mpointName:", item['mpointName'])
# 打印 'dataDate' 和 'dataValue'
data_seriers={}
for item_data in item['data']:
data_seriers = {}
for item_data in item["data"]:
# print("dataDate:", item_data['dataDate'])
# 将时间戳转换为北京时间
beijing_time = convert_timestamp_to_beijing_time(item_data['dataDate'])
print("dataDate (Beijing Time):", beijing_time.strftime('%Y-%m-%d %H:%M:%S'))
print("dataValue:", item_data['dataValue'])
beijing_time = convert_timestamp_to_beijing_time(
item_data["dataDate"]
)
print(
"dataDate (Beijing Time):",
beijing_time.strftime("%Y-%m-%d %H:%M:%S"),
)
print("dataValue:", item_data["dataValue"])
print() # 打印空行分隔不同条目
r=float(item_data['dataValue'])
data_seriers[beijing_time]=r
lst_data[item['mpointId']]=data_seriers
r = float(item_data["dataValue"])
data_seriers[beijing_time] = r
lst_data[item["mpointId"]] = data_seriers
return lst_data
else:
# 如果请求不成功,打印错误信息

15
scripts/main.py
View File

@@ -3233,7 +3233,7 @@ async def fastapi_query_all_scheme_all_records(
return loaded_dict
results = influxdb_api.query_scheme_all_record(
scheme_Type=schemetype, scheme_Name=schemename, query_date=querydate
scheme_type=schemetype, scheme_name=schemename, query_date=querydate
)
packed = msgpack.packb(results, default=encode_datetime)
redis_client.set(cache_key, packed)
@@ -3257,7 +3257,7 @@ async def fastapi_query_all_scheme_all_records_property(
all_results = msgpack.unpackb(data, object_hook=decode_datetime)
else:
all_results = influxdb_api.query_scheme_all_record(
scheme_Type=schemetype, scheme_Name=schemename, query_date=querydate
scheme_type=schemetype, scheme_name=schemename, query_date=querydate
)
packed = msgpack.packb(all_results, default=encode_datetime)
redis_client.set(cache_key, packed)
@@ -3585,7 +3585,7 @@ class BurstAnalysis(BaseModel):
modify_fixed_pump_pattern: Optional[dict[str, list]] = None
modify_variable_pump_pattern: Optional[dict[str, list]] = None
modify_valve_opening: Optional[dict[str, float]] = None
scheme_Name: Optional[str] = None
scheme_name: Optional[str] = None
@app.post("/burst_analysis/")
@@ -3608,7 +3608,7 @@ async def fastapi_burst_analysis(data: BurstAnalysis) -> str:
modify_fixed_pump_pattern=item["modify_fixed_pump_pattern"],
modify_variable_pump_pattern=item["modify_variable_pump_pattern"],
modify_valve_opening=item["modify_valve_opening"],
scheme_Name=item["scheme_Name"],
scheme_name=item["scheme_name"],
)
# os.rename(filename2, filename)
@@ -3616,7 +3616,7 @@ async def fastapi_burst_analysis(data: BurstAnalysis) -> str:
# 将 时间转换成日期,然后缓存这个计算结果
# 缓存key: burst_analysis_<name>_<modify_pattern_start_time>
global redis_client
schemename = data.scheme_Name
schemename = data.scheme_name
print(data.modify_pattern_start_time)
@@ -3627,7 +3627,7 @@ async def fastapi_burst_analysis(data: BurstAnalysis) -> str:
cache_key = f"queryallschemeallrecords_burst_Analysis_{schemename}_{querydate}"
data = redis_client.get(cache_key)
if not data:
results = influxdb_api.query_scheme_all_record("burst_Analysis", scheme_Name=schemename, query_date=querydate)
results = influxdb_api.query_scheme_all_record("burst_Analysis", scheme_name=schemename, query_date=querydate)
packed = msgpack.packb(results, default=encode_datetime)
redis_client.set(cache_key, packed)
"""
@@ -3710,8 +3710,9 @@ async def fastapi_contaminant_simulation(
start_time: str,
source: str,
concentration: float,
duration: int = 900,
duration: int,
pattern: str = None,
scheme_name: str = None,
) -> str:
filename = "c:/lock.simulation"
filename2 = "c:/lock.simulation2"

52
scripts/online_Analysis.py
View File

@@ -19,8 +19,8 @@ from sqlalchemy import create_engine
import ast
import app.services.project_info as project_info
import app.algorithms.api_ex.kmeans_sensor as kmeans_sensor
import app.algorithms.api_ex.Fdataclean as Fdataclean
import app.algorithms.api_ex.Pdataclean as Pdataclean
import app.algorithms.api_ex.flow_data_clean as flow_data_clean
import app.algorithms.api_ex.pressure_data_clean as pressure_data_clean
import app.algorithms.api_ex.sensitivity as sensitivity
from app.native.api.postgresql_info import get_pgconn_string
@@ -56,7 +56,7 @@ def burst_analysis(
modify_fixed_pump_pattern: dict[str, list] = None,
modify_variable_pump_pattern: dict[str, list] = None,
modify_valve_opening: dict[str, float] = None,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
爆管模拟
@@ -68,7 +68,7 @@ def burst_analysis(
:param modify_fixed_pump_pattern: dict中包含多个水泵模式str为工频水泵的idlist为修改后的pattern
:param modify_variable_pump_pattern: dict中包含多个水泵模式str为变频水泵的idlist为修改后的pattern
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
scheme_detail: dict = {
@@ -182,8 +182,8 @@ def burst_analysis(
modify_fixed_pump_pattern=modify_fixed_pump_pattern,
modify_variable_pump_pattern=modify_variable_pump_pattern,
modify_valve_opening=modify_valve_opening,
scheme_Type="burst_Analysis",
scheme_Name=scheme_Name,
scheme_type="burst_Analysis",
scheme_name=scheme_name,
)
# step 3. restore the base model status
# execute_undo(name) #有疑惑
@@ -193,7 +193,7 @@ def burst_analysis(
# return result
store_scheme_info(
name=name,
scheme_name=scheme_Name,
scheme_name=scheme_name,
scheme_type="burst_Analysis",
username="admin",
scheme_start_time=modify_pattern_start_time,
@@ -209,7 +209,7 @@ def valve_close_analysis(
modify_pattern_start_time: str,
modify_total_duration: int = 900,
modify_valve_opening: dict[str, float] = None,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
关阀模拟
@@ -217,7 +217,7 @@ def valve_close_analysis(
:param modify_pattern_start_time: 模拟开始时间,格式为'2024-11-25T09:00:00+08:00'
:param modify_total_duration: 模拟总历时,秒
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
print(
@@ -271,8 +271,8 @@ def valve_close_analysis(
modify_pattern_start_time=modify_pattern_start_time,
modify_total_duration=modify_total_duration,
modify_valve_opening=modify_valve_opening,
scheme_Type="valve_close_Analysis",
scheme_Name=scheme_Name,
scheme_type="valve_close_Analysis",
scheme_name=scheme_name,
)
# step 3. restore the base model
# for valve in valves:
@@ -294,7 +294,7 @@ def flushing_analysis(
modify_valve_opening: dict[str, float] = None,
drainage_node_ID: str = None,
flushing_flow: float = 0,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
管道冲洗模拟
@@ -304,7 +304,7 @@ def flushing_analysis(
:param modify_valve_opening: dict中包含多个阀门开启度str为阀门的idfloat为修改后的阀门开启度
:param drainage_node_ID: 冲洗排放口所在节点ID
:param flushing_flow: 冲洗水量传入参数单位为m3/h
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
print(
@@ -396,8 +396,8 @@ def flushing_analysis(
modify_pattern_start_time=modify_pattern_start_time,
modify_total_duration=modify_total_duration,
modify_valve_opening=modify_valve_opening,
scheme_Type="flushing_Analysis",
scheme_Name=scheme_Name,
scheme_type="flushing_Analysis",
scheme_name=scheme_name,
)
# step 4. restore the base model
if is_project_open(new_name):
@@ -417,7 +417,7 @@ def contaminant_simulation(
source: str = None,# 污染源节点ID
concentration: float = None, # 污染源浓度单位mg/L
source_pattern: str = None, # 污染源时间变化模式名称
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
污染模拟
@@ -428,7 +428,7 @@ def contaminant_simulation(
:param concentration: 污染源位置处的浓度单位mg/L即默认的污染模拟setting为concentration应改为 Set point booster
:param source_pattern: 污染源的时间变化模式若不传入则默认以恒定浓度持续模拟时间长度等于duration;
若传入,则格式为{1.0,0.5,1.1}等系数列表pattern_step模拟等于模型的hydraulic time step
:param scheme_Name: 方案名称
:param scheme_name: 方案名称
:return:
"""
print(
@@ -533,8 +533,8 @@ def contaminant_simulation(
simulation_type="extended",
modify_pattern_start_time=modify_pattern_start_time,
modify_total_duration=modify_total_duration,
scheme_Type="contaminant_Analysis",
scheme_Name=scheme_Name,
scheme_type="contaminant_Analysis",
scheme_name=scheme_name,
)
# for i in range(1,operation_step):
@@ -630,7 +630,7 @@ def pressure_regulation(
modify_tank_initial_level: dict[str, float] = None,
modify_fixed_pump_pattern: dict[str, list] = None,
modify_variable_pump_pattern: dict[str, list] = None,
scheme_Name: str = None,
scheme_name: str = None,
) -> None:
"""
区域调压模拟用来模拟未来15分钟内开关水泵对区域压力的影响
@@ -640,7 +640,7 @@ def pressure_regulation(
:param modify_tank_initial_level: dict中包含多个水塔str为水塔的idfloat为修改后的initial_level
:param modify_fixed_pump_pattern: dict中包含多个水泵模式str为工频水泵的idlist为修改后的pattern
:param modify_variable_pump_pattern: dict中包含多个水泵模式str为变频水泵的idlist为修改后的pattern
:param scheme_Name: 模拟方案名称
:param scheme_name: 模拟方案名称
:return:
"""
print(
@@ -692,8 +692,8 @@ def pressure_regulation(
modify_tank_initial_level=modify_tank_initial_level,
modify_fixed_pump_pattern=modify_fixed_pump_pattern,
modify_variable_pump_pattern=modify_variable_pump_pattern,
scheme_Type="pressure_regulation",
scheme_Name=scheme_Name,
scheme_type="pressure_regulation",
scheme_name=scheme_name,
)
if is_project_open(new_name):
close_project(new_name)
@@ -1475,7 +1475,7 @@ def flow_data_clean(input_csv_file: str) -> str:
if not os.path.exists(input_csv_path):
raise FileNotFoundError(f"指定的文件不存在: {input_csv_path}")
# 调用 Fdataclean.clean_flow_data_kf 函数进行数据清洗
out_xlsx_path = Fdataclean.clean_flow_data_kf(input_csv_path)
out_xlsx_path = flow_data_clean.clean_flow_data_kf(input_csv_path)
print("清洗后的数据已保存到:", out_xlsx_path)
@@ -1502,7 +1502,7 @@ def pressure_data_clean(input_csv_file: str) -> str:
if not os.path.exists(input_csv_path):
raise FileNotFoundError(f"指定的文件不存在: {input_csv_path}")
# 调用 Fdataclean.clean_flow_data_kf 函数进行数据清洗
out_xlsx_path = Pdataclean.clean_pressure_data_km(input_csv_path)
out_xlsx_path = pressure_data_clean.clean_pressure_data_km(input_csv_path)
print("清洗后的数据已保存到:", out_xlsx_path)
@@ -1536,7 +1536,7 @@ if __name__ == "__main__":
# 示例1burst_analysis
# burst_analysis(name='bb', modify_pattern_start_time='2025-04-17T00:00:00+08:00',
# burst_ID='GSD230112144241FA18292A84CB', burst_size=400, modify_total_duration=1800, scheme_Name='GSD230112144241FA18292A84CB_400')
# burst_ID='GSD230112144241FA18292A84CB', burst_size=400, modify_total_duration=1800, scheme_name='GSD230112144241FA18292A84CB_400')
# 示例create_user
# create_user(name=project_info.name, username='tjwater dev', password='123456')

2
scripts/run_server.py
View File

@@ -16,6 +16,6 @@ if __name__ == "__main__":
"app.main:app",
host="0.0.0.0",
port=8000,
# workers=2, # 这里可以设置多进程
workers=4, # 这里可以设置多进程
loop="asyncio",
)

122
setup_security.sh Executable file
View File

@@ -0,0 +1,122 @@
#!/bin/bash
# TJWater Server 安全功能快速设置脚本
set -e
echo "=================================="
echo "TJWater Server 安全功能设置"
echo "=================================="
echo ""
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# 步骤 1: 检查依赖
echo "📦 步骤 1/5: 检查 Python 依赖..."
if ! python -c "import cryptography, passlib, jose" 2>/dev/null; then
echo -e "${YELLOW}缺少依赖,正在安装...${NC}"
pip install cryptography passlib python-jose bcrypt
else
echo -e "${GREEN}✓ 依赖已安装${NC}"
fi
echo ""
# 步骤 2: 生成密钥
echo "🔑 步骤 2/5: 生成安全密钥..."
if [ ! -f .env ]; then
echo "正在创建 .env 文件..."
cp .env.example .env
# 生成 JWT 密钥
JWT_KEY=$(openssl rand -hex 32)
sed -i "s/SECRET_KEY=.*/SECRET_KEY=$JWT_KEY/" .env
echo -e "${GREEN}✓ JWT 密钥已生成${NC}"
# 生成加密密钥
ENC_KEY=$(python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())")
sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=$ENC_KEY/" .env
echo -e "${GREEN}✓ 加密密钥已生成${NC}"
else
echo -e "${YELLOW}⚠ .env 文件已存在,跳过生成${NC}"
fi
echo ""
# 步骤 3: 数据库配置
echo "💾 步骤 3/5: 数据库配置..."
read -p "请输入数据库名称 [默认: tjwater]: " DB_NAME
DB_NAME=${DB_NAME:-tjwater}
read -p "请输入数据库用户 [默认: postgres]: " DB_USER
DB_USER=${DB_USER:-postgres}
read -sp "请输入数据库密码: " DB_PASS
echo ""
# 更新 .env
sed -i "s/DB_NAME=.*/DB_NAME=$DB_NAME/" .env
sed -i "s/DB_USER=.*/DB_USER=$DB_USER/" .env
sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$DB_PASS/" .env
echo -e "${GREEN}✓ 数据库配置已更新${NC}"
echo ""
# 步骤 4: 执行数据库迁移
echo "🗄️ 步骤 4/5: 执行数据库迁移..."
read -p "是否立即执行数据库迁移?(y/n) [y]: " DO_MIGRATION
DO_MIGRATION=${DO_MIGRATION:-y}
if [ "$DO_MIGRATION" = "y" ]; then
echo "正在执行迁移脚本..."
PGPASSWORD=$DB_PASS psql -U $DB_USER -d $DB_NAME -f resources/sql/001_create_users_table.sql 2>&1 | grep -v "NOTICE"
if [ $? -eq 0 ]; then
echo -e "${GREEN}✓ 用户表创建成功${NC}"
else
echo -e "${RED}✗ 用户表创建失败${NC}"
fi
PGPASSWORD=$DB_PASS psql -U $DB_USER -d $DB_NAME -f resources/sql/002_create_audit_logs_table.sql 2>&1 | grep -v "NOTICE"
if [ $? -eq 0 ]; then
echo -e "${GREEN}✓ 审计日志表创建成功${NC}"
else
echo -e "${RED}✗ 审计日志表创建失败${NC}"
fi
else
echo -e "${YELLOW}⚠ 跳过数据库迁移,请稍后手动执行:${NC}"
echo " psql -U $DB_USER -d $DB_NAME -f resources/sql/001_create_users_table.sql"
echo " psql -U $DB_USER -d $DB_NAME -f resources/sql/002_create_audit_logs_table.sql"
fi
echo ""
# 步骤 5: 测试
echo "🧪 步骤 5/5: 运行测试..."
if python tests/test_encryption.py 2>&1; then
echo -e "${GREEN}✓ 加密功能测试通过${NC}"
else
echo -e "${RED}✗ 加密功能测试失败${NC}"
fi
echo ""
# 完成
echo "=================================="
echo -e "${GREEN}✅ 设置完成!${NC}"
echo "=================================="
echo ""
echo "默认管理员账号:"
echo " 用户名: admin"
echo " 密码: admin123"
echo ""
echo " 用户名: tjwater"
echo " 密码: tjwater@123"
echo ""
echo "下一步:"
echo " 1. 查看文档: cat SECURITY_README.md"
echo " 2. 查看部署指南: cat DEPLOYMENT.md"
echo " 3. 启动服务器: uvicorn app.main:app --reload"
echo " 4. 访问文档: http://localhost:8000/docs"
echo ""

77
tests/api/test_api_integration.py Executable file
View File

@@ -0,0 +1,77 @@
#!/usr/bin/env python
"""
测试新增 API 集成
验证新的认证、用户管理和审计日志接口是否正确集成
"""
import sys
import os
import pytest
# 将项目根目录添加到 sys.path
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../../")))
@pytest.mark.parametrize(
"module_name, desc",
[
("app.core.encryption", "加密模块"),
("app.core.security", "安全模块"),
("app.core.audit", "审计模块"),
("app.domain.models.role", "角色模型"),
("app.domain.schemas.user", "用户Schema"),
("app.domain.schemas.audit", "审计Schema"),
("app.auth.permissions", "权限控制"),
("app.api.v1.endpoints.auth", "认证接口"),
("app.api.v1.endpoints.user_management", "用户管理接口"),
("app.api.v1.endpoints.audit", "审计日志接口"),
("app.infra.repositories.user_repository", "用户仓储"),
("app.infra.repositories.audit_repository", "审计仓储"),
("app.infra.audit.middleware", "审计中间件"),
],
)
def test_module_imports(module_name, desc):
"""检查关键模块是否可以导入"""
try:
__import__(module_name)
except ImportError as e:
pytest.fail(f"无法导入 {desc} ({module_name}): {e}")
def test_router_configuration():
"""检查路由配置"""
try:
from app.api.v1 import router
# 检查 router 中是否包含新增的路由
api_router = router.api_router
routes = [r.path for r in api_router.routes if hasattr(r, "path")]
# 验证基础路径是否存在
assert any("/auth" in r for r in routes), "缺少认证相关路由 (/auth)"
assert any("/users" in r for r in routes), "缺少用户管理路由 (/users)"
assert any("/audit" in r for r in routes), "缺少审计日志路由 (/audit)"
except Exception as e:
pytest.fail(f"路由配置检查失败: {e}")
def test_main_app_initialization():
"""检查 main.py 配置"""
try:
from app.main import app
assert app is not None
assert app.title != ""
# 检查中间件 (简单检查是否存在)
middleware_names = [m.cls.__name__ for m in app.user_middleware]
# 检查是否包含审计中间件或其他关键中间件(根据实际类名修改)
assert "AuditMiddleware" in middleware_names, "缺少审计中间件"
# 检查路由总数
assert len(app.routes) > 0
except Exception as e:
pytest.fail(f"main.py 配置检查失败: {e}")

41
tests/auth/test_encryption.py Normal file
View File

@@ -0,0 +1,41 @@
"""
测试加密功能
"""
import os
import sys
sys.path.insert(0, os.path.join(os.path.dirname(__file__), ".."))
def test_encryption():
"""测试加密和解密功能"""
from app.core.encryption import Encryptor
# 生成测试密钥
key = Encryptor.generate_key()
print(f"✓ 生成密钥: {key}")
# 创建加密器
encryptor = Encryptor(key=key.encode())
# 测试加密
test_data = "这是敏感数据 - 数据库密码: password123"
encrypted = encryptor.encrypt(test_data)
print(f"✓ 加密成功: {encrypted[:50]}...")
# 测试解密
decrypted = encryptor.decrypt(encrypted)
assert decrypted == test_data, "解密数据不匹配!"
print(f"✓ 解密成功: {decrypted}")
# 测试空数据
assert encryptor.encrypt("") == ""
assert encryptor.decrypt("") == ""
print("✓ 空数据处理正确")
print("\n✅ 所有加密测试通过!")
if __name__ == "__main__":
test_encryption()

119
tests/unit/test_metadata_repository_dsn_decrypt.py Normal file
View File

@@ -0,0 +1,119 @@
import asyncio
from types import SimpleNamespace
from unittest.mock import AsyncMock
from uuid import uuid4
import pytest
from cryptography.fernet import InvalidToken
from app.infra.repositories.metadata_repository import MetadataRepository
class _DummyResult:
def __init__(self, record):
self._record = record
def scalar_one_or_none(self):
return self._record
class _DummyEncryptor:
def __init__(self, decrypted=None, raise_invalid_token=False):
self._decrypted = decrypted
self._raise_invalid_token = raise_invalid_token
self.encrypted_values = []
def decrypt(self, _value):
if self._raise_invalid_token:
raise InvalidToken()
return self._decrypted
def _build_record(dsn_encrypted: str):
return SimpleNamespace(
project_id=uuid4(),
db_role="biz_data",
db_type="postgresql",
dsn_encrypted=dsn_encrypted,
pool_min_size=1,
pool_max_size=5,
)
def test_invalid_token_with_plaintext_dsn_value_raises_clear_error(monkeypatch):
record = _build_record("postgresql://user:p@ss@localhost:5432/db")
session = SimpleNamespace(
execute=None,
commit=None,
)
session.execute = AsyncMock(return_value=_DummyResult(record))
session.commit = AsyncMock()
encryptor = _DummyEncryptor(raise_invalid_token=True)
repo = MetadataRepository(session)
monkeypatch.setattr(
"app.infra.repositories.metadata_repository.is_database_encryption_configured",
lambda: True,
)
monkeypatch.setattr(
"app.infra.repositories.metadata_repository.get_database_encryptor",
lambda: encryptor,
)
with pytest.raises(
ValueError,
match="DATABASE_ENCRYPTION_KEY mismatch or invalid dsn_encrypted value",
):
asyncio.run(repo.get_project_db_routing(record.project_id, "biz_data"))
session.commit.assert_not_awaited()
def test_invalid_token_with_non_dsn_value_raises_clear_error(monkeypatch):
record = _build_record("gAAAAABinvalidciphertext")
session = SimpleNamespace(
execute=None,
commit=None,
)
session.execute = AsyncMock(return_value=_DummyResult(record))
session.commit = AsyncMock()
repo = MetadataRepository(session)
monkeypatch.setattr(
"app.infra.repositories.metadata_repository.is_database_encryption_configured",
lambda: True,
)
monkeypatch.setattr(
"app.infra.repositories.metadata_repository.get_database_encryptor",
lambda: _DummyEncryptor(raise_invalid_token=True),
)
with pytest.raises(
ValueError,
match="DATABASE_ENCRYPTION_KEY mismatch or invalid dsn_encrypted value",
):
asyncio.run(repo.get_project_db_routing(record.project_id, "biz_data"))
session.commit.assert_not_awaited()
def test_encrypted_dsn_decrypts_without_migration(monkeypatch):
record = _build_record("encrypted-value")
session = SimpleNamespace(
execute=None,
commit=None,
)
session.execute = AsyncMock(return_value=_DummyResult(record))
session.commit = AsyncMock()
repo = MetadataRepository(session)
monkeypatch.setattr(
"app.infra.repositories.metadata_repository.is_database_encryption_configured",
lambda: True,
)
monkeypatch.setattr(
"app.infra.repositories.metadata_repository.get_database_encryptor",
lambda: _DummyEncryptor(decrypted="postgresql://u:p@ss@host/db"),
)
routing = asyncio.run(repo.get_project_db_routing(record.project_id, "biz_data"))
assert routing.dsn == "postgresql://u:p%40ss@host/db"
session.commit.assert_not_awaited()

8
tests/test_pipeline_health_analyzer.py → tests/unit/test_pipeline_health_analyzer.py
View File

@@ -1,7 +1,11 @@
from api_ex.pipeline_health_analyzer import PipelineHealthAnalyzer
"""
tests.unit.test_pipeline_health_analyzer Docstring
"""
def test_pipeline_health_analyzer():
from app.algorithms.api_ex.pipeline_health_analyzer import PipelineHealthAnalyzer
# 初始化分析器,假设模型文件路径为'models/rsf_model.joblib'
analyzer = PipelineHealthAnalyzer()
# 创建示例输入数据9个样本
@@ -51,7 +55,7 @@ def test_pipeline_health_analyzer():
), "每个生存函数应包含x和y属性"
# 可选:测试绘图功能(不显示图表)
analyzer.plot_survival(survival_functions, show_plot=True)
analyzer.plot_survival(survival_functions, show_plot=False)
if __name__ == "__main__":