feat: 完善系统配置、安全增强与知识库功能

- .env.example: API基础路径改为相对路径 /api/v1,支持代理转发
- README.md: 完善项目结构与启动说明文档
- docker-compose.yml: 新增Docker编排配置,支持容器化部署
- docker/: 新增Docker部署相关文档与配置

- server_start.sh: 重构启动脚本,添加容器环境检测、隔离虚拟环境路径、环境变量覆盖机制
- deps.py: 完善API依赖注入,增强权限验证逻辑
- admin_secret.py: 优化管理员密钥加密存储与验证
- config.py: 扩展配置管理,支持多环境变量绑定
- security.py: 增强安全模块,完善加密与认证机制
- db/base.py: 优化数据库基础架构与连接管理
- main.py: 更新应用入口,整合新模块路由
- models/: 完善系统模型配置,支持模型设置持久化
- repositories/settings.py: 优化设置仓储层,增强数据持久化
- services/settings.py: 重构设置服务,精简代码结构
- router.py: 更新API路由配置

- endpoints/knowledge.py: 新增知识库API端点
- schemas/knowledge.py: 新增知识库数据模型
- services/knowledge.py: 新增知识库业务逻辑
- storage/knowledge/.index.json: 知识库索引存储

- api.js: 完善API服务层,增强错误处理
- bootstrap.js: 优化前端初始化与引导流程
- useSetupView.js / useSystemState.js: 重构组合式函数
- TopBar.vue: 优化顶部导航栏组件
- SettingsView.vue: 重构设置页面UI,增强用户体验
- SetupView.vue / SetupRouteView.vue: 完善引导流程页面
- PoliciesView.vue: 优化策略视图组件
- vite.config.js: 更新Vite构建配置
- web_start.sh: 完善前端启动脚本
- views/scripts/: 优化各业务视图JS逻辑

- settings-view.css: 重构设置页面样式
- setup-view.css: 完善引导页样式
- policies-view.css: 优化策略页样式

- test_auth_service.py: 完善认证服务测试
- test_settings_persistence.py: 增强设置持久化测试
- document/: 新增开发文档与工作日志
This commit is contained in:
caoxiaozhu
2026-05-09 03:04:09 +00:00
parent c2315f68dc
commit 619281afc3
43 changed files with 9337 additions and 8300 deletions

View File

@@ -1,71 +1,71 @@
from __future__ import annotations
import hashlib
import secrets
from base64 import urlsafe_b64decode, urlsafe_b64encode
PBKDF2_ALGORITHM = "sha256"
PBKDF2_ITERATIONS = 120_000
SALT_BYTES = 16
def hash_password(password: str) -> str:
salt = secrets.token_bytes(SALT_BYTES)
digest = hashlib.pbkdf2_hmac(
PBKDF2_ALGORITHM,
password.encode("utf-8"),
salt,
PBKDF2_ITERATIONS,
)
encoded_salt = urlsafe_b64encode(salt).decode("utf-8")
encoded_digest = urlsafe_b64encode(digest).decode("utf-8")
return f"pbkdf2_{PBKDF2_ALGORITHM}${PBKDF2_ITERATIONS}${encoded_salt}${encoded_digest}"
def verify_password(password: str, password_hash: str) -> bool:
if password_hash.startswith("scrypt$"):
return verify_scrypt_password(password, password_hash)
try:
scheme, iterations, encoded_salt, encoded_digest = password_hash.split("$", 3)
except ValueError:
return False
if scheme != f"pbkdf2_{PBKDF2_ALGORITHM}":
return False
salt = urlsafe_b64decode(encoded_salt.encode("utf-8"))
expected_digest = urlsafe_b64decode(encoded_digest.encode("utf-8"))
computed_digest = hashlib.pbkdf2_hmac(
PBKDF2_ALGORITHM,
password.encode("utf-8"),
salt,
int(iterations),
)
return secrets.compare_digest(computed_digest, expected_digest)
def verify_scrypt_password(password: str, password_hash: str) -> bool:
try:
scheme, n_value, r_value, p_value, key_length, salt_hex, derived_key_hex = password_hash.split("$", 6)
except ValueError:
return False
if scheme != "scrypt":
return False
try:
salt = bytes.fromhex(salt_hex)
expected_key = bytes.fromhex(derived_key_hex)
derived_key = hashlib.scrypt(
password.encode("utf-8"),
salt=salt,
n=int(n_value),
r=int(r_value),
p=int(p_value),
dklen=int(key_length),
)
except ValueError:
return False
return secrets.compare_digest(derived_key, expected_key)
from __future__ import annotations
import hashlib
import secrets
from base64 import urlsafe_b64decode, urlsafe_b64encode
PBKDF2_ALGORITHM = "sha256"
PBKDF2_ITERATIONS = 120_000
SALT_BYTES = 16
def hash_password(password: str) -> str:
salt = secrets.token_bytes(SALT_BYTES)
digest = hashlib.pbkdf2_hmac(
PBKDF2_ALGORITHM,
password.encode("utf-8"),
salt,
PBKDF2_ITERATIONS,
)
encoded_salt = urlsafe_b64encode(salt).decode("utf-8")
encoded_digest = urlsafe_b64encode(digest).decode("utf-8")
return f"pbkdf2_{PBKDF2_ALGORITHM}${PBKDF2_ITERATIONS}${encoded_salt}${encoded_digest}"
def verify_password(password: str, password_hash: str) -> bool:
if password_hash.startswith("scrypt$"):
return verify_scrypt_password(password, password_hash)
try:
scheme, iterations, encoded_salt, encoded_digest = password_hash.split("$", 3)
except ValueError:
return False
if scheme != f"pbkdf2_{PBKDF2_ALGORITHM}":
return False
salt = urlsafe_b64decode(encoded_salt.encode("utf-8"))
expected_digest = urlsafe_b64decode(encoded_digest.encode("utf-8"))
computed_digest = hashlib.pbkdf2_hmac(
PBKDF2_ALGORITHM,
password.encode("utf-8"),
salt,
int(iterations),
)
return secrets.compare_digest(computed_digest, expected_digest)
def verify_scrypt_password(password: str, password_hash: str) -> bool:
try:
scheme, n_value, r_value, p_value, key_length, salt_hex, derived_key_hex = password_hash.split("$", 6)
except ValueError:
return False
if scheme != "scrypt":
return False
try:
salt = bytes.fromhex(salt_hex)
expected_key = bytes.fromhex(derived_key_hex)
derived_key = hashlib.scrypt(
password.encode("utf-8"),
salt=salt,
n=int(n_value),
r=int(r_value),
p=int(p_value),
dklen=int(key_length),
)
except ValueError:
return False
return secrets.compare_digest(derived_key, expected_key)