zhenxun_bot/zhenxun/builtin_plugins/web_ui/utils.py

import contextlib
from datetime import datetime, timedelta, timezone
import os
from pathlib import Path
import re

from fastapi import Depends, HTTPException
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt
from nonebot.utils import run_sync
import psutil
import ujson as json

from zhenxun.configs.config import Config
from zhenxun.configs.path_config import DATA_PATH, IMAGE_PATH

from .base_model import SystemFolderSize, SystemStatus, User

ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/login")

token_file = DATA_PATH / "web_ui" / "token.json"
token_file.parent.mkdir(parents=True, exist_ok=True)
token_data = {"token": []}
if token_file.exists():
    with contextlib.suppress(json.JSONDecodeError):
        token_data = json.load(open(token_file, encoding="utf8"))


def validate_path(path_str: str | None) -> tuple[Path | None, str | None]:
    """验证路径是否安全

    参数:
        path_str: 用户输入的路径

    返回:
        tuple[Path | None, str | None]: (验证后的路径, 错误信息)
    """
    try:
        if not path_str:
            return Path().resolve(), None

        # 1. 移除任何可能的路径遍历尝试
        path_str = re.sub(r"[\\/]\.\.[\\/]", "", path_str)

        # 2. 规范化路径并转换为绝对路径
        path = Path(path_str).resolve()

        # 3. 获取项目根目录
        root_dir = Path().resolve()

        # 4. 验证路径是否在项目根目录内
        try:
            if not path.is_relative_to(root_dir):
                return None, "访问路径超出允许范围"
        except ValueError:
            return None, "无效的路径格式"

        # 5. 验证路径是否包含任何危险字符
        if any(c in str(path) for c in ["..", "~", "*", "?", ">", "<", "|", '"']):
            return None, "路径包含非法字符"

        # 6. 验证路径长度是否合理
        return (None, "路径长度超出限制") if len(str(path)) > 4096 else (path, None)
    except Exception as e:
        return None, f"路径验证失败: {e!s}"


GROUP_HELP_PATH = DATA_PATH / "group_help"
SIMPLE_HELP_IMAGE = IMAGE_PATH / "SIMPLE_HELP.png"
SIMPLE_DETAIL_HELP_IMAGE = IMAGE_PATH / "SIMPLE_DETAIL_HELP.png"


def clear_help_image():
    """清理帮助图片"""
    if SIMPLE_HELP_IMAGE.exists():
        SIMPLE_HELP_IMAGE.unlink()
    if SIMPLE_DETAIL_HELP_IMAGE.exists():
        SIMPLE_DETAIL_HELP_IMAGE.unlink()
    for file in GROUP_HELP_PATH.iterdir():
        if file.is_file():
            file.unlink()


def get_user(uname: str) -> User | None:
    """获取账号密码

    参数:
        uname: uname

    返回:
        Optional[User]: 用户信息
    """
    username = Config.get_config("web-ui", "username")
    password = Config.get_config("web-ui", "password")
    if username and password and uname == username:
        return User(username=username, password=password)


def create_token(user: User, expires_delta: timedelta | None = None):
    """创建token

    参数:
        user: 用户信息
        expires_delta: 过期时间.
    """
    expire = datetime.now(timezone.utc) + (expires_delta or timedelta(minutes=15))
    return jwt.encode(
        claims={"sub": user.username, "exp": expire},
        key=Config.get_config("web-ui", "secret"),
        algorithm=ALGORITHM,
    )


def authentication():
    """权限验证

    异常:
        JWTError: JWTError
        HTTPException: HTTPException
    """

    # if token not in token_data["token"]:
    def inner(token: str = Depends(oauth2_scheme)):
        try:
            payload = jwt.decode(
                token, Config.get_config("web-ui", "secret"), algorithms=[ALGORITHM]
            )
            username, _ = payload.get("sub"), payload.get("exp")
            user = get_user(username)  # type: ignore
            if user is None:
                raise JWTError
        except JWTError:
            raise HTTPException(
                status_code=400, detail="登录验证失败或已失效, 踢出房间!"
            )

    return Depends(inner)


def _get_dir_size(dir_path: Path) -> float:
    """获取文件夹大小

    参数:
        dir_path: 文件夹路径
    """
    return sum(
        sum(os.path.getsize(os.path.join(root, name)) for name in files)
        for root, dirs, files in os.walk(dir_path)
    )


@run_sync
def get_system_status() -> SystemStatus:
    """获取系统信息等"""
    cpu = psutil.cpu_percent()
    memory = psutil.virtual_memory().percent
    disk = psutil.disk_usage("/").percent
    return SystemStatus(
        cpu=cpu,
        memory=memory,
        disk=disk,
        check_time=datetime.now().replace(microsecond=0),
    )


@run_sync
def get_system_disk(
    full_path: str | None,
) -> list[SystemFolderSize]:
    """获取资源文件大小等"""
    base_path = Path(full_path) if full_path else Path()
    other_size = 0
    data_list = []
    for file in os.listdir(base_path):
        f = base_path / file
        if f.is_dir():
            size = _get_dir_size(f) / 1024 / 1024
            data_list.append(
                SystemFolderSize(name=file, size=size, full_path=str(f), is_dir=True)
            )
        else:
            other_size += f.stat().st_size / 1024 / 1024
    if other_size:
        data_list.append(
            SystemFolderSize(
                name="other_file", size=other_size, full_path=full_path, is_dir=False
            )
        )
    return data_list
🎨 修复bug，移除plugins文件夹 2024-08-29 22:01:34 +08:00			`import contextlib`
Develop: 完全使用 ruff 替代 isort 与 black (#1757) * :rotating_light: 完全使用 ruff 替代 isort 与 black * :rotating_light: ruff lint&format 2024-12-10 19:49:11 +08:00			`from datetime import datetime, timedelta, timezone`
			`import os`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00			`from pathlib import Path`
:sparkles: 首次启动时提供使用web ui方式完全配置 (#1870) * :sparkles: 添加全局优先级hook * :sparkles: 添加基础配置api * :sparkles: 添加数据库连接测试 * :speech_balloon: 提示重启 * :adhesive_bandage: 填充过配置时友好提示 * :bug: 首次生成简易配置后自动加载 * :sparkles: 添加配置后重启接口 * :sparkles: 添加重启标志文件 * :sparkles: 添加重启脚本命令 * :sparkles: 添加重启系统限制 * :sparkles: 首次配置判断是否为win系统 * :fire: 移除bat * :sparkles: 添加关于菜单 * :sparkles: 支持整合包插件安装和添加整合包文档 * :adhesive_bandage: 检测数据库路径 * :adhesive_bandage: 修改数据库路径检测 * :adhesive_bandage: 修改数据库路径检测 * :adhesive_bandage: 修复路径注入 * :art: 显示添加优先级 * :bug: 修改PriorityLifecycle字典类名称 * :zap: 修复路径问题 * :zap: 修复路径检测 * ✨ 新增路径验证功能，确保用户输入的路径安全并在项目根目录内 * ✨ 优化路径验证功能，增加对非法字符和路径长度的检查，确保用户输入的路径更加安全 * :rotating_light: auto fix by pre-commit hooks * ✨ 优化获取文件列表的代码格式 * :memo: 修改README中webui示例图 * ✨ 更新PriorityLifecycle.on_startup装饰器 * ✨ 简化安装依赖的命令构建逻辑 * :rotating_light: auto fix by pre-commit hooks --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2025-06-16 09:11:41 +08:00			`import re`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00
🎨 修复bug，移除plugins文件夹 2024-08-29 22:01:34 +08:00			`from fastapi import Depends, HTTPException`
			`from fastapi.security import OAuth2PasswordBearer`
Develop: 完全使用 ruff 替代 isort 与 black (#1757) * :rotating_light: 完全使用 ruff 替代 isort 与 black * :rotating_light: ruff lint&format 2024-12-10 19:49:11 +08:00			`from jose import JWTError, jwt`
			`from nonebot.utils import run_sync`
			`import psutil`
			`import ujson as json`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00
			`from zhenxun.configs.config import Config`
:sparkles: 适配新版本webui (#1905) Co-authored-by: molanp <104612722+molanp@users.noreply.github.com> Co-authored-by: BalconyJH <73932916+BalconyJH@users.noreply.github.com> 2025-05-15 23:52:20 +08:00			`from zhenxun.configs.path_config import DATA_PATH, IMAGE_PATH`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00
Develop: 完全使用 ruff 替代 isort 与 black (#1757) * :rotating_light: 完全使用 ruff 替代 isort 与 black * :rotating_light: ruff lint&format 2024-12-10 19:49:11 +08:00			`from .base_model import SystemFolderSize, SystemStatus, User`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00
			`ALGORITHM = "HS256"`
			`ACCESS_TOKEN_EXPIRE_MINUTES = 30`

			`oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/login")`

			`token_file = DATA_PATH / "web_ui" / "token.json"`
			`token_file.parent.mkdir(parents=True, exist_ok=True)`
			`token_data = {"token": []}`
			`if token_file.exists():`
🎨 修复bug，移除plugins文件夹 2024-08-29 22:01:34 +08:00			`with contextlib.suppress(json.JSONDecodeError):`
			`token_data = json.load(open(token_file, encoding="utf8"))`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00

:sparkles: 首次启动时提供使用web ui方式完全配置 (#1870) * :sparkles: 添加全局优先级hook * :sparkles: 添加基础配置api * :sparkles: 添加数据库连接测试 * :speech_balloon: 提示重启 * :adhesive_bandage: 填充过配置时友好提示 * :bug: 首次生成简易配置后自动加载 * :sparkles: 添加配置后重启接口 * :sparkles: 添加重启标志文件 * :sparkles: 添加重启脚本命令 * :sparkles: 添加重启系统限制 * :sparkles: 首次配置判断是否为win系统 * :fire: 移除bat * :sparkles: 添加关于菜单 * :sparkles: 支持整合包插件安装和添加整合包文档 * :adhesive_bandage: 检测数据库路径 * :adhesive_bandage: 修改数据库路径检测 * :adhesive_bandage: 修改数据库路径检测 * :adhesive_bandage: 修复路径注入 * :art: 显示添加优先级 * :bug: 修改PriorityLifecycle字典类名称 * :zap: 修复路径问题 * :zap: 修复路径检测 * ✨ 新增路径验证功能，确保用户输入的路径安全并在项目根目录内 * ✨ 优化路径验证功能，增加对非法字符和路径长度的检查，确保用户输入的路径更加安全 * :rotating_light: auto fix by pre-commit hooks * ✨ 优化获取文件列表的代码格式 * :memo: 修改README中webui示例图 * ✨ 更新PriorityLifecycle.on_startup装饰器 * ✨ 简化安装依赖的命令构建逻辑 * :rotating_light: auto fix by pre-commit hooks --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2025-06-16 09:11:41 +08:00			`def validate_path(path_str: str \| None) -> tuple[Path \| None, str \| None]:`
			`"""验证路径是否安全`

			`参数:`
			`path_str: 用户输入的路径`

			`返回:`
			`tuple[Path \| None, str \| None]: (验证后的路径, 错误信息)`
			`"""`
			`try:`
			`if not path_str:`
			`return Path().resolve(), None`

			`# 1. 移除任何可能的路径遍历尝试`
			`path_str = re.sub(r"[\\/]\.\.[\\/]", "", path_str)`

			`# 2. 规范化路径并转换为绝对路径`
			`path = Path(path_str).resolve()`

			`# 3. 获取项目根目录`
			`root_dir = Path().resolve()`

			`# 4. 验证路径是否在项目根目录内`
			`try:`
			`if not path.is_relative_to(root_dir):`
			`return None, "访问路径超出允许范围"`
			`except ValueError:`
			`return None, "无效的路径格式"`

			`# 5. 验证路径是否包含任何危险字符`
			`if any(c in str(path) for c in ["..", "~", "*", "?", ">", "<", "\|", '"']):`
			`return None, "路径包含非法字符"`

			`# 6. 验证路径长度是否合理`
			`return (None, "路径长度超出限制") if len(str(path)) > 4096 else (path, None)`
			`except Exception as e:`
			`return None, f"路径验证失败: {e!s}"`


:sparkles: 适配新版本webui (#1905) Co-authored-by: molanp <104612722+molanp@users.noreply.github.com> Co-authored-by: BalconyJH <73932916+BalconyJH@users.noreply.github.com> 2025-05-15 23:52:20 +08:00			`GROUP_HELP_PATH = DATA_PATH / "group_help"`
			`SIMPLE_HELP_IMAGE = IMAGE_PATH / "SIMPLE_HELP.png"`
			`SIMPLE_DETAIL_HELP_IMAGE = IMAGE_PATH / "SIMPLE_DETAIL_HELP.png"`


			`def clear_help_image():`
			`"""清理帮助图片"""`
			`if SIMPLE_HELP_IMAGE.exists():`
			`SIMPLE_HELP_IMAGE.unlink()`
			`if SIMPLE_DETAIL_HELP_IMAGE.exists():`
			`SIMPLE_DETAIL_HELP_IMAGE.unlink()`
			`for file in GROUP_HELP_PATH.iterdir():`
			`if file.is_file():`
			`file.unlink()`


feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00			`def get_user(uname: str) -> User \| None:`
			`"""获取账号密码`

			`参数:`
			`uname: uname`

			`返回:`
			`Optional[User]: 用户信息`
			`"""`
			`username = Config.get_config("web-ui", "username")`
			`password = Config.get_config("web-ui", "password")`
			`if username and password and uname == username:`
			`return User(username=username, password=password)`


			`def create_token(user: User, expires_delta: timedelta \| None = None):`
			`"""创建token`

			`参数:`
			`user: 用户信息`
			`expires_delta: 过期时间.`
			`"""`
🎨 修复bug，移除plugins文件夹 2024-08-29 22:01:34 +08:00			`expire = datetime.now(timezone.utc) + (expires_delta or timedelta(minutes=15))`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00			`return jwt.encode(`
			`claims={"sub": user.username, "exp": expire},`
🎨 代码优化 (#1582) 2024-08-26 19:20:22 +08:00			`key=Config.get_config("web-ui", "secret"),`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00			`algorithm=ALGORITHM,`
			`)`


			`def authentication():`
			`"""权限验证`

			`异常:`
			`JWTError: JWTError`
			`HTTPException: HTTPException`
			`"""`

			`# if token not in token_data["token"]:`
			`def inner(token: str = Depends(oauth2_scheme)):`
			`try:`
🎨 修复bug，移除plugins文件夹 2024-08-29 22:01:34 +08:00			`payload = jwt.decode(`
			`token, Config.get_config("web-ui", "secret"), algorithms=[ALGORITHM]`
			`)`
			`username, _ = payload.get("sub"), payload.get("exp")`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00			`user = get_user(username) # type: ignore`
			`if user is None:`
			`raise JWTError`
			`except JWTError:`
			`raise HTTPException(`
			`status_code=400, detail="登录验证失败或已失效, 踢出房间!"`
			`)`

			`return Depends(inner)`


			`def _get_dir_size(dir_path: Path) -> float:`
			`"""获取文件夹大小`

			`参数:`
			`dir_path: 文件夹路径`
			`"""`
🎨 修复bug，移除plugins文件夹 2024-08-29 22:01:34 +08:00			`return sum(`
			`sum(os.path.getsize(os.path.join(root, name)) for name in files)`
			`for root, dirs, files in os.walk(dir_path)`
			`)`
feat✨: 新增Web UI功能及数据库、日志等API接口 2024-07-31 04:58:29 +08:00

			`@run_sync`
			`def get_system_status() -> SystemStatus:`
			`"""获取系统信息等"""`
			`cpu = psutil.cpu_percent()`
			`memory = psutil.virtual_memory().percent`
			`disk = psutil.disk_usage("/").percent`
			`return SystemStatus(`
			`cpu=cpu,`
			`memory=memory,`
			`disk=disk,`
			`check_time=datetime.now().replace(microsecond=0),`
			`)`


			`@run_sync`
			`def get_system_disk(`
			`full_path: str \| None,`
			`) -> list[SystemFolderSize]:`
			`"""获取资源文件大小等"""`
			`base_path = Path(full_path) if full_path else Path()`
			`other_size = 0`
			`data_list = []`
			`for file in os.listdir(base_path):`
			`f = base_path / file`
			`if f.is_dir():`
			`size = _get_dir_size(f) / 1024 / 1024`
			`data_list.append(`
			`SystemFolderSize(name=file, size=size, full_path=str(f), is_dir=True)`
			`)`
			`else:`
			`other_size += f.stat().st_size / 1024 / 1024`
			`if other_size:`
			`data_list.append(`
			`SystemFolderSize(`
			`name="other_file", size=other_size, full_path=full_path, is_dir=False`
			`)`
			`)`
			`return data_list`