Update app.py
Browse files
app.py
CHANGED
@@ -1,46 +1,65 @@
|
|
1 |
-
"""
|
2 |
-
API密钥管理系统 - 主应用文件
|
3 |
-
提供API密钥的添加、编辑、删除和管理功能
|
4 |
-
"""
|
5 |
-
|
6 |
-
|
7 |
-
|
8 |
-
|
9 |
-
|
10 |
-
|
11 |
-
|
12 |
-
|
13 |
-
|
14 |
-
|
15 |
-
|
16 |
-
|
17 |
-
|
18 |
-
|
19 |
-
|
20 |
-
|
21 |
-
#
|
22 |
-
|
23 |
-
|
24 |
-
|
25 |
-
|
26 |
-
|
27 |
-
|
28 |
-
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
#
|
41 |
-
app.
|
42 |
-
|
43 |
-
|
44 |
-
#
|
45 |
-
if
|
46 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
"""
|
2 |
+
API密钥管理系统 - 主应用文件
|
3 |
+
提供API密钥的添加、编辑、删除和管理功能
|
4 |
+
"""
|
5 |
+
import os
|
6 |
+
import time
|
7 |
+
import datetime
|
8 |
+
import pytz
|
9 |
+
from flask import Flask, redirect, url_for, request, jsonify
|
10 |
+
from werkzeug.middleware.proxy_fix import ProxyFix
|
11 |
+
|
12 |
+
# 导入配置
|
13 |
+
from config import SECRET_KEY
|
14 |
+
|
15 |
+
# 设置时区为UTC+8 (亚洲/上海),兼容Linux和Windows环境
|
16 |
+
os.environ['TZ'] = 'Asia/Shanghai'
|
17 |
+
try:
|
18 |
+
# Linux环境设置
|
19 |
+
time.tzset()
|
20 |
+
except AttributeError:
|
21 |
+
# Windows环境不支持tzset,使用pytz设置
|
22 |
+
pass
|
23 |
+
|
24 |
+
# 确保datetime使用正确的时区
|
25 |
+
default_tz = pytz.timezone('Asia/Shanghai')
|
26 |
+
|
27 |
+
# 导入路由蓝图
|
28 |
+
from routes.web import web_bp
|
29 |
+
from routes.api import api_bp
|
30 |
+
|
31 |
+
# 导入认证模块
|
32 |
+
from utils.auth import AuthManager
|
33 |
+
|
34 |
+
# 创建Flask应用
|
35 |
+
app = Flask(__name__)
|
36 |
+
# 应用ProxyFix中间件,使应用能够获取用户真实IP
|
37 |
+
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1)
|
38 |
+
app.secret_key = SECRET_KEY
|
39 |
+
|
40 |
+
# 认证中间件 - 验证所有请求
|
41 |
+
@app.before_request
|
42 |
+
def authenticate():
|
43 |
+
"""请求拦截器 - 验证所有需要认证的请求"""
|
44 |
+
# 登录和静态资源路径不需要验证
|
45 |
+
if request.path == '/login' or request.path.startswith('/static/'):
|
46 |
+
return
|
47 |
+
|
48 |
+
# 从Cookie中获取令牌
|
49 |
+
token = request.cookies.get('auth_token')
|
50 |
+
|
51 |
+
# 验证令牌
|
52 |
+
if not AuthManager.verify_token(token):
|
53 |
+
# 如果是AJAX请求,返回401状态码
|
54 |
+
if request.headers.get('X-Requested-With') == 'XMLHttpRequest' or request.path.startswith('/api/'):
|
55 |
+
return jsonify({"success": False, "error": "未授权访问"}), 401
|
56 |
+
# 否则重定向到登录页面
|
57 |
+
return redirect(url_for('web.login'))
|
58 |
+
|
59 |
+
# 注册蓝图
|
60 |
+
app.register_blueprint(web_bp)
|
61 |
+
app.register_blueprint(api_bp)
|
62 |
+
|
63 |
+
# 入口点
|
64 |
+
if __name__ == '__main__':
|
65 |
+
app.run(debug=True, host='0.0.0.0', port=7860)
|