perf: 优化用户 access key 的使用和创建 (#11776)

* perf: 优化用户 access key 的使用和创建 * perf: 优化 access key api --------- Co-authored-by: ibuler <ibuler@qq.com>
2025-09-01 15:37:19 +00:00 · 2023-10-10 17:52:52 +08:00
parent 30b19d31eb
commit 333746e7c4
28 changed files with 417 additions and 330 deletions
--- a/apps/authentication/api/access_key.py
+++ b/apps/authentication/api/access_key.py
@@ -1,20 +1,44 @@
 # -*- coding: utf-8 -*-
 #

-from rest_framework.viewsets import ModelViewSet
+from django.utils.translation import gettext as _
+from rest_framework import serializers
+from rest_framework.response import Response

+from common.api import JMSModelViewSet
+from common.permissions import UserConfirmation
 from rbac.permissions import RBACPermission
+from ..const import ConfirmType
 from ..serializers import AccessKeySerializer


-class AccessKeyViewSet(ModelViewSet):
+class AccessKeyViewSet(JMSModelViewSet):
    serializer_class = AccessKeySerializer
-    search_fields = ['^id', '^secret']
+    search_fields = ['^id']
    permission_classes = [RBACPermission]

    def get_queryset(self):
        return self.request.user.access_keys.all()

+    def get_permissions(self):
+        if self.is_swagger_request():
+            return super().get_permissions()
+
+        if self.action == 'create':
+            self.permission_classes = [
+                RBACPermission, UserConfirmation.require(ConfirmType.PASSWORD)
+            ]
+        return super().get_permissions()
+
    def perform_create(self, serializer):
        user = self.request.user
-        user.create_access_key()
+        if user.access_keys.count() >= 10:
+            raise serializers.ValidationError(_('Access keys can be created at most 10'))
+        key = user.create_access_key()
+        return key
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        key = self.perform_create(serializer)
+        return Response({'secret': key.secret, 'id': key.id}, status=201)
--- a/apps/authentication/api/confirm.py
+++ b/apps/authentication/api/confirm.py
@@ -13,7 +13,7 @@ from ..serializers import ConfirmSerializer


 class ConfirmBindORUNBindOAuth(RetrieveAPIView):
-    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.ReLogin),)
+    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.RELOGIN),)

    def retrieve(self, request, *args, **kwargs):
        return Response('ok')
@@ -24,7 +24,7 @@ class ConfirmApi(RetrieveAPIView, CreateAPIView):
    serializer_class = ConfirmSerializer

    def get_confirm_backend(self, confirm_type):
-        backend_classes = ConfirmType.get_can_confirm_backend_classes(confirm_type)
+        backend_classes = ConfirmType.get_prop_backends(confirm_type)
        if not backend_classes:
            return
        for backend_cls in backend_classes:
@@ -34,7 +34,7 @@ class ConfirmApi(RetrieveAPIView, CreateAPIView):
            return backend

    def retrieve(self, request, *args, **kwargs):
-        confirm_type = request.query_params.get('confirm_type')
+        confirm_type = request.query_params.get('confirm_type', 'password')
        backend = self.get_confirm_backend(confirm_type)
        if backend is None:
            msg = _('This action require verify your MFA')
@@ -51,7 +51,7 @@ class ConfirmApi(RetrieveAPIView, CreateAPIView):
        serializer.is_valid(raise_exception=True)
        validated_data = serializer.validated_data

-        confirm_type = validated_data.get('confirm_type')
+        confirm_type = validated_data.get('confirm_type', 'password')
        mfa_type = validated_data.get('mfa_type')
        secret_key = validated_data.get('secret_key')

--- a/apps/authentication/api/dingtalk.py
+++ b/apps/authentication/api/dingtalk.py
@@ -27,7 +27,7 @@ class DingTalkQRUnBindBase(APIView):


 class DingTalkQRUnBindForUserApi(RoleUserMixin, DingTalkQRUnBindBase):
-    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.ReLogin),)
+    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.RELOGIN),)


 class DingTalkQRUnBindForAdminApi(RoleAdminMixin, DingTalkQRUnBindBase):
--- a/apps/authentication/api/feishu.py
+++ b/apps/authentication/api/feishu.py
@@ -27,7 +27,7 @@ class FeiShuQRUnBindBase(APIView):


 class FeiShuQRUnBindForUserApi(RoleUserMixin, FeiShuQRUnBindBase):
-    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.ReLogin),)
+    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.RELOGIN),)


 class FeiShuQRUnBindForAdminApi(RoleAdminMixin, FeiShuQRUnBindBase):
--- a/apps/authentication/api/wecom.py
+++ b/apps/authentication/api/wecom.py
@@ -27,7 +27,7 @@ class WeComQRUnBindBase(APIView):


 class WeComQRUnBindForUserApi(RoleUserMixin, WeComQRUnBindBase):
-    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.ReLogin),)
+    permission_classes = (IsValidUser, UserConfirmation.require(ConfirmType.RELOGIN),)


 class WeComQRUnBindForAdminApi(RoleAdminMixin, WeComQRUnBindBase):