feat: 增加人脸识别功能

apps/authentication/api/mfa.py

@@ -1,29 +1,128 @@
 # -*- coding: utf-8 -*-
 #
+import uuid
 
+from django.core.cache import cache
 from django.shortcuts import get_object_or_404
 from django.utils.translation import gettext as _
 from rest_framework import exceptions
-from rest_framework.generics import CreateAPIView
+from rest_framework.generics import CreateAPIView, RetrieveAPIView
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.serializers import ValidationError
+from rest_framework.exceptions import NotFound
 
 from common.exceptions import JMSException, UnexpectError
+from common.permissions import WithBootstrapToken, IsServiceAccount
 from common.utils import get_logger
 from users.models.user import User
 from .. import errors
 from .. import serializers
+from ..const import MFA_FACE_CONTEXT_CACHE_KEY_PREFIX, MFA_FACE_SESSION_KEY
 from ..errors import SessionEmptyError
 from ..mixins import AuthMixin
 
 logger = get_logger(__name__)
 
 __all__ = [
-    'MFAChallengeVerifyApi', 'MFASendCodeApi'
+    'MFAChallengeVerifyApi', 'MFASendCodeApi',
+    'MFAFaceCallbackApi', 'MFAFaceContextApi'
 ]
 
 
+class MFAFaceCallbackApi(AuthMixin, CreateAPIView):
+    permission_classes = (IsServiceAccount,)
+    serializer_class = serializers.MFAFaceCallbackSerializer
+
+    def perform_create(self, serializer):
+        token = serializer.validated_data.get('token')
+        context = self._get_context_from_cache(token)
+
+        if not serializer.validated_data.get('success', False):
+            self._update_context_with_error(
+                context,
+                serializer.validated_data.get('error_message', 'Unknown error')
+            )
+            return Response(status=200)
+
+        face_code = serializer.validated_data.get('face_code')
+        if not face_code:
+            self._update_context_with_error(context, "missing field 'face_code'")
+            raise ValidationError({'error': "missing field 'face_code'"})
+
+        self._handle_success(context, face_code)
+        return Response(status=200)
+
+    @staticmethod
+    def get_face_cache_key(token):
+        return f"{MFA_FACE_CONTEXT_CACHE_KEY_PREFIX}_{token}"
+
+    def _get_context_from_cache(self, token):
+        cache_key = self.get_face_cache_key(token)
+        context = cache.get(cache_key)
+        if not context:
+            raise ValidationError({'error': "token not exists or expired"})
+        return context
+
+    def _update_context_with_error(self, context, error_message):
+        context.update({
+            'is_finished': True,
+            'success': False,
+            'error_message': error_message,
+        })
+        self._update_cache(context)
+
+    def _update_cache(self, context):
+        cache_key = self.get_face_cache_key(context['token'])
+        cache.set(cache_key, context, 3600)
+
+    def _handle_success(self, context, face_code):
+        context.update({
+            'is_finished': True,
+            'success': True,
+            'face_code': face_code
+        })
+        self._update_cache(context)
+
+
+class MFAFaceContextApi(AuthMixin, RetrieveAPIView, CreateAPIView):
+    permission_classes = (AllowAny,)
+    face_token_session_key = MFA_FACE_SESSION_KEY
+
+    @staticmethod
+    def get_face_cache_key(token):
+        return f"{MFA_FACE_CONTEXT_CACHE_KEY_PREFIX}_{token}"
+
+    def new_face_context(self):
+        token = uuid.uuid4().hex
+        cache_key = self.get_face_cache_key(token)
+        face_context = {
+            "token": token,
+            "is_finished": False
+        }
+        cache.set(cache_key, face_context)
+        self.request.session[self.face_token_session_key] = token
+        return token
+
+    def post(self, request, *args, **kwargs):
+        token = self.new_face_context()
+        return Response({'token': token})
+
+    def get(self, request, *args, **kwargs):
+        token = self.request.session.get('mfa_face_token')
+
+        cache_key = self.get_face_cache_key(token)
+        context = cache.get(cache_key)
+        if not context:
+            raise NotFound({'error': "Token does not exist or has expired."})
+
+        return Response({
+            "is_finished": context.get('is_finished', False),
+            "success": context.get('success', False),
+            "error_message": context.get("error_message", '')
+        })
+
+
 # MFASelectAPi 原来的名字
 class MFASendCodeApi(AuthMixin, CreateAPIView):
     """