|
|
|
@ -0,0 +1,145 @@
|
|
|
|
|
# SACN Account System
|
|
|
|
|
|
|
|
|
|
使用 fastapi 开发的异步简易、快速、轻量的帐号认证系统,UI使用 mdui2。
|
|
|
|
|
|
|
|
|
|
## 性能
|
|
|
|
|
|
|
|
|
|
自测:
|
|
|
|
|
|
|
|
|
|
```text
|
|
|
|
|
OS: Arch Linux x86_64
|
|
|
|
|
Shell: bash 5.2.32 (tty)
|
|
|
|
|
CPU: Intel Celeron G1840 (2) @ 2.800GHz
|
|
|
|
|
GPU: Intel HD Graphics
|
|
|
|
|
Memory: 5232MiB / 11664MiB
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
> 使用 apipost 一键压测功能进行测试
|
|
|
|
|
|
|
|
|
|
标准输出重定向至 `/dev/null` 情况下:
|
|
|
|
|
|
|
|
|
|
- `/login` 最大 7000 并发 0 出错,10000 并发下约 6% 出错
|
|
|
|
|
- `/api/changepasswd` 最大 5000 并发 0 出错 (均为成功的请求)
|
|
|
|
|
|
|
|
|
|
保证用户(本地另一台机器)访问稳定在 500ms 以内的正常负载是 2000 并发(压测 `/login` 下)
|
|
|
|
|
|
|
|
|
|
## 如何安装
|
|
|
|
|
|
|
|
|
|
要求:python >= 3.12
|
|
|
|
|
|
|
|
|
|
请先安装 `requirements.txt` 内的依赖
|
|
|
|
|
|
|
|
|
|
然后复制配置文件:`config/config.sample.toml` 到 `config/config.toml`
|
|
|
|
|
|
|
|
|
|
> docker 用户请从仓库复制整个文件夹并且挂载 `./config:/auth/config`
|
|
|
|
|
|
|
|
|
|
编辑配置文件。
|
|
|
|
|
|
|
|
|
|
然后可以直接启动 `main.py`。
|
|
|
|
|
|
|
|
|
|
然后,访问 `你的IP/manager/init?key=配置文件中设置的key` 初始化数据库
|
|
|
|
|
|
|
|
|
|
## 配置文件
|
|
|
|
|
|
|
|
|
|
> 标 `!` 是为必填项
|
|
|
|
|
|
|
|
|
|
```toml
|
|
|
|
|
[db]
|
|
|
|
|
host = !数据库主机名
|
|
|
|
|
port = 3306 数据库端口号
|
|
|
|
|
user = !数据库用户
|
|
|
|
|
passwd = !数据库密码
|
|
|
|
|
db = !数据库名
|
|
|
|
|
maxsize = 100 最大连接数
|
|
|
|
|
minsize = 10 最小连接数
|
|
|
|
|
|
|
|
|
|
[common]
|
|
|
|
|
algorithm = "HS256" 使用的加密算法
|
|
|
|
|
access_token_expire_minutes = 60 token过期时长(min)
|
|
|
|
|
access_email_expire_minutes = 10 注册邮件过期时长(min)
|
|
|
|
|
root = !这个帐号服务的域名,需要有 http(s)://
|
|
|
|
|
clean_timeout = 3600 清理过期验证码的时长
|
|
|
|
|
manage_key = !管理key,保留
|
|
|
|
|
redirect_url_whitelist = ["/user", "/login", "/signup", 你的其它服务的完整路径,不包括https和末尾的斜杠]
|
|
|
|
|
|
|
|
|
|
[email]
|
|
|
|
|
smtp_srv = !邮件SMTP服务器
|
|
|
|
|
port = 465 邮件SMTP端口
|
|
|
|
|
addr = !邮箱
|
|
|
|
|
passwd = !邮箱的授权码(部分情况就是密码,部分情况需要申请)
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## 内置扩展
|
|
|
|
|
|
|
|
|
|
在配置扩展时,可删除或重命名 config 内扩展同名条目如 `[flarum]` 以禁用扩展
|
|
|
|
|
|
|
|
|
|
### flarum
|
|
|
|
|
|
|
|
|
|
config 下有以下配置:
|
|
|
|
|
|
|
|
|
|
```toml
|
|
|
|
|
[flarum]
|
|
|
|
|
fl_server = !你的flarum服务器
|
|
|
|
|
fl_apikey = !你的flarum管理员创建的长期token,最好使用无限日期的开发者token,请参考官方文档创建
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
然后需要调整 flarum 的 nginx 配置(反向代理):
|
|
|
|
|
|
|
|
|
|
```nginx
|
|
|
|
|
location ^~ /app/flarum {
|
|
|
|
|
proxy_pass 你的帐号验证地址;
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
proxy_set_header REMOTE-HOST $remote_addr;
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
|
add_header X-Cache $upstream_cache_status;
|
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
然后在 flarum 的自定义页脚配置:
|
|
|
|
|
|
|
|
|
|
```html
|
|
|
|
|
<script src="/app/flarum/patch.js"></script>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
会替换到新的登录内容
|
|
|
|
|
|
|
|
|
|
## 扩展开发
|
|
|
|
|
|
|
|
|
|
在plugin下放置一个.py文件,并在config中添加同名空条目。
|
|
|
|
|
|
|
|
|
|
然后实现以下方法:
|
|
|
|
|
|
|
|
|
|
- `async def reload()` 动态重载配置
|
|
|
|
|
- `def main(app: FastAPI, ROOT: str, apikeys: pygtrie.StringTrie)`
|
|
|
|
|
注意: 访问 apikeys 时,使用以下代码:
|
|
|
|
|
|
|
|
|
|
```python
|
|
|
|
|
import datatime
|
|
|
|
|
|
|
|
|
|
async def check_apikey(tkn: str):
|
|
|
|
|
tkn = '/'.join(list(tkn))
|
|
|
|
|
res = apikeys.get(tkn, None)
|
|
|
|
|
if (res is None):
|
|
|
|
|
return ""
|
|
|
|
|
if (res[1] < datetime.now()):
|
|
|
|
|
del apikeys[tkn]
|
|
|
|
|
return ""
|
|
|
|
|
return res[0]
|
|
|
|
|
|
|
|
|
|
await check_apikey(your_key)
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
可使用 `server.db` 的以下方法:
|
|
|
|
|
|
|
|
|
|
```python
|
|
|
|
|
async def check_user(username: str) # 判断用户是否存在
|
|
|
|
|
async def get_email(username: str) # 获取用户邮箱
|
|
|
|
|
```
|