feat(private): initialize private API

2025-08-11 14:41:07 +00:00
parent d8c607137a
commit 8acd4578e2
7 changed files with 65 additions and 1 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -37,6 +37,7 @@ class Settings(BaseSettings):
    host: str = "0.0.0.0"
    port: int = 8000
    debug: bool = False
+    private_api_secret: str = "your_private_api_secret_here"

    # SignalR 设置
    signalr_negotiate_timeout: int = 30
--- a/app/router/init.py
+++ b/app/router/init.py
@@ -4,6 +4,13 @@ from app.signalr import signalr_router as signalr_router

 from .auth import router as auth_router
 from .fetcher import fetcher_router as fetcher_router
+from .private import private_router as private_router
 from .v2 import api_v2_router as api_v2_router

-__all__ = ["api_v2_router", "auth_router", "fetcher_router", "signalr_router"]
+__all__ = [
+    "api_v2_router",
+    "auth_router",
+    "fetcher_router",
+    "private_router",
+    "signalr_router",
+]
--- a/app/router/private/init.py
+++ b/app/router/private/init.py
@@ -0,0 +1,7 @@
+from __future__ import annotations
+
+from .router import router as private_router
+
+__all__ = [
+    "private_router",
+]
--- a/app/router/private/router.py
+++ b/app/router/private/router.py
@@ -0,0 +1,39 @@
+from __future__ import annotations
+
+import hashlib
+import hmac
+import time
+
+from app.config import settings
+
+from fastapi import APIRouter, Depends, Header, HTTPException, Request
+
+
+async def verify_signature(
+    request: Request,
+    ts: int = Header(..., alias="X-Timestamp"),
+    nonce: str = Header(..., alias="X-Nonce"),
+    signature: str = Header(..., alias="X-Signature"),
+):
+    path = request.url.path
+    data = await request.body()
+    body = data.decode("utf-8")
+
+    py_ts = ts // 1000
+    if abs(time.time() - py_ts) > 30:
+        raise HTTPException(status_code=403, detail="Invalid timestamp")
+
+    payload = f"{path}|{body}|{ts}|{nonce}"
+    expected_sig = hmac.new(
+        settings.private_api_secret.encode(), payload.encode(), hashlib.sha256
+    ).hexdigest()
+
+    if not hmac.compare_digest(expected_sig, signature):
+        raise HTTPException(status_code=403, detail="Invalid signature")
+
+
+router = APIRouter(
+    prefix="/api/private",
+    dependencies=[Depends(verify_signature)],
+    include_in_schema=False,
+)