claw/insightflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: auto-fix code issues (cron)

Browse Source 
- 修复重复导入/字段
- 修复异常处理
- 修复PEP8格式问题
- 添加类型注解
This commit is contained in:
OpenClaw Bot
2026-02-27 18:09:24 +08:00
parent 646b64daf7
commit 17bda3dbce
38 changed files with 1993 additions and 1972 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
backend/security_manager.py
View File

@@ -3,16 +3,16 @@ InsightFlow Phase 7 Task 3: 数据安全与合规模块
Security Manager - 端到端加密、数据脱敏、审计日志
"""
import json
import hashlib
import secrets
import base64
import hashlib
import json
import re
from datetime import datetime, timedelta
from typing import List, Optional, Dict, Any, Tuple
from dataclasses import dataclass, field, asdict
from enum import Enum
import secrets
import sqlite3
from dataclasses import asdict, dataclass, field
from datetime import datetime, timedelta
from enum import Enum
from typing import Any
# 加密相关
try:
@@ -71,19 +71,19 @@ class AuditLog:
"""审计日志条目"""
id: str
action_type: str
user_id: Optional[str] = None
user_ip: Optional[str] = None
user_agent: Optional[str] = None
resource_type: Optional[str] = None # project, entity, transcript, etc.
resource_id: Optional[str] = None
action_details: Optional[str] = None # JSON string
before_value: Optional[str] = None
after_value: Optional[str] = None
user_id: str | None = None
user_ip: str | None = None
user_agent: str | None = None
resource_type: str | None = None # project, entity, transcript, etc.
resource_id: str | None = None
action_details: str | None = None # JSON string
before_value: str | None = None
after_value: str | None = None
success: bool = True
error_message: Optional[str] = None
error_message: str | None = None
created_at: str = field(default_factory=lambda: datetime.now().isoformat())
def to_dict(self) -> Dict[str, Any]:
def to_dict(self) -> dict[str, Any]:
return asdict(self)
@@ -95,12 +95,12 @@ class EncryptionConfig:
is_enabled: bool = False
encryption_type: str = "aes-256-gcm" # aes-256-gcm, chacha20-poly1305
key_derivation: str = "pbkdf2" # pbkdf2, argon2
master_key_hash: Optional[str] = None # 主密钥哈希(用于验证)
salt: Optional[str] = None
master_key_hash: str | None = None # 主密钥哈希(用于验证)
salt: str | None = None
created_at: str = field(default_factory=lambda: datetime.now().isoformat())
updated_at: str = field(default_factory=lambda: datetime.now().isoformat())
def to_dict(self) -> Dict[str, Any]:
def to_dict(self) -> dict[str, Any]:
return asdict(self)
@@ -115,11 +115,11 @@ class MaskingRule:
replacement: str # 替换模板,如 "****"
is_active: bool = True
priority: int = 0
description: Optional[str] = None
description: str | None = None
created_at: str = field(default_factory=lambda: datetime.now().isoformat())
updated_at: str = field(default_factory=lambda: datetime.now().isoformat())
def to_dict(self) -> Dict[str, Any]:
def to_dict(self) -> dict[str, Any]:
return asdict(self)
@@ -129,18 +129,18 @@ class DataAccessPolicy:
id: str
project_id: str
name: str
description: Optional[str] = None
allowed_users: Optional[str] = None # JSON array of user IDs
allowed_roles: Optional[str] = None # JSON array of roles
allowed_ips: Optional[str] = None # JSON array of IP patterns
time_restrictions: Optional[str] = None # JSON: {"start_time": "09:00", "end_time": "18:00"}
max_access_count: Optional[int] = None # 最大访问次数
description: str | None = None
allowed_users: str | None = None # JSON array of user IDs
allowed_roles: str | None = None # JSON array of roles
allowed_ips: str | None = None # JSON array of IP patterns
time_restrictions: str | None = None # JSON: {"start_time": "09:00", "end_time": "18:00"}
max_access_count: int | None = None # 最大访问次数
require_approval: bool = False
is_active: bool = True
created_at: str = field(default_factory=lambda: datetime.now().isoformat())
updated_at: str = field(default_factory=lambda: datetime.now().isoformat())
def to_dict(self) -> Dict[str, Any]:
def to_dict(self) -> dict[str, Any]:
return asdict(self)
@@ -150,14 +150,14 @@ class AccessRequest:
id: str
policy_id: str
user_id: str
request_reason: Optional[str] = None
request_reason: str | None = None
status: str = "pending" # pending, approved, rejected, expired
approved_by: Optional[str] = None
approved_at: Optional[str] = None
expires_at: Optional[str] = None
approved_by: str | None = None
approved_at: str | None = None
expires_at: str | None = None
created_at: str = field(default_factory=lambda: datetime.now().isoformat())
def to_dict(self) -> Dict[str, Any]:
def to_dict(self) -> dict[str, Any]:
return asdict(self)
@@ -196,7 +196,7 @@ class SecurityManager:
self.db_path = db_path
self.db_path = db_path
# 预编译正则缓存
self._compiled_patterns: Dict[str, re.Pattern] = {}
self._compiled_patterns: dict[str, re.Pattern] = {}
self._local = {}
self._init_db()
@@ -317,16 +317,16 @@ class SecurityManager:
def log_audit(
self,
action_type: AuditActionType,
user_id: Optional[str] = None,
user_ip: Optional[str] = None,
user_agent: Optional[str] = None,
resource_type: Optional[str] = None,
resource_id: Optional[str] = None,
action_details: Optional[Dict] = None,
before_value: Optional[str] = None,
after_value: Optional[str] = None,
user_id: str | None = None,
user_ip: str | None = None,
user_agent: str | None = None,
resource_type: str | None = None,
resource_id: str | None = None,
action_details: dict | None = None,
before_value: str | None = None,
after_value: str | None = None,
success: bool = True,
error_message: Optional[str] = None
error_message: str | None = None
) -> AuditLog:
"""记录审计日志"""
log = AuditLog(
@@ -364,16 +364,16 @@ class SecurityManager:
def get_audit_logs(
self,
user_id: Optional[str] = None,
resource_type: Optional[str] = None,
resource_id: Optional[str] = None,
action_type: Optional[str] = None,
start_time: Optional[str] = None,
end_time: Optional[str] = None,
success: Optional[bool] = None,
user_id: str | None = None,
resource_type: str | None = None,
resource_id: str | None = None,
action_type: str | None = None,
start_time: str | None = None,
end_time: str | None = None,
success: bool | None = None,
limit: int = 100,
offset: int = 0
) -> List[AuditLog]:
) -> list[AuditLog]:
"""查询审计日志"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -438,9 +438,9 @@ class SecurityManager:
def get_audit_stats(
self,
start_time: Optional[str] = None,
end_time: Optional[str] = None
) -> Dict[str, Any]:
start_time: str | None = None,
end_time: str | None = None
) -> dict[str, Any]:
"""获取审计统计"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -633,7 +633,7 @@ class SecurityManager:
return key_hash == stored_hash
def get_encryption_config(self, project_id: str) -> Optional[EncryptionConfig]:
def get_encryption_config(self, project_id: str) -> EncryptionConfig | None:
"""获取加密配置"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -664,8 +664,8 @@ class SecurityManager:
self,
data: str,
password: str,
salt: Optional[str] = None
) -> Tuple[str, str]:
salt: str | None = None
) -> tuple[str, str]:
"""加密数据"""
if not CRYPTO_AVAILABLE:
raise RuntimeError("cryptography library not available")
@@ -702,9 +702,9 @@ class SecurityManager:
project_id: str,
name: str,
rule_type: MaskingRuleType,
pattern: Optional[str] = None,
replacement: Optional[str] = None,
description: Optional[str] = None,
pattern: str | None = None,
replacement: str | None = None,
description: str | None = None,
priority: int = 0
) -> MaskingRule:
"""创建脱敏规则"""
@@ -756,7 +756,7 @@ class SecurityManager:
self,
project_id: str,
active_only: bool = True
) -> List[MaskingRule]:
) -> list[MaskingRule]:
"""获取脱敏规则"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -795,7 +795,7 @@ class SecurityManager:
self,
rule_id: str,
**kwargs
) -> Optional[MaskingRule]:
) -> MaskingRule | None:
"""更新脱敏规则"""
allowed_fields = ["name", "pattern", "replacement", "is_active", "priority", "description"]
@@ -868,7 +868,7 @@ class SecurityManager:
self,
text: str,
project_id: str,
rule_types: Optional[List[MaskingRuleType]] = None
rule_types: list[MaskingRuleType] | None = None
) -> str:
"""应用脱敏规则到文本"""
rules = self.get_masking_rules(project_id)
@@ -897,9 +897,9 @@ class SecurityManager:
def apply_masking_to_entity(
self,
entity_data: Dict[str, Any],
entity_data: dict[str, Any],
project_id: str
) -> Dict[str, Any]:
) -> dict[str, Any]:
"""对实体数据应用脱敏"""
masked_data = entity_data.copy()
@@ -918,12 +918,12 @@ class SecurityManager:
self,
project_id: str,
name: str,
description: Optional[str] = None,
allowed_users: Optional[List[str]] = None,
allowed_roles: Optional[List[str]] = None,
allowed_ips: Optional[List[str]] = None,
time_restrictions: Optional[Dict] = None,
max_access_count: Optional[int] = None,
description: str | None = None,
allowed_users: list[str] | None = None,
allowed_roles: list[str] | None = None,
allowed_ips: list[str] | None = None,
time_restrictions: dict | None = None,
max_access_count: int | None = None,
require_approval: bool = False
) -> DataAccessPolicy:
"""创建数据访问策略"""
@@ -966,7 +966,7 @@ class SecurityManager:
self,
project_id: str,
active_only: bool = True
) -> List[DataAccessPolicy]:
) -> list[DataAccessPolicy]:
"""获取数据访问策略"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -1005,8 +1005,8 @@ class SecurityManager:
self,
policy_id: str,
user_id: str,
user_ip: Optional[str] = None
) -> Tuple[bool, Optional[str]]:
user_ip: str | None = None
) -> tuple[bool, str | None]:
"""检查访问权限"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -1107,7 +1107,7 @@ class SecurityManager:
self,
policy_id: str,
user_id: str,
request_reason: Optional[str] = None,
request_reason: str | None = None,
expires_hours: int = 24
) -> AccessRequest:
"""创建访问请求"""
@@ -1142,7 +1142,7 @@ class SecurityManager:
request_id: str,
approved_by: str,
expires_hours: int = 24
) -> Optional[AccessRequest]:
) -> AccessRequest | None:
"""批准访问请求"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
@@ -1182,7 +1182,7 @@ class SecurityManager:
self,
request_id: str,
rejected_by: str
) -> Optional[AccessRequest]:
) -> AccessRequest | None:
"""拒绝访问请求"""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()