增加环绕侦察场景适配

2026-01-08 15:44:38 +08:00
parent 3eba1f962b
commit 10c5bb5a8a
5441 changed files with 40219 additions and 379695 deletions
--- a/backend_service/venv/lib/python3.13/site-packages/fastapi/security/oauth2.py
+++ b/backend_service/venv/lib/python3.13/site-packages/fastapi/security/oauth2.py
@@ -1,4 +1,4 @@
-from typing import Any, Dict, List, Optional, Union, cast
+from typing import Annotated, Any, Optional, Union, cast

 from annotated_doc import Doc
 from fastapi.exceptions import HTTPException
@@ -8,10 +8,7 @@ from fastapi.param_functions import Form
 from fastapi.security.base import SecurityBase
 from fastapi.security.utils import get_authorization_scheme_param
 from starlette.requests import Request
-from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN
-
-# TODO: import from typing when deprecating Python 3.9
-from typing_extensions import Annotated
+from starlette.status import HTTP_401_UNAUTHORIZED


 class OAuth2PasswordRequestForm:
@@ -323,7 +320,7 @@ class OAuth2(SecurityBase):
        self,
        *,
        flows: Annotated[
-            Union[OAuthFlowsModel, Dict[str, Dict[str, Any]]],
+            Union[OAuthFlowsModel, dict[str, dict[str, Any]]],
            Doc(
                """
                The dictionary of OAuth2 flows.
@@ -377,13 +374,33 @@ class OAuth2(SecurityBase):
        self.scheme_name = scheme_name or self.__class__.__name__
        self.auto_error = auto_error

+    def make_not_authenticated_error(self) -> HTTPException:
+        """
+        The OAuth 2 specification doesn't define the challenge that should be used,
+        because a `Bearer` token is not really the only option to authenticate.
+
+        But declaring any other authentication challenge would be application-specific
+        as it's not defined in the specification.
+
+        For practical reasons, this method uses the `Bearer` challenge by default, as
+        it's probably the most common one.
+
+        If you are implementing an OAuth2 authentication scheme other than the provided
+        ones in FastAPI (based on bearer tokens), you might want to override this.
+
+        Ref: https://datatracker.ietf.org/doc/html/rfc6749
+        """
+        return HTTPException(
+            status_code=HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
    async def __call__(self, request: Request) -> Optional[str]:
        authorization = request.headers.get("Authorization")
        if not authorization:
            if self.auto_error:
-                raise HTTPException(
-                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
-                )
+                raise self.make_not_authenticated_error()
            else:
                return None
        return authorization
@@ -420,7 +437,7 @@ class OAuth2PasswordBearer(OAuth2):
            ),
        ] = None,
        scopes: Annotated[
-            Optional[Dict[str, str]],
+            Optional[dict[str, str]],
            Doc(
                """
                The OAuth2 scopes that would be required by the *path operations* that
@@ -491,11 +508,7 @@ class OAuth2PasswordBearer(OAuth2):
        scheme, param = get_authorization_scheme_param(authorization)
        if not authorization or scheme.lower() != "bearer":
            if self.auto_error:
-                raise HTTPException(
-                    status_code=HTTP_401_UNAUTHORIZED,
-                    detail="Not authenticated",
-                    headers={"WWW-Authenticate": "Bearer"},
-                )
+                raise self.make_not_authenticated_error()
            else:
                return None
        return param
@@ -537,7 +550,7 @@ class OAuth2AuthorizationCodeBearer(OAuth2):
            ),
        ] = None,
        scopes: Annotated[
-            Optional[Dict[str, str]],
+            Optional[dict[str, str]],
            Doc(
                """
                The OAuth2 scopes that would be required by the *path operations* that
@@ -601,11 +614,7 @@ class OAuth2AuthorizationCodeBearer(OAuth2):
        scheme, param = get_authorization_scheme_param(authorization)
        if not authorization or scheme.lower() != "bearer":
            if self.auto_error:
-                raise HTTPException(
-                    status_code=HTTP_401_UNAUTHORIZED,
-                    detail="Not authenticated",
-                    headers={"WWW-Authenticate": "Bearer"},
-                )
+                raise self.make_not_authenticated_error()
            else:
                return None  # pragma: nocover
        return param
@@ -627,7 +636,7 @@ class SecurityScopes:
    def __init__(
        self,
        scopes: Annotated[
-            Optional[List[str]],
+            Optional[list[str]],
            Doc(
                """
                This will be filled by FastAPI.
@@ -636,7 +645,7 @@ class SecurityScopes:
        ] = None,
    ):
        self.scopes: Annotated[
-            List[str],
+            list[str],
            Doc(
                """
                The list of all the scopes required by dependencies.