feat(*): 添加测试项目代码

2026-05-01 21:22:57 +08:00
commit f4eba61365
15 changed files with 1599 additions and 0 deletions
--- a/middleware.py
+++ b/middleware.py
@@ -0,0 +1,37 @@
+"""鉴权中间件：校验请求中的 API Key。"""
+
+import uuid
+
+from aiohttp import web
+
+from config import WEBHOOK_API_KEY
+from response import error
+
+
+@web.middleware
+async def auth_middleware(request: web.Request, handler):
+    """对 /upload 和 /webhook 路径强制校验 API Key。"""
+    # 健康检查不需要鉴权
+    if request.path == "/healthz":
+        return await handler(request)
+
+    auth_header = request.headers.get("Authorization", "")
+    if auth_header.startswith("Bearer "):
+        key = auth_header[len("Bearer "):]
+    else:
+        key = request.headers.get("X-API-Key", "")
+
+    if key != WEBHOOK_API_KEY:
+        return error("unauthorized", code=401, status=401)
+
+    return await handler(request)
+
+
+@web.middleware
+async def request_id_middleware(request: web.Request, handler):
+    """为每个请求附加唯一 request_id，便于日志追踪。"""
+    request_id = request.headers.get("X-Request-ID", uuid.uuid4().hex[:12])
+    request["request_id"] = request_id
+    response = await handler(request)
+    response.headers["X-Request-ID"] = request_id
+    return response