chore: update GitHub Actions and refactor authentication logic

cubxxw · cubxxw · commit 01f3c8b67716 · 2025-05-19T01:24:49.000+08:00
- Added pnpm installation step in the GitHub Actions workflow for improved dependency management.
- Updated JWT token decoding in the extension authentication routes to use the jwt library directly.
- Refactored user retrieval logic to utilize session.get for better clarity and performance.
- Modified Google OAuth login parameter type for improved type safety.
- Updated database connection utilities to use the psycopg driver instead of psycopg2 for better compatibility.
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
@@ -109,9 +109,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+    - name: Install pnpm
+      uses: pnpm/action-setup@v3
+      with:
+        version: 9.9.0
     - uses: actions/setup-node@v4
       with:
         node-version: 20
+        cache: 'pnpm'
     - name: Install dependencies
       run: pnpm install --frozen-lockfile
       working-directory: frontend
diff --git a/backend/app/api/routes/extension_auth.py b/backend/app/api/routes/extension_auth.py
@@ -1,13 +1,14 @@
 from datetime import timedelta
 from typing import Any
 
+import jwt
 from fastapi import APIRouter, HTTPException, Request
+from jwt.exceptions import InvalidTokenError
 
-from app import crud
 from app.api.deps import SessionDep
 from app.core import security
 from app.core.config import settings
-from app.models import Token, UserPublic
+from app.models import Token, User, UserPublic
 
 router = APIRouter(tags=["extension"])
 
@@ -24,18 +25,22 @@ def check_extension_auth_status(request: Request, session: SessionDep) -> Any:
         auth_header = request.headers.get("Authorization")
         if auth_header and auth_header.startswith("Bearer "):
             token = auth_header.replace("Bearer ", "")
-            payload = security.decode_access_token(token)
+            payload = jwt.decode(
+                token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
+            )
             user_id = payload.get("sub")
-            user = crud.get_user(session=session, id=user_id)
+            user = session.get(User, user_id)
             if user and user.is_active:
                 return {"authenticated": True, "user": UserPublic.model_validate(user)}
 
         # 从 cookie 获取令牌
         cookie_token = request.cookies.get("accessToken")
         if cookie_token:
-            payload = security.decode_access_token(cookie_token)
+            payload = jwt.decode(
+                cookie_token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
+            )
             user_id = payload.get("sub")
-            user = crud.get_user(session=session, id=user_id)
+            user = session.get(User, user_id)
             if user and user.is_active:
                 return {"authenticated": True, "user": UserPublic.model_validate(user)}
 
@@ -56,9 +61,11 @@ def get_extension_token(request: Request, session: SessionDep) -> Any:
         cookie_token = request.cookies.get("accessToken")
         if cookie_token:
             try:
-                payload = security.decode_access_token(cookie_token)
+                payload = jwt.decode(
+                    cookie_token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
+                )
                 user_id = payload.get("sub")
-                user = crud.get_user(session=session, id=user_id)
+                user = session.get(User, user_id)
 
                 if user and user.is_active:
                     # 为扩展创建新令牌
@@ -70,7 +77,7 @@ def get_extension_token(request: Request, session: SessionDep) -> Any:
                     )
 
                     return Token(access_token=token)
-            except Exception as e:
+            except InvalidTokenError as e:
                 raise HTTPException(status_code=401, detail=f"无效的网页会话: {str(e)}")
 
         raise HTTPException(status_code=401, detail="未找到有效的网页会话")
diff --git a/backend/app/api/routes/google_oauth.py b/backend/app/api/routes/google_oauth.py
@@ -90,7 +90,7 @@ async def google_callback_api(
 @router.get("/login/google")
 async def google_login(
     request: Request,
-    extension_callback: str = None,  # 添加扩展回调链接参数
+    extension_callback: str | None = None,  # 添加扩展回调链接参数
 ):
     """
     Initiate Google OAuth2 authentication flow
diff --git a/backend/app/core/config.py b/backend/app/core/config.py
@@ -207,7 +207,6 @@ def posthog_enabled(self) -> bool:
     # Google OAuth
     GOOGLE_CLIENT_ID: str = ""
     GOOGLE_CLIENT_SECRET: str = ""
-    FRONTEND_HOST: str = "http://localhost:3000"
     # 后端 API URL 配置，可通过环境变量覆盖
     BACKEND_API_URL: str = "http://localhost:8000"
 
diff --git a/backend/app/core/supabase_service.py b/backend/app/core/supabase_service.py
@@ -40,6 +40,7 @@ def get_supabase_client() -> Any | None:
 
     # Create and return the Supabase client
     try:
+        # 使用 type: ignore[attr-defined] 忽略 mypy 警告，因为 supabase 库在运行时确实有 create_client 方法
         client = supabase.create_client(  # type: ignore[attr-defined]
             url, settings.SUPABASE_API_KEY
         )
diff --git a/backend/app/tests/test_initial_data.py b/backend/app/tests/test_initial_data.py
@@ -126,7 +126,7 @@ def test_direct_execution():
         )
 
         # Verify execution was successful
-        assert "Success: Module executed" in result.stdou
+        assert "Success: Module executed" in result.stdout
     finally:
         # Clean up
         if os.path.exists(temp_file):
diff --git a/backend/app/tests/utils/test_db.py b/backend/app/tests/utils/test_db.py
@@ -40,26 +40,26 @@ def get_test_db_url() -> str:
     main_url = str(settings.SQLALCHEMY_DATABASE_URI)
     test_db_name = get_test_db_name()
 
-    # 替换数据库名称部分，并确保使用 psycopg2 驱动
+    # 替换数据库名称部分，并确保使用 psycopg 驱动
     if "postgres://" in main_url or "postgresql://" in main_url:
         # 替换数据库名称
         db_name_part = main_url.split("/")[-1]
         new_url = main_url.replace(db_name_part, test_db_name)
 
-        # 确保使用 psycopg2 驱动
-        if "+psycopg" in new_url:
-            new_url = new_url.replace("+psycopg", "+psycopg2")
+        # 确保使用 psycopg 驱动 (不是 psycopg2)
+        if "+psycopg2" in new_url:
+            new_url = new_url.replace("+psycopg2", "+psycopg")
         elif (
             "postgresql://" in new_url
             and "+psycopg" not in new_url
             and "+psycopg2" not in new_url
         ):
-            new_url = new_url.replace("postgresql://", "postgresql+psycopg2://")
+            new_url = new_url.replace("postgresql://", "postgresql+psycopg://")
 
         return new_url
 
-    # 如无法解析，则构建新的 URL，显式使用 psycopg2
-    return f"postgresql+psycopg2://{settings.POSTGRES_USER}:{settings.POSTGRES_PASSWORD}@{settings.POSTGRES_SERVER}:{settings.POSTGRES_PORT}/{test_db_name}"
+    # 如无法解析，则构建新的 URL，显式使用 psycopg
+    return f"postgresql+psycopg://{settings.POSTGRES_USER}:{settings.POSTGRES_PASSWORD}@{settings.POSTGRES_SERVER}:{settings.POSTGRES_PORT}/{test_db_name}"
 
 
 def get_connection_string() -> str:
@@ -171,12 +171,12 @@ def setup_test_db() -> Engine:
     driver_name = "postgresql+psycopg"
 
     # 使用importlib.util.find_spec检查模块可用性
-    if importlib.util.find_spec("psycopg2"):
-        driver_name = "postgresql+psycopg2"
-        logger.info("Using psycopg2 driver for database connection")
-    elif importlib.util.find_spec("psycopg"):
+    if importlib.util.find_spec("psycopg"):
         driver_name = "postgresql+psycopg"
         logger.info("Using psycopg (v3) driver for database connection")
+    elif importlib.util.find_spec("psycopg2"):
+        driver_name = "postgresql+psycopg2"
+        logger.info("Using psycopg2 driver for database connection")
     else:
         logger.error(
             "Neither psycopg nor psycopg2 is available. Please install one of them."
@@ -248,10 +248,10 @@ def test_database_connection() -> bool:
     driver_name = "postgresql+psycopg"
 
     # 使用importlib.util.find_spec检查模块可用性
-    if importlib.util.find_spec("psycopg2"):
-        driver_name = "postgresql+psycopg2"
-    elif importlib.util.find_spec("psycopg"):
+    if importlib.util.find_spec("psycopg"):
         driver_name = "postgresql+psycopg"
+    elif importlib.util.find_spec("psycopg2"):
+        driver_name = "postgresql+psycopg2"
     else:
         return False  # 如果两个驱动都不可用，则连接失败
 

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ def get_supabase_client() -> Any \| None:`
`40`	`40`
`41`	`41`	`# Create and return the Supabase client`
`42`	`42`	`try:`
	`43`	`+ # 使用 type: ignore[attr-defined] 忽略 mypy 警告，因为 supabase 库在运行时确实有 create_client 方法`
`43`	`44`	`client = supabase.create_client( # type: ignore[attr-defined]`
`44`	`45`	`url, settings.SUPABASE_API_KEY`
`45`	`46`	`)`
Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ def test_direct_execution():`
`126`	`126`	`)`
`127`	`127`
`128`	`128`	`# Verify execution was successful`
`129`		`- assert "Success: Module executed" in result.stdou`
	`129`	`+ assert "Success: Module executed" in result.stdout`
`130`	`130`	`finally:`
`131`	`131`	`# Clean up`
`132`	`132`	`if os.path.exists(temp_file):`