member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: rename idp fields to provider naming

Browse Source
This commit is contained in:
Chris
2026-04-03 01:05:01 +08:00
parent ce181ebf67
commit 388a3f461c
26 changed files with 202 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
app/services/idp_admin_service.py
View File

@@ -11,31 +11,31 @@ from app.core.config import Settings
@dataclass
class KeycloakSyncResult:
class ProviderSyncResult:
user_id: str
action: str
user_sub: str | None = None
@dataclass
class KeycloakPasswordResetResult:
class ProviderPasswordResetResult:
user_id: str
temporary_password: str
@dataclass
class KeycloakDeleteResult:
class ProviderDeleteResult:
action: str
user_id: str | None = None
@dataclass
class KeycloakGroupSyncResult:
class ProviderGroupSyncResult:
group_id: str
action: str
class KeycloakAdminService:
class ProviderAdminService:
def __init__(self, settings: Settings) -> None:
self.base_url = settings.keycloak_base_url.rstrip("/")
self.realm = settings.keycloak_realm
@@ -188,8 +188,8 @@ class KeycloakAdminService:
username: str | None,
display_name: str | None,
is_active: bool = True,
idp_user_id: str | None = None,
) -> KeycloakSyncResult:
provider_user_id: str | None = None,
) -> ProviderSyncResult:
resolved_username = username or self._safe_username(sub=sub, email=email)
first_name = display_name or resolved_username
payload = {
@@ -202,7 +202,7 @@ class KeycloakAdminService:
}
with self._client() as client:
existing = self._lookup_user_by_id(client, idp_user_id) if idp_user_id else None
existing = self._lookup_user_by_id(client, provider_user_id) if provider_user_id else None
if existing is None:
existing = self._lookup_user_by_email_or_username(client, email=email, username=resolved_username)
@@ -211,7 +211,7 @@ class KeycloakAdminService:
put_resp = client.put(f"/admin/realms/{self.realm}/users/{user_id}", json=payload)
if put_resp.status_code >= 400:
raise HTTPException(status_code=502, detail="idp_update_failed")
return KeycloakSyncResult(user_id=user_id, action="updated", user_sub=user_id)
return ProviderSyncResult(user_id=user_id, action="updated", user_sub=user_id)
create_resp = client.post(f"/admin/realms/{self.realm}/users", json=payload)
if create_resp.status_code >= 400:
@@ -224,7 +224,7 @@ class KeycloakAdminService:
user_id = str(found["id"]) if found and found.get("id") else ""
if not user_id:
raise HTTPException(status_code=502, detail="idp_create_failed")
return KeycloakSyncResult(user_id=user_id, action="created", user_sub=user_id)
return ProviderSyncResult(user_id=user_id, action="created", user_sub=user_id)
def ensure_group(
self,
@@ -233,7 +233,7 @@ class KeycloakAdminService:
group_id: str | None = None,
parent_group_id: str | None = None,
attributes: dict[str, str | list[str]] | None = None,
) -> KeycloakGroupSyncResult:
) -> ProviderGroupSyncResult:
if not name:
raise HTTPException(status_code=400, detail="idp_group_name_required")
normalized_attrs = self._normalize_group_attributes(attributes)
@@ -249,7 +249,7 @@ class KeycloakAdminService:
put_resp = client.put(f"/admin/realms/{self.realm}/groups/{resolved_id}", json=payload)
if put_resp.status_code >= 400:
raise HTTPException(status_code=502, detail="idp_group_update_failed")
return KeycloakGroupSyncResult(group_id=resolved_id, action="updated")
return ProviderGroupSyncResult(group_id=resolved_id, action="updated")
payload = {"name": name, "attributes": normalized_attrs}
if parent_group_id:
@@ -266,28 +266,28 @@ class KeycloakAdminService:
resolved_id = str(found.get("id")) if found and found.get("id") else ""
if not resolved_id:
raise HTTPException(status_code=502, detail="idp_group_create_failed")
return KeycloakGroupSyncResult(group_id=resolved_id, action="created")
return ProviderGroupSyncResult(group_id=resolved_id, action="created")
def delete_group(self, *, group_id: str | None) -> KeycloakDeleteResult:
def delete_group(self, *, group_id: str | None) -> ProviderDeleteResult:
if not group_id:
return KeycloakDeleteResult(action="not_found")
return ProviderDeleteResult(action="not_found")
with self._client() as client:
resp = client.delete(f"/admin/realms/{self.realm}/groups/{group_id}")
if resp.status_code in {204, 404}:
return KeycloakDeleteResult(action="deleted" if resp.status_code == 204 else "not_found")
return ProviderDeleteResult(action="deleted" if resp.status_code == 204 else "not_found")
if resp.status_code >= 400:
raise HTTPException(status_code=502, detail="idp_group_delete_failed")
return KeycloakDeleteResult(action="deleted")
return ProviderDeleteResult(action="deleted")
def reset_password(
self,
*,
idp_user_id: str | None,
provider_user_id: str | None,
email: str | None,
username: str | None,
) -> KeycloakPasswordResetResult:
) -> ProviderPasswordResetResult:
with self._client() as client:
existing = self._lookup_user_by_id(client, idp_user_id) if idp_user_id else None
existing = self._lookup_user_by_id(client, provider_user_id) if provider_user_id else None
if existing is None:
existing = self._lookup_user_by_email_or_username(client, email=email, username=username)
if not existing or not existing.get("id"):
@@ -301,29 +301,29 @@ class KeycloakAdminService:
)
if resp.status_code >= 400:
raise HTTPException(status_code=502, detail="idp_set_password_failed")
return KeycloakPasswordResetResult(user_id=user_id, temporary_password=temp_password)
return ProviderPasswordResetResult(user_id=user_id, temporary_password=temp_password)
def delete_user(
self,
*,
idp_user_id: str | None,
provider_user_id: str | None,
email: str | None,
username: str | None,
) -> KeycloakDeleteResult:
) -> ProviderDeleteResult:
with self._client() as client:
existing = self._lookup_user_by_id(client, idp_user_id) if idp_user_id else None
existing = self._lookup_user_by_id(client, provider_user_id) if provider_user_id else None
if existing is None:
existing = self._lookup_user_by_email_or_username(client, email=email, username=username)
if not existing or not existing.get("id"):
return KeycloakDeleteResult(action="not_found")
return ProviderDeleteResult(action="not_found")
user_id = str(existing["id"])
resp = client.delete(f"/admin/realms/{self.realm}/users/{user_id}")
if resp.status_code in {204, 404}:
return KeycloakDeleteResult(action="deleted" if resp.status_code == 204 else "not_found", user_id=user_id)
return ProviderDeleteResult(action="deleted" if resp.status_code == 204 else "not_found", user_id=user_id)
if resp.status_code >= 400:
raise HTTPException(status_code=502, detail="idp_delete_failed")
return KeycloakDeleteResult(action="deleted", user_id=user_id)
return ProviderDeleteResult(action="deleted", user_id=user_id)
def list_groups_tree(self) -> list[dict]:
with self._client() as client:

30
app/services/idp_catalog_sync.py
View File

@@ -17,7 +17,7 @@ from app.repositories.roles_repo import RolesRepository
from app.repositories.sites_repo import SitesRepository
from app.repositories.systems_repo import SystemsRepository
from app.repositories.users_repo import UsersRepository
from app.services.idp_admin_service import KeycloakAdminService
from app.services.idp_admin_service import ProviderAdminService
BUILTIN_CLIENT_IDS = {
"account",
@@ -80,7 +80,7 @@ def _flatten_groups(nodes: list[dict], inherited_company_key: str | None = None)
"company_key": company_key,
"display_name": _first_attr(attrs, "display_name") or name or company_key,
"status": _first_attr(attrs, "status") or "active",
"idp_group_id": group_id,
"provider_group_id": group_id,
}
site_key = _first_attr(attrs, "site_key")
@@ -95,7 +95,7 @@ def _flatten_groups(nodes: list[dict], inherited_company_key: str | None = None)
"display_name": _first_attr(attrs, "display_name") or name or site_key,
"domain": _first_attr(attrs, "domain"),
"status": _first_attr(attrs, "status") or "active",
"idp_group_id": group_id,
"provider_group_id": group_id,
}
child_companies, child_sites = _flatten_groups(children, current_company_key)
@@ -105,7 +105,7 @@ def _flatten_groups(nodes: list[dict], inherited_company_key: str | None = None)
return companies, sites
def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
def sync_from_provider(db: Session, *, force: bool = False) -> dict[str, int]:
global _last_synced_at
now = time.time()
if not force and now - _last_synced_at < _min_sync_interval_sec:
@@ -119,7 +119,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
if not force and now - _last_synced_at < _min_sync_interval_sec:
return {"synced": 0}
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
companies_repo = CompaniesRepository(db)
sites_repo = SitesRepository(db)
systems_repo = SystemsRepository(db)
@@ -147,7 +147,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
company_key=company_key,
display_name=row["display_name"],
legal_name=None,
idp_group_id=row["idp_group_id"],
provider_group_id=row["provider_group_id"],
status=row["status"],
)
companies_created += 1
@@ -155,7 +155,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
company = companies_repo.update(
company,
display_name=row["display_name"],
idp_group_id=row["idp_group_id"],
provider_group_id=row["provider_group_id"],
status=row["status"],
)
companies_updated += 1
@@ -173,7 +173,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
company_key=company_key,
display_name=company_key,
legal_name=None,
idp_group_id=None,
provider_group_id=None,
status="active",
)
companies_created += 1
@@ -187,7 +187,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
company_id=company_id,
display_name=row["display_name"],
domain=row["domain"],
idp_group_id=row["idp_group_id"],
provider_group_id=row["provider_group_id"],
status=row["status"],
)
sites_created += 1
@@ -197,7 +197,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
company_id=company_id,
display_name=row["display_name"],
domain=row["domain"],
idp_group_id=row["idp_group_id"],
provider_group_id=row["provider_group_id"],
status=row["status"],
)
sites_updated += 1
@@ -212,7 +212,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
if client_id in BUILTIN_CLIENT_IDS:
continue
system = db.scalar(select(System).where(System.idp_client_id == client_id))
system = db.scalar(select(System).where(System.provider_client_id == client_id))
system_name = str(client.get("name", "")).strip() or client_id
system_status = "active" if client.get("enabled", True) else "inactive"
if system is None:
@@ -220,7 +220,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
system = systems_repo.create(
system_key=system_key,
name=system_name,
idp_client_id=client_id,
provider_client_id=client_id,
status=system_status,
)
systems_created += 1
@@ -245,7 +245,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
role = db.scalar(
select(Role).where(
Role.system_id == system.id,
Role.idp_role_name == role_name,
Role.provider_role_name == role_name,
)
)
if role is None:
@@ -255,7 +255,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
system_id=system.id,
name=role_name,
description=role_desc,
idp_role_name=role_name,
provider_role_name=role_name,
status=role_status,
)
roles_created += 1
@@ -280,7 +280,7 @@ def sync_from_keycloak(db: Session, *, force: bool = False) -> dict[str, int]:
)
users_repo.upsert_by_sub(
user_sub=user_id,
idp_user_id=user_id,
provider_user_id=user_id,
username=str(user.get("username", "")).strip() or None,
email=str(user.get("email", "")).strip() or None,
display_name=display_name,

4
app/services/permission_service.py
View File

@@ -16,7 +16,7 @@ class PermissionService:
system_name=system_name,
role_key=role_key,
role_name=role_name,
idp_role_name=idp_role_name,
provider_role_name=provider_role_name,
)
for (
site_key,
@@ -27,7 +27,7 @@ class PermissionService:
system_name,
role_key,
role_name,
idp_role_name,
provider_role_name,
) in rows
],
)