feat: 全量功能模块开发与集成测试修复

- 新增后端模块：Alert、APIAsset、Compliance、Lineage、Masking、Risk、SchemaChange、Unstructured、Watermark - 新增前端模块页面与API接口 - 新增Alembic迁移脚本(002-014)覆盖全量业务表 - 新增测试数据生成脚本与集成测试脚本 - 修复metadata模型JSON类型导入缺失导致启动失败的问题 - 修复前端Alert/APIAsset页面request模块路径错误 - 更新docker-compose与开发计划文档
2026-04-25 08:51:38 +08:00
parent 8b2bc84399
commit 6d70520e79
110 changed files with 6125 additions and 87 deletions
@@ -1,3 +1,6 @@
+import base64
+import hashlib
+import logging
 from typing import Optional, List, Tuple
 from sqlalchemy.orm import Session
 from fastapi import HTTPException, status
@@ -7,9 +10,28 @@ from app.models.metadata import DataSource
 from app.schemas.datasource import DataSourceCreate, DataSourceUpdate, DataSourceTest
 from app.core.config import settings

-# Simple AES-like symmetric encryption for DB passwords
-# In production, use a proper KMS
-_fernet = Fernet(Fernet.generate_key())
+logger = logging.getLogger(__name__)
+
+
+def _get_fernet() -> Fernet:
+    """Initialize Fernet with a stable key.
+    
+    If DB_ENCRYPTION_KEY is set, use it directly.
+    Otherwise derive deterministically from SECRET_KEY for backward compatibility.
+    """
+    if settings.DB_ENCRYPTION_KEY:
+        key = settings.DB_ENCRYPTION_KEY.encode()
+    else:
+        logger.warning(
+            "DB_ENCRYPTION_KEY is not set. Deriving encryption key from SECRET_KEY. "
+            "Please set DB_ENCRYPTION_KEY explicitly via environment variable or .env file."
+        )
+        digest = hashlib.sha256(settings.SECRET_KEY.encode()).digest()
+        key = base64.urlsafe_b64encode(digest)
+    return Fernet(key)
+
+
+_fernet = _get_fernet()


 def _encrypt_password(password: str) -> str: