feat(core): 初始化 Key-IP Sentinel 服务与部署骨架

- 搭建 FastAPI、Redis、PostgreSQL、Nginx 与 Docker Compose 基础结构 - 实现反向代理、首用绑定、拦截告警、归档任务和管理接口 - 提供 Vue3 管理后台初版，以及 uv/requirements 双依赖配置
2026-03-04 00:18:33 +08:00
commit ab1bd90c65
50 changed files with 5645 additions and 0 deletions
--- a/app/models/db.py
+++ b/app/models/db.py
@@ -0,0 +1,48 @@
+from __future__ import annotations
+
+from sqlalchemy.ext.asyncio import AsyncEngine, AsyncSession, async_sessionmaker, create_async_engine
+from sqlalchemy.orm import DeclarativeBase
+
+from app.config import Settings
+
+
+class Base(DeclarativeBase):
+    pass
+
+
+_engine: AsyncEngine | None = None
+_session_factory: async_sessionmaker[AsyncSession] | None = None
+
+
+def init_db(settings: Settings) -> None:
+    global _engine, _session_factory
+    if _engine is not None and _session_factory is not None:
+        return
+
+    _engine = create_async_engine(
+        settings.pg_dsn,
+        pool_pre_ping=True,
+        pool_size=20,
+        max_overflow=40,
+    )
+    _session_factory = async_sessionmaker(_engine, expire_on_commit=False)
+
+
+def get_engine() -> AsyncEngine:
+    if _engine is None:
+        raise RuntimeError("Database engine has not been initialized.")
+    return _engine
+
+
+def get_session_factory() -> async_sessionmaker[AsyncSession]:
+    if _session_factory is None:
+        raise RuntimeError("Database session factory has not been initialized.")
+    return _session_factory
+
+
+async def close_db() -> None:
+    global _engine, _session_factory
+    if _engine is not None:
+        await _engine.dispose()
+    _engine = None
+    _session_factory = None
--- a/app/models/intercept_log.py
+++ b/app/models/intercept_log.py
@@ -0,0 +1,29 @@
+from __future__ import annotations
+
+from datetime import datetime
+
+from sqlalchemy import Boolean, DateTime, Index, String, func, text
+from sqlalchemy.dialects.postgresql import CIDR, INET
+from sqlalchemy.orm import Mapped, mapped_column
+
+from app.models.db import Base
+
+
+class InterceptLog(Base):
+    __tablename__ = "intercept_logs"
+    __table_args__ = (
+        Index("idx_intercept_logs_hash", "token_hash"),
+        Index("idx_intercept_logs_time", text("intercepted_at DESC")),
+    )
+
+    id: Mapped[int] = mapped_column(primary_key=True, autoincrement=True)
+    token_hash: Mapped[str] = mapped_column(String(64), nullable=False)
+    token_display: Mapped[str] = mapped_column(String(20), nullable=False)
+    bound_ip: Mapped[str] = mapped_column(CIDR, nullable=False)
+    attempt_ip: Mapped[str] = mapped_column(INET, nullable=False)
+    alerted: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False, server_default=text("FALSE"))
+    intercepted_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        nullable=False,
+        server_default=func.now(),
+    )
--- a/app/models/token_binding.py
+++ b/app/models/token_binding.py
@@ -0,0 +1,46 @@
+from __future__ import annotations
+
+from datetime import datetime
+
+from sqlalchemy import DateTime, Index, SmallInteger, String, func, text
+from sqlalchemy.dialects.postgresql import CIDR
+from sqlalchemy.orm import Mapped, mapped_column
+
+from app.models.db import Base
+
+STATUS_ACTIVE = 1
+STATUS_BANNED = 2
+
+
+class TokenBinding(Base):
+    __tablename__ = "token_bindings"
+    __table_args__ = (
+        Index("idx_token_bindings_hash", "token_hash"),
+        Index("idx_token_bindings_ip", "bound_ip", postgresql_using="gist", postgresql_ops={"bound_ip": "inet_ops"}),
+    )
+
+    id: Mapped[int] = mapped_column(primary_key=True, autoincrement=True)
+    token_hash: Mapped[str] = mapped_column(String(64), unique=True, nullable=False)
+    token_display: Mapped[str] = mapped_column(String(20), nullable=False)
+    bound_ip: Mapped[str] = mapped_column(CIDR, nullable=False)
+    status: Mapped[int] = mapped_column(
+        SmallInteger,
+        nullable=False,
+        default=STATUS_ACTIVE,
+        server_default=text("1"),
+    )
+    first_used_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        nullable=False,
+        server_default=func.now(),
+    )
+    last_used_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        nullable=False,
+        server_default=func.now(),
+    )
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        nullable=False,
+        server_default=func.now(),
+    )