Add multi-IP binding modes and deployment guide

2026-03-04 15:30:13 +08:00
parent 4348ee799b
commit eed1acd454
12 changed files with 509 additions and 217 deletions
--- a/app/schemas/binding.py
+++ b/app/schemas/binding.py
@@ -1,8 +1,11 @@
 from __future__ import annotations

 from datetime import datetime
+from ipaddress import ip_address, ip_network

-from pydantic import BaseModel, ConfigDict, Field, field_validator
+from pydantic import BaseModel, ConfigDict, Field, model_validator
+
+from app.models.token_binding import BINDING_MODE_ALL, BINDING_MODE_MULTIPLE, BINDING_MODE_SINGLE


 class BindingItem(BaseModel):
@@ -11,6 +14,8 @@ class BindingItem(BaseModel):
    id: int
    token_display: str
    bound_ip: str
+    binding_mode: str
+    allowed_ips: list[str]
    status: int
    status_label: str
    first_used_at: datetime
@@ -31,12 +36,32 @@ class BindingActionRequest(BaseModel):

 class BindingIPUpdateRequest(BaseModel):
    id: int = Field(gt=0)
-    bound_ip: str = Field(min_length=3, max_length=64)
+    binding_mode: str = Field(default=BINDING_MODE_SINGLE)
+    allowed_ips: list[str] = Field(default_factory=list)

-    @field_validator("bound_ip")
-    @classmethod
-    def validate_bound_ip(cls, value: str) -> str:
-        from ipaddress import ip_network
+    @model_validator(mode="after")
+    def validate_binding_rule(self):
+        allowed_ips = [item.strip() for item in self.allowed_ips if item.strip()]

-        ip_network(value, strict=False)
-        return value
+        if self.binding_mode == BINDING_MODE_ALL:
+            self.allowed_ips = []
+            return self
+
+        if self.binding_mode == BINDING_MODE_SINGLE:
+            if len(allowed_ips) != 1:
+                raise ValueError("Single binding mode requires exactly one IP or CIDR.")
+            ip_network(allowed_ips[0], strict=False)
+            self.allowed_ips = allowed_ips
+            return self
+
+        if self.binding_mode == BINDING_MODE_MULTIPLE:
+            if not allowed_ips:
+                raise ValueError("Multiple binding mode requires at least one IP.")
+            normalized: list[str] = []
+            for item in allowed_ips:
+                ip_address(item)
+                normalized.append(item)
+            self.allowed_ips = normalized
+            return self
+
+        raise ValueError("Unsupported binding mode.")