feat: implement JWT authentication and enhance image processing

- Added JWT authentication middleware to secure the avatar API endpoint.
- Implemented functions to decode JWT from request headers and retrieve user information.
- Enhanced image processing in face_detect.py to resize avatars to 50x50 pixels before saving.
- Updated requirements.txt to include PyJWT for JWT handling.
- Introduced settings.py for database configuration with environment variables.
- Added sample images for testing avatar processing.

Author: XLCYun

ts-avatar-service/app.py

@@ -6,6 +6,8 @@
 import json
 import base64
 import traceback
+import jwt
+from datetime import datetime, timezone
 
 from face_detect import check
 
@@ -21,9 +23,40 @@
 
 receive_path = r"./received/"
 
+# Secret key should be kept in environment variable in production
+JWT_SECRET = os.environ.get("JWT_SECRET", "secret")
+JWT_ALG = os.environ.get("JWT_ALG", "HS256")
+
+
+def decode_jwt_from_header(req):
+    """Extract and validate JWT from Authorization header. Returns claims dict or None."""
+    auth = req.headers.get("Authorization")
+    if not auth or not auth.startswith("Bearer "):
+        return None
+    token = auth[7:]
+    try:
+        claims = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALG])
+        # check expiration
+        exp = claims.get("exp")
+        if exp and datetime.fromtimestamp(exp, tz=timezone.utc) < datetime.now(tz=timezone.utc):
+            return None
+        return claims
+    except jwt.PyJWTError:
+        return None
+
+def get_user_info(req):
+    claims = decode_jwt_from_header(req)
+    if claims is None:
+        return None
+    return claims.get("id")
 
 @app.route('/api/v1/avatar', methods=["POST"])
 def hello():
+    # jwt auth
+    user_id = get_user_info(request)
+    if user_id is None:
+        return jsonify({"msg": "Invalid or missing token"}), 401
+
     # receive file
     data = request.get_data().decode('utf-8')
     data = json.loads(data)
@@ -42,6 +75,7 @@ def hello():
     if type(result) == dict and result.get("msg") is not None:
         return jsonify(result), 400
 
+    # attach user info if needed
     return result, 200
 
 

ts-avatar-service/face_detect.py

@@ -33,17 +33,26 @@ def check(img):
         height = d.bottom() - d.top()
         width = d.right() - d.left()
 
-        # 根据人脸大小生成空的图像
+        # 根据人脸大小生成空的图像并裁剪
         img_blank = np.zeros((height, width, 3), np.uint8)
-
         for i in range(height):
             for j in range(width):
                 img_blank[i][j] = img[d.top() + i][d.left() + j]
 
-        print("Save to:", path_save + "img_face_" + str(k + 1) + ".jpg")
-        cv2.imwrite(path_save + "img_face_" + str(k + 1) + ".jpg", img_blank)
+        # 将头像缩放到 50x50
+        avatar_50 = cv2.resize(img_blank, (50, 50), interpolation=cv2.INTER_AREA)
+
+        # 保存（可选）
+        save_path = f"{path_save}img_face_{k + 1}.jpg"
+        print("Save to:", save_path)
+        cv2.imwrite(save_path, avatar_50)
 
-        base64_str = cv2.imencode('.jpg',img_blank)[1].tostring()
+        # 编码为 base64 返回
+        base64_str = cv2.imencode('.jpg', avatar_50)[1].tobytes()
         base64_str = base64.b64encode(base64_str)
+        print(f'length: {len(base64_str)}')
         return base64_str
 
+if __name__ == "__main__":
+    img = cv2.imread("./images/test.png")
+    print(check(img))

ts-avatar-service/images/img_face_1.jpg

@@ -9,3 +9,4 @@ numpy>=1.24.0
 opencv-python>=4.8.0
 Pillow>=10.0.0
 Werkzeug>=3.0.0
+PyJWT>=2.8.0

ts-avatar-service/images/img_face_no_resize.jpg

@@ -0,0 +1,7 @@
+import os
+
+host = os.getenv("AVATAR_MYSQL_HOST", "ts-avatar-mysql")
+port = os.getenv("AVATAR_MYSQL_PORT", 3306)
+user = os.getenv("AVATAR_MYSQL_USER", "root")
+password = os.getenv("AVATAR_MYSQL_PASSWORD", "Abcd1234#")
+db = os.getenv("AVATAR_MYSQL_DATABASE", "ts-avatar-mysql")