TencentBlueKing · wyyalt · Jul 15, 2025
diff --git a/apps/middlewares.py b/apps/middlewares.py
@@ -36,6 +36,7 @@
 from apps.exceptions import AppBaseException
 
 from apps.utils.local import activate_request
+from apigw_manager.apigw.authentication import ApiGatewayJWTUserMiddleware
 
 
 class AccessorSignal(Signal):
@@ -163,7 +164,10 @@ def process_exception(self, request, exception):
         # 处理 Data APP 自定义异常
         if isinstance(exception, AppBaseException):
             _msg = _("【APP 自定义异常】{message}, code={code}, args={args}").format(
-                message=exception.message, code=exception.code, args=exception.args, data=exception.data,
+                message=exception.message,
+                code=exception.code,
+                args=exception.args,
+                data=exception.data,
             )
             logger.exception(_msg)
             return JsonResponse(
@@ -174,7 +178,12 @@ def process_exception(self, request, exception):
         if isinstance(exception, BlueException):
             logger.exception(
                 ("""捕获主动抛出异常, 具体异常堆栈->[%s] status_code->[%s] & """ """client_message->[%s] & args->[%s] """)
-                % (traceback.format_exc(), exception.error_code, exception.message, exception.args,)
+                % (
+                    traceback.format_exc(),
+                    exception.error_code,
+                    exception.message,
+                    exception.args,
+                )
             )
 
             response = JsonResponse(
@@ -204,3 +213,21 @@ def process_exception(self, request, exception):
         response.status_code = 500
 
         return response
+
+
+class ApiGatewayJWTUserInjectAppMiddleware(ApiGatewayJWTUserMiddleware):
+    def __call__(self, request):
+        logger.info(f"requestapigw: {request.user.username}, {request.user}")
+        # jwt_app 依赖于 ApiGatewayJWTAppMiddleware 注入
+        jwt_app = getattr(request, "app", None)
+        if not jwt_app:
+            return super().__call__(request)
+
+        # 和开发框架保持一致行为，如果通过应用认证并且开启 ESB 白名单，此时认为用户认证也通过
+        use_esb_white_list = getattr(settings, "USE_ESB_WHITE_LIST", True)
+        if use_esb_white_list and jwt_app.verified:
+            # 如果 user 信息不存在，默认填充 bk_app_code 作为用户名
+            request.jwt.payload["user"] = request.jwt.payload.get("user") or {"bk_username": jwt_app.bk_app_code}
+            request.jwt.payload["user"]["verified"] = True
+
+        return super().__call__(request)
diff --git a/config/default.py b/config/default.py
@@ -52,13 +52,32 @@
 )
 
 # 自定义中间件
-MIDDLEWARE += (
+MIDDLEWARE = (
+    # request instance provider
+    "blueapps.middleware.request_provider.RequestProvider",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    # 跨域检测中间件， 默认关闭
+    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    "django.middleware.security.SecurityMiddleware",
+    # 蓝鲸静态资源服务
+    "whitenoise.middleware.WhiteNoiseMiddleware",
+    # Auth middleware
+    "blueapps.account.middlewares.RioLoginRequiredMiddleware",
+    "blueapps.account.middlewares.WeixinLoginRequiredMiddleware",
+    "blueapps.account.middlewares.LoginRequiredMiddleware",
     # "blueapps.account.middlewares.BkJwtLoginRequiredMiddleware",
-    "apps.middlewares.CommonMid",
-    "apps.middlewares.UserLocalMiddleware",
     "apigw_manager.apigw.authentication.ApiGatewayJWTGenericMiddleware",  # JWT 认证
     "apigw_manager.apigw.authentication.ApiGatewayJWTAppMiddleware",  # JWT 透传的应用信息
-    "apigw_manager.apigw.authentication.ApiGatewayJWTUserMiddleware",  # JWT 透传的用户信息
+    "apps.middlewares.ApiGatewayJWTUserInjectAppMiddleware",  # JWT 透传的用户信息
+    # exception middleware
+    "blueapps.core.exceptions.middleware.AppExceptionMiddleware",
+    "django.middleware.locale.LocaleMiddleware",
+    "apps.middlewares.CommonMid",
+    "apps.middlewares.UserLocalMiddleware",
 )
 
 # 添加django_prometheus中间件
@@ -77,9 +96,12 @@
 # ===============================================================================
 # Authentication
 # ===============================================================================
-AUTHENTICATION_BACKENDS += (
+AUTHENTICATION_BACKENDS = (
     # "blueapps.account.backends.BkJwtBackend",
     "apigw_manager.apigw.authentication.UserModelBackend",
+    "blueapps.account.backends.RioBackend",
+    "blueapps.account.backends.WeixinBackend",
+    "blueapps.account.backends.UserBackend",
 )
 
 # 所有环境的日志级别可以在这里配置