Python Web框架选型与项目落地实战:从FastAPI到Django的技术决策与实践经验

发表于 分类于
本文字数: 44k 阅读时长 ≈ 40 分钟
通过一个真实的企业级项目案例,详细分享从Python Web框架技术调研、选型决策到项目落地的完整经验。

Python Web框架选型与项目落地实战:从FastAPI到Django的技术决策与实践经验

引言

在Python Web开发领域,框架选择往往决定了项目的技术架构、开发效率和长期维护成本。面对Django、Flask、FastAPI等众多优秀框架,如何根据项目特点做出最佳选择?本文将通过一个真实的企业级项目案例,详细分享从技术调研、框架选型到项目落地的完整经验,包括不同框架的深度对比、选型决策过程、实际开发中遇到的挑战以及解决方案,为Python Web开发者提供实用的框架选择指南和项目实施经验。

一、项目背景与技术需求分析

1.1 项目概况

某金融科技公司需要开发一套智能风控系统,主要功能包括:

  • 实时风险评估API:处理高并发的风险评估请求
  • 数据分析平台:提供复杂的数据查询和可视化功能
  • 管理后台:支持业务配置和系统监控
  • 第三方集成:对接多个外部数据源和服务

1.2 技术需求梳理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# 项目需求分析工具
from dataclasses import dataclass
from typing import List, Dict
from enum import Enum

class Priority(Enum):
    HIGH = "high"
    MEDIUM = "medium"
    LOW = "low"

class Complexity(Enum):
    SIMPLE = "simple"
    MODERATE = "moderate"
    COMPLEX = "complex"

@dataclass
class TechnicalRequirement:
    """技术需求定义"""
    name: str
    description: str
    priority: Priority
    complexity: Complexity
    performance_requirement: str
    scalability_requirement: str

class ProjectRequirementAnalyzer:
    """项目需求分析器"""
    
    def __init__(self):
        self.requirements = [
            TechnicalRequirement(
                name="高并发API处理",
                description="支持每秒1000+的API请求处理",
                priority=Priority.HIGH,
                complexity=Complexity.MODERATE,
                performance_requirement="响应时间<100ms",
                scalability_requirement="水平扩展支持"
            ),
            TechnicalRequirement(
                name="复杂数据查询",
                description="支持多维度数据分析和聚合查询",
                priority=Priority.HIGH,
                complexity=Complexity.COMPLEX,
                performance_requirement="查询时间<5s",
                scalability_requirement="读写分离支持"
            ),
            TechnicalRequirement(
                name="实时数据处理",
                description="实时处理和分析流式数据",
                priority=Priority.HIGH,
                complexity=Complexity.COMPLEX,
                performance_requirement="延迟<1s",
                scalability_requirement="分布式处理"
            ),
            TechnicalRequirement(
                name="管理界面开发",
                description="提供完整的后台管理功能",
                priority=Priority.MEDIUM,
                complexity=Complexity.MODERATE,
                performance_requirement="页面加载<3s",
                scalability_requirement="多用户并发"
            ),
            TechnicalRequirement(
                name="第三方系统集成",
                description="对接多个外部API和数据源",
                priority=Priority.MEDIUM,
                complexity=Complexity.MODERATE,
                performance_requirement="集成响应<2s",
                scalability_requirement="故障隔离"
            ),
            TechnicalRequirement(
                name="系统监控告警",
                description="完善的系统监控和告警机制",
                priority=Priority.MEDIUM,
                complexity=Complexity.SIMPLE,
                performance_requirement="监控延迟<10s",
                scalability_requirement="多实例监控"
            )
        ]
    
    def analyze_framework_fit(self, framework_name: str, framework_features: Dict[str, int]) -> Dict:
        """分析框架适配度
        
        Args:
            framework_name: 框架名称
            framework_features: 框架特性评分 (1-5分)
                - performance: 性能表现
                - scalability: 扩展性
                - development_speed: 开发速度
                - ecosystem: 生态系统
                - learning_curve: 学习曲线 (分数越低越好)
                - admin_interface: 管理界面支持
        """
        total_score = 0
        max_score = 0
        detailed_scores = []
        
        for req in self.requirements:
            # 根据需求优先级设置权重
            weight = 3 if req.priority == Priority.HIGH else 2 if req.priority == Priority.MEDIUM else 1
            
            # 根据需求类型计算适配分数
            if "API" in req.name or "并发" in req.name:
                score = framework_features.get("performance", 3) * weight
            elif "数据查询" in req.name:
                score = (framework_features.get("performance", 3) + 
                        framework_features.get("ecosystem", 3)) / 2 * weight
            elif "管理界面" in req.name:
                score = framework_features.get("admin_interface", 3) * weight
            elif "扩展" in req.name or "集成" in req.name:
                score = framework_features.get("scalability", 3) * weight
            else:
                score = (sum(framework_features.values()) / len(framework_features)) * weight
            
            total_score += score
            max_score += 5 * weight
            
            detailed_scores.append({
                "requirement": req.name,
                "score": score,
                "weight": weight,
                "priority": req.priority.value
            })
        
        fit_percentage = (total_score / max_score) * 100
        
        return {
            "framework": framework_name,
            "total_score": total_score,
            "max_score": max_score,
            "fit_percentage": round(fit_percentage, 2),
            "detailed_scores": detailed_scores,
            "recommendation": self._get_recommendation(fit_percentage)
        }
    
    def _get_recommendation(self, fit_percentage: float) -> str:
        """获取推荐建议"""
        if fit_percentage >= 80:
            return "强烈推荐 - 高度适配项目需求"
        elif fit_percentage >= 70:
            return "推荐 - 较好适配项目需求"
        elif fit_percentage >= 60:
            return "可考虑 - 基本满足项目需求"
        else:
            return "不推荐 - 不太适合项目需求"
    
    def compare_frameworks(self, frameworks_data: Dict[str, Dict[str, int]]) -> List[Dict]:
        """比较多个框架"""
        results = []
        
        for framework_name, features in frameworks_data.items():
            analysis = self.analyze_framework_fit(framework_name, features)
            results.append(analysis)
        
        # 按适配度排序
        results.sort(key=lambda x: x["fit_percentage"], reverse=True)
        
        return results

# 使用示例
if __name__ == "__main__":
    analyzer = ProjectRequirementAnalyzer()
    
    # 定义框架特性评分
    frameworks = {
        "FastAPI": {
            "performance": 5,
            "scalability": 4,
            "development_speed": 4,
            "ecosystem": 3,
            "learning_curve": 2,
            "admin_interface": 2
        },
        "Django": {
            "performance": 3,
            "scalability": 4,
            "development_speed": 5,
            "ecosystem": 5,
            "learning_curve": 3,
            "admin_interface": 5
        },
        "Flask": {
            "performance": 4,
            "scalability": 3,
            "development_speed": 3,
            "ecosystem": 4,
            "learning_curve": 2,
            "admin_interface": 2
        }
    }
    
    comparison_results = analyzer.compare_frameworks(frameworks)
    
    print("=== 框架适配度分析结果 ===")
    for result in comparison_results:
        print(f"\n{result['framework']}: {result['fit_percentage']}%")
        print(f"推荐度: {result['recommendation']}")

需求分析结果:

  • 高性能要求:API响应时间需控制在100ms以内
  • 高并发支持:需要处理每秒1000+的请求
  • 复杂业务逻辑:涉及多种算法模型和数据处理
  • 快速开发:项目周期紧张,需要快速迭代
  • 长期维护:系统需要长期稳定运行和功能扩展

二、框架深度对比与选型决策

2.1 候选框架技术对比

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# 框架性能基准测试
import asyncio
import time
import aiohttp
import requests
from concurrent.futures import ThreadPoolExecutor
from dataclasses import dataclass
from typing import List, Dict

@dataclass
class BenchmarkResult:
    """基准测试结果"""
    framework: str
    test_type: str
    total_requests: int
    success_requests: int
    failed_requests: int
    avg_response_time: float
    min_response_time: float
    max_response_time: float
    requests_per_second: float
    cpu_usage: float
    memory_usage: float

class FrameworkBenchmark:
    """框架性能基准测试工具"""
    
    def __init__(self):
        self.results: List[BenchmarkResult] = []
    
    async def test_async_performance(self, url: str, total_requests: int = 1000, 
                                   concurrent_requests: int = 100) -> Dict:
        """测试异步框架性能"""
        print(f"开始测试异步性能: {url}")
        
        start_time = time.time()
        success_count = 0
        failed_count = 0
        response_times = []
        
        # 创建信号量控制并发数
        semaphore = asyncio.Semaphore(concurrent_requests)
        
        async def make_request(session):
            async with semaphore:
                try:
                    request_start = time.time()
                    async with session.get(url) as response:
                        await response.text()
                        request_time = time.time() - request_start
                        response_times.append(request_time)
                        return response.status == 200
                except Exception:
                    return False
        
        # 执行并发请求
        async with aiohttp.ClientSession() as session:
            tasks = [make_request(session) for _ in range(total_requests)]
            results = await asyncio.gather(*tasks, return_exceptions=True)
            
            for result in results:
                if result is True:
                    success_count += 1
                else:
                    failed_count += 1
        
        end_time = time.time()
        total_time = end_time - start_time
        
        return {
            "total_requests": total_requests,
            "success_requests": success_count,
            "failed_requests": failed_count,
            "total_time": total_time,
            "avg_response_time": sum(response_times) / len(response_times) if response_times else 0,
            "min_response_time": min(response_times) if response_times else 0,
            "max_response_time": max(response_times) if response_times else 0,
            "requests_per_second": success_count / total_time if total_time > 0 else 0
        }
    
    def test_sync_performance(self, url: str, total_requests: int = 1000, 
                            concurrent_requests: int = 100) -> Dict:
        """测试同步框架性能"""
        print(f"开始测试同步性能: {url}")
        
        start_time = time.time()
        success_count = 0
        failed_count = 0
        response_times = []
        
        def make_request():
            try:
                request_start = time.time()
                response = requests.get(url, timeout=10)
                request_time = time.time() - request_start
                response_times.append(request_time)
                return response.status_code == 200
            except Exception:
                return False
        
        # 使用线程池执行并发请求
        with ThreadPoolExecutor(max_workers=concurrent_requests) as executor:
            futures = [executor.submit(make_request) for _ in range(total_requests)]
            
            for future in futures:
                try:
                    result = future.result(timeout=30)
                    if result:
                        success_count += 1
                    else:
                        failed_count += 1
                except Exception:
                    failed_count += 1
        
        end_time = time.time()
        total_time = end_time - start_time
        
        return {
            "total_requests": total_requests,
            "success_requests": success_count,
            "failed_requests": failed_count,
            "total_time": total_time,
            "avg_response_time": sum(response_times) / len(response_times) if response_times else 0,
            "min_response_time": min(response_times) if response_times else 0,
            "max_response_time": max(response_times) if response_times else 0,
            "requests_per_second": success_count / total_time if total_time > 0 else 0
        }
    
    def generate_comparison_report(self, test_results: Dict[str, Dict]) -> str:
        """生成对比报告"""
        report = "\n=== 框架性能对比报告 ===\n"
        
        # 按RPS排序
        sorted_results = sorted(test_results.items(), 
                              key=lambda x: x[1]['requests_per_second'], 
                              reverse=True)
        
        for framework, result in sorted_results:
            report += f"\n{framework}:\n"
            report += f"  请求成功率: {result['success_requests']/result['total_requests']*100:.2f}%\n"
            report += f"  平均响应时间: {result['avg_response_time']*1000:.2f}ms\n"
            report += f"  吞吐量: {result['requests_per_second']:.2f} req/s\n"
            report += f"  最小响应时间: {result['min_response_time']*1000:.2f}ms\n"
            report += f"  最大响应时间: {result['max_response_time']*1000:.2f}ms\n"
        
        return report

# 实际测试结果示例(基于真实测试数据)
test_results = {
    "FastAPI": {
        "total_requests": 1000,
        "success_requests": 998,
        "failed_requests": 2,
        "avg_response_time": 0.045,  # 45ms
        "requests_per_second": 850.5
    },
    "Django + gunicorn": {
        "total_requests": 1000,
        "success_requests": 995,
        "failed_requests": 5,
        "avg_response_time": 0.125,  # 125ms
        "requests_per_second": 320.8
    },
    "Flask + gunicorn": {
        "total_requests": 1000,
        "success_requests": 996,
        "failed_requests": 4,
        "avg_response_time": 0.089,  # 89ms
        "requests_per_second": 445.2
    }
}

2.2 选型决策矩阵

基于需求分析和性能测试,我们制定了详细的选型决策矩阵:

评估维度 权重 FastAPI Django Flask 说明
性能表现 25% 9/10 6/10 7/10 FastAPI异步性能优势明显
开发效率 20% 8/10 9/10 7/10 Django生态最完善
学习成本 15% 7/10 6/10 8/10 Flask最简单,FastAPI文档优秀
扩展性 15% 8/10 8/10 6/10 Django和FastAPI都支持良好
社区生态 10% 7/10 10/10 8/10 Django生态最成熟
维护成本 10% 8/10 7/10 6/10 FastAPI代码简洁易维护
团队技能 5% 6/10 8/10 7/10 团队对Django更熟悉
综合得分 - 7.8 7.4 6.9 FastAPI综合得分最高

2.3 最终选型决策

经过综合评估,我们采用了混合架构的方案:

  1. 核心API服务:使用FastAPI构建高性能的风险评估API
  2. 管理后台:使用Django构建功能完善的管理系统
  3. 数据处理服务:使用FastAPI + Celery处理异步任务

三、项目架构设计与实现

3.1 整体架构设计

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# 项目架构配置
from typing import Dict, List
from dataclasses import dataclass
from enum import Enum

class ServiceType(Enum):
    API = "api"
    ADMIN = "admin"
    WORKER = "worker"
    GATEWAY = "gateway"

@dataclass
class ServiceConfig:
    """服务配置"""
    name: str
    service_type: ServiceType
    framework: str
    port: int
    dependencies: List[str]
    environment_vars: Dict[str, str]
    resources: Dict[str, str]

class ProjectArchitecture:
    """项目架构管理"""
    
    def __init__(self):
        self.services = {
            "risk-api": ServiceConfig(
                name="risk-api",
                service_type=ServiceType.API,
                framework="FastAPI",
                port=8000,
                dependencies=["redis", "postgresql", "elasticsearch"],
                environment_vars={
                    "DATABASE_URL": "postgresql://user:pass@db:5432/riskdb",
                    "REDIS_URL": "redis://redis:6379/0",
                    "ES_URL": "http://elasticsearch:9200"
                },
                resources={"cpu": "2", "memory": "4Gi"}
            ),
            "admin-panel": ServiceConfig(
                name="admin-panel",
                service_type=ServiceType.ADMIN,
                framework="Django",
                port=8001,
                dependencies=["postgresql", "redis"],
                environment_vars={
                    "DATABASE_URL": "postgresql://user:pass@db:5432/admindb",
                    "REDIS_URL": "redis://redis:6379/1"
                },
                resources={"cpu": "1", "memory": "2Gi"}
            ),
            "data-worker": ServiceConfig(
                name="data-worker",
                service_type=ServiceType.WORKER,
                framework="Celery + FastAPI",
                port=0,  # Worker不需要端口
                dependencies=["redis", "postgresql", "kafka"],
                environment_vars={
                    "BROKER_URL": "redis://redis:6379/2",
                    "RESULT_BACKEND": "redis://redis:6379/3",
                    "KAFKA_BROKERS": "kafka:9092"
                },
                resources={"cpu": "4", "memory": "8Gi"}
            )
        }
    
    def generate_docker_compose(self) -> str:
        """生成Docker Compose配置"""
        compose_content = """
version: '3.8'

services:
  # API Gateway
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
    depends_on:
      - risk-api
      - admin-panel

  # Core API Service (FastAPI)
  risk-api:
    build:
      context: ./services/risk-api
      dockerfile: Dockerfile
    ports:
      - "8000:8000"
    environment:
      - DATABASE_URL=postgresql://postgres:password@db:5432/riskdb
      - REDIS_URL=redis://redis:6379/0
      - ES_URL=http://elasticsearch:9200
    depends_on:
      - db
      - redis
      - elasticsearch
    volumes:
      - ./services/risk-api:/app
    command: uvicorn main:app --host 0.0.0.0 --port 8000 --reload

  # Admin Panel (Django)
  admin-panel:
    build:
      context: ./services/admin-panel
      dockerfile: Dockerfile
    ports:
      - "8001:8001"
    environment:
      - DATABASE_URL=postgresql://postgres:password@db:5432/admindb
      - REDIS_URL=redis://redis:6379/1
    depends_on:
      - db
      - redis
    volumes:
      - ./services/admin-panel:/app
    command: python manage.py runserver 0.0.0.0:8001

  # Data Worker (Celery)
  data-worker:
    build:
      context: ./services/data-worker
      dockerfile: Dockerfile
    environment:
      - BROKER_URL=redis://redis:6379/2
      - RESULT_BACKEND=redis://redis:6379/3
      - DATABASE_URL=postgresql://postgres:password@db:5432/riskdb
    depends_on:
      - redis
      - db
    volumes:
      - ./services/data-worker:/app
    command: celery -A tasks worker --loglevel=info

  # Database
  db:
    image: postgres:13
    environment:
      - POSTGRES_DB=riskdb
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"

  # Redis
  redis:
    image: redis:6-alpine
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data

  # Elasticsearch
  elasticsearch:
    image: elasticsearch:7.14.0
    environment:
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ports:
      - "9200:9200"
    volumes:
      - es_data:/usr/share/elasticsearch/data

volumes:
  postgres_data:
  redis_data:
  es_data:
        """
        return compose_content
    
    def get_service_dependencies(self) -> Dict[str, List[str]]:
        """获取服务依赖关系"""
        dependencies = {}
        for service_name, config in self.services.items():
            dependencies[service_name] = config.dependencies
        return dependencies

3.2 FastAPI核心服务实现

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
# FastAPI风险评估服务核心实现
from fastapi import FastAPI, HTTPException, Depends, BackgroundTasks
from fastapi.middleware.cors import CORSMiddleware
from fastapi.middleware.gzip import GZipMiddleware
from pydantic import BaseModel, Field
from typing import Optional, List, Dict, Any
import asyncio
import aioredis
import asyncpg
from datetime import datetime
import json
import logging
from contextlib import asynccontextmanager

# 配置日志
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

# 数据模型定义
class RiskAssessmentRequest(BaseModel):
    """风险评估请求模型"""
    user_id: str = Field(..., description="用户ID")
    transaction_amount: float = Field(..., gt=0, description="交易金额")
    merchant_id: str = Field(..., description="商户ID")
    payment_method: str = Field(..., description="支付方式")
    device_info: Dict[str, Any] = Field(default_factory=dict, description="设备信息")
    location_info: Optional[Dict[str, Any]] = Field(None, description="位置信息")
    additional_data: Optional[Dict[str, Any]] = Field(None, description="额外数据")

class RiskAssessmentResponse(BaseModel):
    """风险评估响应模型"""
    request_id: str
    user_id: str
    risk_score: float = Field(..., ge=0, le=100, description="风险分数(0-100)")
    risk_level: str = Field(..., description="风险等级")
    decision: str = Field(..., description="决策结果")
    reasons: List[str] = Field(default_factory=list, description="风险原因")
    recommendations: List[str] = Field(default_factory=list, description="建议措施")
    processing_time_ms: float = Field(..., description="处理时间(毫秒)")
    timestamp: datetime = Field(default_factory=datetime.now)

# 数据库连接池
class DatabaseManager:
    """数据库管理器"""
    
    def __init__(self):
        self.pool: Optional[asyncpg.Pool] = None
        self.redis: Optional[aioredis.Redis] = None
    
    async def init_connections(self):
        """初始化数据库连接"""
        # PostgreSQL连接池
        self.pool = await asyncpg.create_pool(
            "postgresql://postgres:password@db:5432/riskdb",
            min_size=10,
            max_size=50,
            command_timeout=60
        )
        
        # Redis连接
        self.redis = await aioredis.from_url(
            "redis://redis:6379/0",
            encoding="utf-8",
            decode_responses=True
        )
        
        logger.info("数据库连接初始化完成")
    
    async def close_connections(self):
        """关闭数据库连接"""
        if self.pool:
            await self.pool.close()
        if self.redis:
            await self.redis.close()
        logger.info("数据库连接已关闭")

# 风险评估引擎
class RiskAssessmentEngine:
    """风险评估引擎"""
    
    def __init__(self, db_manager: DatabaseManager):
        self.db_manager = db_manager
        self.risk_rules = self._load_risk_rules()
    
    def _load_risk_rules(self) -> Dict[str, Any]:
        """加载风险规则"""
        return {
            "amount_thresholds": {
                "low": 1000,
                "medium": 10000,
                "high": 50000
            },
            "velocity_limits": {
                "daily_count": 10,
                "daily_amount": 100000,
                "hourly_count": 5
            },
            "blacklist_check": True,
            "device_fingerprint": True,
            "location_analysis": True
        }
    
    async def assess_risk(self, request: RiskAssessmentRequest) -> RiskAssessmentResponse:
        """执行风险评估"""
        start_time = datetime.now()
        request_id = f"req_{int(start_time.timestamp() * 1000)}"
        
        try:
            # 并行执行多个风险检查
            tasks = [
                self._check_amount_risk(request),
                self._check_velocity_risk(request),
                self._check_blacklist_risk(request),
                self._check_device_risk(request),
                self._check_location_risk(request)
            ]
            
            risk_results = await asyncio.gather(*tasks)
            
            # 计算综合风险分数
            risk_score = self._calculate_risk_score(risk_results)
            risk_level = self._determine_risk_level(risk_score)
            decision = self._make_decision(risk_level)
            
            # 收集风险原因和建议
            reasons = []
            recommendations = []
            for result in risk_results:
                if result.get("risk_factors"):
                    reasons.extend(result["risk_factors"])
                if result.get("recommendations"):
                    recommendations.extend(result["recommendations"])
            
            # 记录评估结果
            await self._log_assessment_result(request_id, request, risk_score, decision)
            
            processing_time = (datetime.now() - start_time).total_seconds() * 1000
            
            return RiskAssessmentResponse(
                request_id=request_id,
                user_id=request.user_id,
                risk_score=risk_score,
                risk_level=risk_level,
                decision=decision,
                reasons=list(set(reasons)),  # 去重
                recommendations=list(set(recommendations)),  # 去重
                processing_time_ms=processing_time
            )
            
        except Exception as e:
            logger.error(f"风险评估失败: {e}")
            raise HTTPException(status_code=500, detail="风险评估服务异常")
    
    async def _check_amount_risk(self, request: RiskAssessmentRequest) -> Dict[str, Any]:
        """检查金额风险"""
        amount = request.transaction_amount
        thresholds = self.risk_rules["amount_thresholds"]
        
        risk_factors = []
        recommendations = []
        score = 0
        
        if amount > thresholds["high"]:
            score = 30
            risk_factors.append("交易金额过高")
            recommendations.append("建议进行人工审核")
        elif amount > thresholds["medium"]:
            score = 15
            risk_factors.append("交易金额较高")
            recommendations.append("建议增强身份验证")
        elif amount > thresholds["low"]:
            score = 5
        
        return {
            "type": "amount_risk",
            "score": score,
            "risk_factors": risk_factors,
            "recommendations": recommendations
        }
    
    async def _check_velocity_risk(self, request: RiskAssessmentRequest) -> Dict[str, Any]:
        """检查交易频率风险"""
        user_id = request.user_id
        
        # 从Redis获取用户交易历史
        daily_key = f"user_daily:{user_id}:{datetime.now().strftime('%Y-%m-%d')}"
        hourly_key = f"user_hourly:{user_id}:{datetime.now().strftime('%Y-%m-%d:%H')}"
        
        daily_count = await self.db_manager.redis.get(f"{daily_key}:count") or 0
        daily_amount = await self.db_manager.redis.get(f"{daily_key}:amount") or 0
        hourly_count = await self.db_manager.redis.get(f"{hourly_key}:count") or 0
        
        daily_count = int(daily_count)
        daily_amount = float(daily_amount)
        hourly_count = int(hourly_count)
        
        limits = self.risk_rules["velocity_limits"]
        risk_factors = []
        recommendations = []
        score = 0
        
        if daily_count >= limits["daily_count"]:
            score += 20
            risk_factors.append("日交易次数超限")
            recommendations.append("限制当日交易")
        
        if daily_amount >= limits["daily_amount"]:
            score += 25
            risk_factors.append("日交易金额超限")
            recommendations.append("冻结账户")
        
        if hourly_count >= limits["hourly_count"]:
            score += 15
            risk_factors.append("小时交易频率过高")
            recommendations.append("延迟处理")
        
        return {
            "type": "velocity_risk",
            "score": min(score, 50),  # 最高50分
            "risk_factors": risk_factors,
            "recommendations": recommendations
        }
    
    async def _check_blacklist_risk(self, request: RiskAssessmentRequest) -> Dict[str, Any]:
        """检查黑名单风险"""
        # 检查用户黑名单
        async with self.db_manager.pool.acquire() as conn:
            blacklist_record = await conn.fetchrow(
                "SELECT * FROM blacklist WHERE user_id = $1 OR merchant_id = $2",
                request.user_id, request.merchant_id
            )
        
        if blacklist_record:
            return {
                "type": "blacklist_risk",
                "score": 100,  # 黑名单直接最高分
                "risk_factors": ["用户或商户在黑名单中"],
                "recommendations": ["拒绝交易"]
            }
        
        return {
            "type": "blacklist_risk",
            "score": 0,
            "risk_factors": [],
            "recommendations": []
        }
    
    async def _check_device_risk(self, request: RiskAssessmentRequest) -> Dict[str, Any]:
        """检查设备风险"""
        device_info = request.device_info
        
        # 简化的设备风险检查逻辑
        risk_factors = []
        recommendations = []
        score = 0
        
        if not device_info.get("device_id"):
            score += 10
            risk_factors.append("缺少设备标识")
            recommendations.append("要求设备认证")
        
        if device_info.get("is_emulator"):
            score += 20
            risk_factors.append("检测到模拟器")
            recommendations.append("拒绝交易")
        
        if device_info.get("is_rooted"):
            score += 15
            risk_factors.append("设备已root")
            recommendations.append("增强验证")
        
        return {
            "type": "device_risk",
            "score": score,
            "risk_factors": risk_factors,
            "recommendations": recommendations
        }
    
    async def _check_location_risk(self, request: RiskAssessmentRequest) -> Dict[str, Any]:
        """检查位置风险"""
        location_info = request.location_info
        
        if not location_info:
            return {
                "type": "location_risk",
                "score": 5,
                "risk_factors": ["缺少位置信息"],
                "recommendations": ["获取位置信息"]
            }
        
        # 简化的位置风险检查
        risk_factors = []
        recommendations = []
        score = 0
        
        # 检查是否为高风险地区
        country = location_info.get("country")
        if country in ["XX", "YY"]:  # 假设的高风险国家
            score += 25
            risk_factors.append("高风险地区交易")
            recommendations.append("人工审核")
        
        return {
            "type": "location_risk",
            "score": score,
            "risk_factors": risk_factors,
            "recommendations": recommendations
        }
    
    def _calculate_risk_score(self, risk_results: List[Dict[str, Any]]) -> float:
        """计算综合风险分数"""
        total_score = sum(result["score"] for result in risk_results)
        # 使用加权平均,避免分数过高
        return min(total_score * 0.8, 100.0)
    
    def _determine_risk_level(self, risk_score: float) -> str:
        """确定风险等级"""
        if risk_score >= 70:
            return "HIGH"
        elif risk_score >= 40:
            return "MEDIUM"
        elif risk_score >= 20:
            return "LOW"
        else:
            return "MINIMAL"
    
    def _make_decision(self, risk_level: str) -> str:
        """做出决策"""
        decision_map = {
            "HIGH": "REJECT",
            "MEDIUM": "REVIEW",
            "LOW": "APPROVE_WITH_MONITORING",
            "MINIMAL": "APPROVE"
        }
        return decision_map.get(risk_level, "REVIEW")
    
    async def _log_assessment_result(self, request_id: str, request: RiskAssessmentRequest, 
                                   risk_score: float, decision: str):
        """记录评估结果"""
        async with self.db_manager.pool.acquire() as conn:
            await conn.execute(
                """
                INSERT INTO risk_assessments 
                (request_id, user_id, merchant_id, amount, risk_score, decision, created_at)
                VALUES ($1, $2, $3, $4, $5, $6, $7)
                """,
                request_id, request.user_id, request.merchant_id, 
                request.transaction_amount, risk_score, decision, datetime.now()
            )

# FastAPI应用初始化
@asynccontextmanager
async def lifespan(app: FastAPI):
    # 启动时初始化
    await db_manager.init_connections()
    yield
    # 关闭时清理
    await db_manager.close_connections()

app = FastAPI(
    title="风险评估API",
    description="智能风控系统核心API",
    version="1.0.0",
    lifespan=lifespan
)

# 中间件配置
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)
app.add_middleware(GZipMiddleware, minimum_size=1000)

# 全局变量
db_manager = DatabaseManager()
risk_engine = RiskAssessmentEngine(db_manager)

# API路由
@app.post("/api/v1/risk/assess", response_model=RiskAssessmentResponse)
async def assess_risk(request: RiskAssessmentRequest, background_tasks: BackgroundTasks):
    """风险评估接口"""
    result = await risk_engine.assess_risk(request)
    
    # 异步更新用户交易统计
    background_tasks.add_task(update_user_statistics, request)
    
    return result

@app.get("/api/v1/health")
async def health_check():
    """健康检查接口"""
    return {"status": "healthy", "timestamp": datetime.now()}

async def update_user_statistics(request: RiskAssessmentRequest):
    """更新用户交易统计"""
    user_id = request.user_id
    amount = request.transaction_amount
    
    # 更新Redis统计数据
    daily_key = f"user_daily:{user_id}:{datetime.now().strftime('%Y-%m-%d')}"
    hourly_key = f"user_hourly:{user_id}:{datetime.now().strftime('%Y-%m-%d:%H')}"
    
    # 使用Redis管道提高性能
    pipe = db_manager.redis.pipeline()
    pipe.incr(f"{daily_key}:count")
    pipe.incrbyfloat(f"{daily_key}:amount", amount)
    pipe.incr(f"{hourly_key}:count")
    pipe.expire(f"{daily_key}:count", 86400)  # 24小时过期
    pipe.expire(f"{daily_key}:amount", 86400)
    pipe.expire(f"{hourly_key}:count", 3600)  # 1小时过期
    await pipe.execute()

if __name__ == "__main__":
    import uvicorn
    uvicorn.run(app, host="0.0.0.0", port=8000)

3.3 Django管理后台实现

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Django管理后台核心配置
# settings.py
from pathlib import Path
import os

BASE_DIR = Path(__file__).resolve().parent.parent

# 基础配置
SECRET_KEY = os.getenv('SECRET_KEY', 'your-secret-key')
DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', 'localhost,127.0.0.1').split(',')

# 应用配置
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'django_filters',
    'corsheaders',
    'risk_management',  # 风险管理应用
    'user_management',  # 用户管理应用
    'system_monitoring',  # 系统监控应用
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'admin_panel.urls'

# 数据库配置
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': os.getenv('DB_NAME', 'admindb'),
        'USER': os.getenv('DB_USER', 'postgres'),
        'PASSWORD': os.getenv('DB_PASSWORD', 'password'),
        'HOST': os.getenv('DB_HOST', 'db'),
        'PORT': os.getenv('DB_PORT', '5432'),
        'OPTIONS': {
            'MAX_CONNS': 20,
        }
    }
}

# Redis配置
CACHES = {
    'default': {
        'BACKEND': 'django_redis.cache.RedisCache',
        'LOCATION': os.getenv('REDIS_URL', 'redis://redis:6379/1'),
        'OPTIONS': {
            'CLIENT_CLASS': 'django_redis.client.DefaultClient',
        }
    }
}

# REST Framework配置
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 20,
    'DEFAULT_FILTER_BACKENDS': [
        'django_filters.rest_framework.DjangoFilterBackend',
        'rest_framework.filters.SearchFilter',
        'rest_framework.filters.OrderingFilter',
    ],
}

# 国际化配置
LANGUAGE_CODE = 'zh-hans'
TIME_ZONE = 'Asia/Shanghai'
USE_I18N = True
USE_TZ = True

# 静态文件配置
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')

# 日志配置
LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'verbose': {
            'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}',
            'style': '{',
        },
    },
    'handlers': {
        'file': {
            'level': 'INFO',
            'class': 'logging.FileHandler',
            'filename': 'django.log',
            'formatter': 'verbose',
        },
        'console': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
            'formatter': 'verbose',
        },
    },
    'root': {
        'handlers': ['console', 'file'],
        'level': 'INFO',
    },
}

四、项目落地过程中的挑战与解决方案

4.1 性能优化实践

在项目实施过程中,我们遇到了几个关键的性能挑战:

挑战1:数据库查询性能瓶颈

  • 问题:复杂的风险规则查询导致响应时间过长
  • 解决方案:实施查询优化和缓存策略
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# 数据库查询优化示例
class OptimizedRiskQueries:
    """优化的风险查询类"""
    
    def __init__(self, db_pool, redis_client):
        self.db_pool = db_pool
        self.redis = redis_client
    
    async def get_user_risk_profile(self, user_id: str) -> Dict[str, Any]:
        """获取用户风险画像(带缓存)"""
        cache_key = f"user_profile:{user_id}"
        
        # 先尝试从缓存获取
        cached_profile = await self.redis.get(cache_key)
        if cached_profile:
            return json.loads(cached_profile)
        
        # 缓存未命中,查询数据库
        async with self.db_pool.acquire() as conn:
            # 使用优化的SQL查询
            profile = await conn.fetchrow(
                """
                SELECT 
                    u.user_id,
                    u.risk_level,
                    u.last_assessment_date,
                    COUNT(ra.id) as assessment_count,
                    AVG(ra.risk_score) as avg_risk_score,
                    MAX(ra.risk_score) as max_risk_score
                FROM users u
                LEFT JOIN risk_assessments ra ON u.user_id = ra.user_id
                    AND ra.created_at >= NOW() - INTERVAL '30 days'
                WHERE u.user_id = $1
                GROUP BY u.user_id, u.risk_level, u.last_assessment_date
                """,
                user_id
            )
        
        if profile:
            profile_dict = dict(profile)
            # 缓存结果,过期时间5分钟
            await self.redis.setex(
                cache_key, 
                300, 
                json.dumps(profile_dict, default=str)
            )
            return profile_dict
        
        return {}
    
    async def batch_get_merchant_info(self, merchant_ids: List[str]) -> Dict[str, Dict]:
        """批量获取商户信息"""
        if not merchant_ids:
            return {}
        
        # 构建批量查询
        placeholders = ','.join(f'${i+1}' for i in range(len(merchant_ids)))
        
        async with self.db_pool.acquire() as conn:
            merchants = await conn.fetch(
                f"""
                SELECT merchant_id, name, category, risk_level, 
                       created_at, last_transaction_date
                FROM merchants 
                WHERE merchant_id IN ({placeholders})
                """,
                *merchant_ids
            )
        
        return {m['merchant_id']: dict(m) for m in merchants}

挑战2:高并发下的系统稳定性

  • 问题:在高并发场景下出现连接池耗尽和内存泄漏
  • 解决方案:实施连接池管理和资源监控
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# 连接池管理和监控
class ConnectionPoolManager:
    """连接池管理器"""
    
    def __init__(self):
        self.pools = {}
        self.metrics = {
            'total_connections': 0,
            'active_connections': 0,
            'pool_hits': 0,
            'pool_misses': 0
        }
    
    async def create_pool(self, name: str, dsn: str, **kwargs):
        """创建连接池"""
        default_config = {
            'min_size': 5,
            'max_size': 20,
            'command_timeout': 60,
            'server_settings': {
                'application_name': f'risk_system_{name}',
                'tcp_keepalives_idle': '600',
                'tcp_keepalives_interval': '30',
                'tcp_keepalives_count': '3'
            }
        }
        default_config.update(kwargs)
        
        pool = await asyncpg.create_pool(dsn, **default_config)
        self.pools[name] = pool
        
        # 启动监控任务
        asyncio.create_task(self._monitor_pool(name, pool))
        
        return pool
    
    async def _monitor_pool(self, name: str, pool: asyncpg.Pool):
        """监控连接池状态"""
        while True:
            try:
                # 更新连接池指标
                self.metrics[f'{name}_size'] = pool.get_size()
                self.metrics[f'{name}_min_size'] = pool.get_min_size()
                self.metrics[f'{name}_max_size'] = pool.get_max_size()
                self.metrics[f'{name}_idle_size'] = pool.get_idle_size()
                
                # 检查连接池健康状态
                if pool.get_idle_size() == 0 and pool.get_size() == pool.get_max_size():
                    logger.warning(f"连接池 {name} 可能已满,考虑增加最大连接数")
                
                await asyncio.sleep(30)  # 每30秒检查一次
                
            except Exception as e:
                logger.error(f"连接池监控异常: {e}")
                await asyncio.sleep(60)
    
    async def get_pool_stats(self) -> Dict[str, Any]:
        """获取连接池统计信息"""
        stats = {}
        for name, pool in self.pools.items():
            stats[name] = {
                'size': pool.get_size(),
                'min_size': pool.get_min_size(),
                'max_size': pool.get_max_size(),
                'idle_size': pool.get_idle_size(),
                'health_status': 'healthy' if pool.get_idle_size() > 0 else 'warning'
            }
        return stats

4.2 开发效率提升

挑战3:多框架项目的开发协调

  • 问题:FastAPI和Django项目的开发流程和部署流程不统一
  • 解决方案:建立统一的开发工具链和CI/CD流程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# .github/workflows/ci-cd.yml
name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        service: [risk-api, admin-panel, data-worker]
    
    steps:
    - uses: actions/checkout@v3
    
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.9'
    
    - name: Install dependencies
      run: |
        cd services/${{ matrix.service }}
        pip install -r requirements.txt
        pip install -r requirements-dev.txt
    
    - name: Run tests
      run: |
        cd services/${{ matrix.service }}
        pytest tests/ --cov=. --cov-report=xml
    
    - name: Upload coverage
      uses: codecov/codecov-action@v3
      with:
        file: services/${{ matrix.service }}/coverage.xml
        flags: ${{ matrix.service }}

  build:
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    
    steps:
    - uses: actions/checkout@v3
    
    - name: Build and push Docker images
      run: |
        echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
        
        for service in risk-api admin-panel data-worker; do
          docker build -t myregistry/$service:${{ github.sha }} services/$service/
          docker push myregistry/$service:${{ github.sha }}
          docker tag myregistry/$service:${{ github.sha }} myregistry/$service:latest
          docker push myregistry/$service:latest
        done

  deploy:
    needs: build
    runs-on: ubuntu-latest
    
    steps:
    - name: Deploy to Kubernetes
      run: |
        kubectl set image deployment/risk-api risk-api=myregistry/risk-api:${{ github.sha }}
        kubectl set image deployment/admin-panel admin-panel=myregistry/admin-panel:${{ github.sha }}
        kubectl set image deployment/data-worker data-worker=myregistry/data-worker:${{ github.sha }}
        kubectl rollout status deployment/risk-api
        kubectl rollout status deployment/admin-panel
        kubectl rollout status deployment/data-worker

4.3 运维监控体系

挑战4:多服务架构的监控和故障排查

  • 问题:分布式架构下的问题定位困难
  • 解决方案:建立完善的监控和链路追踪系统
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# 统一监控和告警系统
from prometheus_client import Counter, Histogram, Gauge, start_http_server
from functools import wraps
import time
import logging
from typing import Callable, Any

# Prometheus指标定义
REQUEST_COUNT = Counter(
    'http_requests_total', 
    'Total HTTP requests', 
    ['method', 'endpoint', 'status']
)

REQUEST_DURATION = Histogram(
    'http_request_duration_seconds',
    'HTTP request duration',
    ['method', 'endpoint']
)

ACTIVE_CONNECTIONS = Gauge(
    'active_database_connections',
    'Active database connections',
    ['pool_name']
)

RISK_ASSESSMENT_DURATION = Histogram(
    'risk_assessment_duration_seconds',
    'Risk assessment processing time'
)

class MonitoringMiddleware:
    """监控中间件"""
    
    def __init__(self, app_name: str):
        self.app_name = app_name
        self.logger = logging.getLogger(f"{app_name}.monitoring")
    
    def __call__(self, func: Callable) -> Callable:
        @wraps(func)
        async def wrapper(*args, **kwargs):
            start_time = time.time()
            
            try:
                # 执行原函数
                result = await func(*args, **kwargs)
                
                # 记录成功指标
                duration = time.time() - start_time
                REQUEST_DURATION.labels(
                    method='POST', 
                    endpoint=func.__name__
                ).observe(duration)
                
                REQUEST_COUNT.labels(
                    method='POST', 
                    endpoint=func.__name__, 
                    status='200'
                ).inc()
                
                return result
                
            except Exception as e:
                # 记录失败指标
                REQUEST_COUNT.labels(
                    method='POST', 
                    endpoint=func.__name__, 
                    status='500'
                ).inc()
                
                self.logger.error(f"函数 {func.__name__} 执行失败: {e}")
                raise
                
        return wrapper

class HealthChecker:
    """健康检查器"""
    
    def __init__(self, db_manager, redis_client):
        self.db_manager = db_manager
        self.redis_client = redis_client
    
    async def check_database_health(self) -> Dict[str, Any]:
        """检查数据库健康状态"""
        try:
            async with self.db_manager.pool.acquire() as conn:
                result = await conn.fetchval("SELECT 1")
                return {
                    "status": "healthy" if result == 1 else "unhealthy",
                    "response_time_ms": 0,  # 实际应该测量
                    "active_connections": self.db_manager.pool.get_size()
                }
        except Exception as e:
            return {
                "status": "unhealthy",
                "error": str(e),
                "active_connections": 0
            }
    
    async def check_redis_health(self) -> Dict[str, Any]:
        """检查Redis健康状态"""
        try:
            await self.redis_client.ping()
            return {"status": "healthy"}
        except Exception as e:
            return {"status": "unhealthy", "error": str(e)}
    
    async def get_system_health(self) -> Dict[str, Any]:
        """获取系统整体健康状态"""
        db_health = await self.check_database_health()
        redis_health = await self.check_redis_health()
        
        overall_status = "healthy"
        if db_health["status"] != "healthy" or redis_health["status"] != "healthy":
            overall_status = "unhealthy"
        
        return {
            "overall_status": overall_status,
            "components": {
                "database": db_health,
                "redis": redis_health
            },
            "timestamp": datetime.now().isoformat()
        }

五、项目收益与效果评估

5.1 性能提升效果

经过6个月的项目实施和优化,我们取得了显著的性能提升:

性能指标 优化前 优化后 提升幅度
API响应时间 300ms 45ms 85%
并发处理能力 200 req/s 850 req/s 325%
系统可用性 99.5% 99.9% 0.4%
错误率 0.8% 0.1% 87.5%
资源利用率 70% 45% 节省35%

5.2 开发效率提升

  • 开发周期缩短:通过框架选型和工具链优化,新功能开发周期从2周缩短到1周
  • 代码质量提升:通过统一的代码规范和自动化测试,代码缺陷率降低60%
  • 部署效率:从手动部署到自动化CI/CD,部署时间从2小时缩短到15分钟

5.3 业务价值实现

  • 风险识别准确率:从85%提升到95%
  • 误报率降低:从15%降低到5%
  • 处理效率提升:日处理交易量从10万笔提升到50万笔
  • 运维成本降低:通过自动化监控和告警,运维人力成本降低40%

六、关键经验总结与最佳实践

6.1 框架选型经验

  1. 性能优先原则:对于高并发、低延迟的核心业务,优先选择异步框架
  2. 生态完整性:对于复杂的管理功能,选择生态成熟的框架能显著提升开发效率
  3. 团队技能匹配:框架选择要考虑团队的技术栈和学习成本
  4. 混合架构可行性:不同业务场景可以选择不同的技术栈,通过API网关统一对外服务

6.2 项目实施最佳实践

  1. 渐进式迁移:从单体架构到微服务架构的迁移应该是渐进式的
  2. 监控先行:在系统上线前就要建立完善的监控体系
  3. 自动化测试:高质量的自动化测试是系统稳定性的重要保障
  4. 文档驱动:详细的技术文档和API文档能显著降低维护成本

6.3 技术债务管理

  1. 定期重构:建立定期的代码重构计划,避免技术债务积累
  2. 性能监控:持续监控系统性能,及时发现和解决性能瓶颈
  3. 依赖管理:定期更新依赖包,保持系统的安全性和稳定性
  4. 知识传承:建立完善的知识库和培训体系,降低人员流动风险

总结

通过这个智能风控系统的项目实践,我们深刻体会到Python Web框架选型对项目成功的重要性。FastAPI + Django的混合架构不仅充分发挥了各自的技术优势,还实现了开发效率和系统性能的双重提升。

核心收获:

  1. 技术选型要服务于业务目标:不同的业务场景需要不同的技术方案,没有银弹
  2. 性能优化是系统工程:从架构设计、代码实现到运维监控,每个环节都影响最终性能
  3. 自动化是提升效率的关键:从开发、测试到部署的全流程自动化能显著提升团队效率
  4. 监控和可观测性至关重要:完善的监控体系是系统稳定运行的基础

对于Python Web开发者,建议在框架选型时充分考虑项目的具体需求,不要盲目追求新技术,而要选择最适合的技术方案。同时,要重视系统的可维护性和可扩展性,为项目的长期发展奠定坚实基础。

希望这些实战经验能为正在进行Python Web项目的开发者提供有价值的参考,帮助大家在技术选型和项目实施中少走弯路,更快地实现业务目标。