def register(): result = {} if request.method == 'POST': username = request.values.get('username') password = request.values.get('password') email = request.values.get('email') if username and password and email: user = User.query.filter(User.username == username or User.email == email).all() if user: result.update(msg='账号或者邮箱已经存在', status=-2) else: pwd = generate_password_hash(password) user = User(username=username, password=pwd, email=email) db.session.add(user) db.session.commit() #发送激活邮箱 msg = Message('激活邮件', body='用户您好', html=render_template('activate.html', username=username), sender='*****@*****.**', recipients=[email]) mail.send(msg) #将用户缓存到redis # rds.set('username', username, ex=10 * 60) cache.set('username', username, timeout=10 * 60) else: result.update(msg='必要参数不能为空', status=-1) else: result.update(msg='错误的请求方式', status=400) return jsonify(result)
def _verify(): token = get_token() if not token: abort(RET.Forbidden, msg='请登录', status=RET.REENTRY) token_data = Auth.decode_auth_token(token) token_id = token_data['data']['id'] token_time = token_data['data']['login_time'] # cache 记录的token,如果cache中没有这个token cache_token = cache.get(token_id) if not cache_token: abort(RET.Forbidden, msg='请重新登录!', status=RET.REENTRY) # 用户是否存在 admin = get_admin(token_id) if not admin: abort(RET.Forbidden, msg='请重新登录', status=RET.REENTRY) # 超时生成新的token now_time = datetime.datetime.now() g.admin = admin # g.auth = token # 超过30分钟就要重新获取token if (datetime.datetime.strptime(token_time, "%Y-%m-%d %H:%M:%S") + datetime.timedelta(minutes=60 * 8)) < now_time: cache.delete(token) new_token = Auth.encode_auth_token(admin.id) cache.set(admin.id, new_token, timeout=60 * 60 * 8) data = {'status': RET.RESETOKEN, 'token': new_token} return data # 其他用户异地登录 if cache_token != token: abort(RET.Forbidden, msg='当前账户在其他地方登录,您已被强制下线!', status=RET.REENTRY)
def post(self): args = lr_parser.parse_args() phone = args.get('mobile') code = args.get('code') cache_code = cache.get(phone) if cache_code and code == cache_code: user = User.query.filter(User.phone == phone).first() if not user: user = User() user.phone = phone s = '' for i in range(13): ran = random.randint(0, 9) s += str(ran) user.username = '******' + s db.session.add(user) db.session.commit() token = str(uuid.uuid4()).replace('-', '') + str( random.randint(100, 999)) cache.set(token, phone) return jsonify(status=200, msg='登录成功', token=token) else: return jsonify(status=400, errmsg='验证码错误')
def post(self): parse = parser.parse_args() #用户信息 user = User() user.name = parse.get('name') user.password = generate_password_hash(parse.get('password')) user.email = parse.get('email') user.phone = parse.get('phone') user.token = generate_token() #存入数据库(考虑账户邮箱有唯一约束,要捕获异常) try: #存入数据库 save_db(user) responseData = {} responseData['status'] = 200 responseData['msg'] = '注册成功' responseData['data'] = user #发送邮箱 active_mail(user) #缓存设置 cache.set(user.token, '超时处理', timeout=30) return responseData except Exception as e: responseData = {} responseData['status'] = 406 responseData['msg'] = '该邮箱已经被占用' return responseData
def register(): if request.method == 'GET': return render_template('register.html') elif request.method == 'POST': username = request.form.get('username') password = request.form.get('password') email = request.form.get('email') users = User.query.filter(User.username == username) if users.count(): return '用户已存在,请重新选择' users = User.query.filter(User.email == email) if users.count(): return '邮箱已存在,请重新选择' user = User() user.username = username user.password = password user.email = email db.session.add(user) db.session.commit() token = uuid.uuid5(uuid.uuid4(), 'aa').hex cache.set(token, user.id, timeout=60 * 3) session['token'] = token return redirect(url_for('blue.index'))
def post(self): ''' 登录 ''' args_login = parse_login.parse_args() password = args_login.get('password') username = args_login.get('username').lower() captcha = args_login.get('captcha') text = cache.get('image_code_%s'%args_login.get('image_code')) if not text: abort(RET.Forbidden,msg='验证码错误') if captcha.lower() != text.lower(): abort(RET.Forbidden,msg='验证码错误') cache.delete('image_code_%s'%args_login.get('image_code')) admin = Admin.query.filter_by(username = username,is_del='0').first() if not admin: abort(RET.BadRequest,msg='用户名或密码错误') if not admin.check_pwd(password): abort(RET.Unauthorized,msg='用户名或密码错误') token = Auth.encode_auth_token(admin.id) cache.set(admin.id,token,timeout=60*60*8) # 记录登陆日志 admin_log = AdminLog() admin_log.username = admin.username admin_log.ip = request.remote_addr admin_log.add() data = { 'status':RET.OK, 'msg':'登录成功', 'token':token } return data
def psot(self): args = sms_parser.parse_args() mobile = args.get('mobile') ret, code = send_duanxin(mobile) if ret is not None: if ret["code"] == 200: cache.set(mobile, code, timeout=1800) return jsonify(code=200, msg='短信发送成功') else: return jsonify(code=400, msg='短信发送失败')
def post(self): parse = parser.parse_args() user = User() user.username = parse.get('username') user.password = generate_password_hash(parse.get('password')) user.email = parse.get('email') response_data = { 'date': str(time.time()), } # 数据处理 response_data['status'] = 406 response_data['user'] = '' users = User.query.filter(User.username == user.username) if users.count(): # 存在 response_data['msg'] = '用户名已存在,注册失败!' return response_data users = User.query.filter(User.email == user.email) if users.count(): response_data['msg'] = '邮箱已存在,注册失败!' return response_data # 存入数据库 db.session.add(user) db.session.commit() # 状态保持 token = uuid.uuid5(uuid.uuid4(), 'regisger').hex cache.set(token, user.id, timeout=60 * 10) # 发送邮件 active_url = 'http://127.0.0.1:5000/api/v1/active/?token=' + token tempplate_str = render_template('mail_active.html', active_url=active_url, username=user.username) msg = Message( subject='AXF激活邮件', # 主题 sender='*****@*****.**', # 发件人 recipients=[user.email], # 收件人 html=tempplate_str # 正文 ) mail.send(msg) # 返回数据 response_data['msg'] = '注册成功' response_data['status'] = 200 response_data['user'] = user response_data['token'] = token return response_data
def post(self): parse = parser.parse_args() phone = parse.get('phone') # 短信应用SDK AppID appid = 1400112809 # SDK AppID是1400开头 # 短信应用SDK AppKey appkey = "8d8b808cb9073023631d241951f49fb4" # 需要发送短信的手机号码 phone_numbers = [phone] # 短信模板ID,需要在短信应用中申请 template_id = 166915 # NOTE: 这里的模板ID`7839`只是一个示例,真实的模板ID需要在短信控制台中申请 # templateId 7839 对应的内容是"您的验证码是: {1}" # 签名 sms_sign = "钟远智工作经验分享" # NOTE: 这里的签名"腾讯云"只是一个示例,真实的签名需要在短信控制台中申请,另外签名参数使用的是`签名内容`,而不是`签名ID` ssender = SmsSingleSender(appid, appkey) # 模板需要的参数 # 短信验证码: {1},请于{2}分钟内填写。如非本人操作,请忽略本短信。 temp_random = random.randrange(10000, 100000) # 缓存验证码(后续过期处理,以及验证处理) cache.set(phone, temp_random, timeout=30) print(phone, cache.get(phone), type(phone)) params = [ temp_random, 10 ] # 当模板没有参数时,`params = []`,数组具体的元素个数和模板中变量个数必须一致,例如事例中templateId:5678对应一个变量,参数数组中元素个数也必须是一个 try: result = ssender.send_with_param( 86, phone_numbers[0], template_id, params, sign=sms_sign, extend="", ext="") # 签名参数未提供或者为空时,会使用默认签名发送短信 except HTTPError as e: print(e) except Exception as e: print(e) responseData = {'msg': '发送短信成功'} return responseData
def post(self): responsedata = {'time': str(int(time.time()))} parse = parser.parse_args() user = User() user.telephone = parse.get('telephone') user.password = generate_password_hash(parse.get('password')) #加密处理 user.name = parse.get('name') user.email = parse.get('email') # 图片数据 imgfile = parse.get('filename') # 图片名称 filename = '%s-%s' % (user.telephone, secure_filename( imgfile.filename)) # 文件路径 filepath = os.path.join(UPLOAD_RID, filename) user.token = get_token() users = User.query.filter(User.telephone == user.telephone) if users.count() > 0: responsedata['msg'] = '注册失败!' responsedata['status'] = 406 responsedata['err'] = '此手机号已经被注册!' return responsedata else: # 保存文件 imgfile.save(filepath) # 更新用户信息 user.icon = filename db.session.add(user) db.session.commit() #邮件信息 msg = Message( subject='Tpp激活邮件', recipients=[user.email], #收件人邮箱 sender="*****@*****.**") #发件人 body_html = render_template( 'mail_send.html', name=user.name, active_url='http://127.0.0.1:5000/api/v1/useractive?token=' + user.token) msg.html = body_html #发送邮件 mail.send(msg) #状态保持,即控制注册链接的有效时间 cache.set(user.token, user.id, timeout=60) responsedata['msg'] = '注册成功!' responsedata['status'] = 200 responsedata['data'] = user return responsedata
def get(self): """ 图片验证码 """ args = parse.parse_args() image_code = args.get('image_code') text, image_data = Captcha.gene_graph_captcha() try: cache.set('image_code_%s' % image_code, text, timeout=3 * 60) data = {'status': RET.OK, 'data': image_data} return data except Exception as e: current_app.logger.error(e) abort(RET.BadRequest, msg='获取验证码失败')
def post(self): parse = parser.parse_args() username = parse.get('username') password = parse.get('password') response_data = {'date': str(time.time()), 'status': 406} users = User.query.filter(User.username == username) if users.count(): # 存在 user = users.first() if check_password_hash(user.password, password): # 验证通过 # 删除 if user.isdelte: response_data['msg'] = '登录失败,用户不存在' return response_data # 状态保持 token = uuid.uuid5(uuid.uuid4(), 'regisger').hex cache.set(token, user.id, timeout=60 * 10) # 激活 if user.isactive: response_data['msg'] = '登录成功' response_data['status'] = 200 response_data['user'] = user response_data['token'] = token return response_data else: # 发送邮件 active_url = 'http://127.0.0.1:5000/api/v1/active/?token=' + token tempplate_str = render_template('mail_active.html', active_url=active_url, username=user.username) msg = Message( subject='AXF激活邮件', # 主题 sender='*****@*****.**', # 发件人 recipients=[user.email], # 收件人 html=tempplate_str # 正文 ) mail.send(msg) response_data['msg'] = '登录失败,用户未激活。激活邮件已经重新发送,请注意查看邮箱!' return response_data else: response_data['msg'] = '登录失败,密码错误' return response_data else: # 不存在 response_data['msg'] = '登录失败,用户名不存在' return response_data
def heheda(): #反爬虫 首先检查有没有user-agent 再看ip如果在30s内访问10次 就搞他 user_agent = request.user_agent if not user_agent: return jsonify({'code': 10000, 'msg': 'h换个网站吧'}), 500 ip = request.remote_addr key = ip + 'fanpa' times = cache.get(key) if not times: cache.set(key, 1, 30) else: if int(times) >= 3: return '搞你M啊', 404 else: cache.set(key, times + 1, 30)
def my_cache(): #先获取ip,拼接我们的key ip = request.remote_addr key = ip + 'day04' #去缓存尝试拿数据 data = cache.get(key) if data: print('有数据') return jsonify(data) else: # 一顿查数据 new_data = {'code': 1, 'msg': 'ok', 'data': '呵呵哒'} print('查数据') cache.set(key, new_data, 30) return jsonify(new_data)
def post(self): #获取数据 parse = parser.parse_args() email = parse.get('email') password = parse.get('password') responseData ={} #获取用户 users = User.query.filter(User.email==email) if users.count(): #有用户 user = users.first() #密码校验 if check_password_hash(user.password,password): #验证通过 if user.is_delete == True: # 已删除 responseData['status'] = 401 responseData['msg'] = '登录失败,用户已被注销!' return responseData if user.is_active == False: #未激活 #发送邮件 active_mail(user) #缓存token cache.set(user.token, '超时处理', timeout=30) responseData['status'] = 401 responseData['msg'] = '用户未激活,请查看邮件激活后操作!' return responseData # 验证成功 user.token = generate_token() save_db(user) responseData['status'] = 200 responseData['msg'] = '登录成功' responseData['data'] = user return responseData else: responseData['status'] = 401 responseData['msg'] = '登录失败,密码错误!' return responseData else: #没有用户 responseData['status'] =401 responseData['msg'] = '邮箱错误,请重新登录' return responseData
def post(self): args = password_login_parser.parse_args() mobile = args.get('mobile') password = args.get('password') # 判断用户 user = User.query.filter(User.phone == mobile).first() if user: if check_password_hash(user.password, password): # 说明用户是登录成功的 dfjkdj-hdfjhsd34-sdjf83748-3847fnmm token = str(uuid.uuid4()).replace('-', '') + str( random.randint(100, 999)) print('token:', token) # 存储用户的登录信息 cache.set(token, mobile) return {'status': 200, 'msg': '用户登录成功', 'token': token} return {'status': 400, 'msg': '账户名或者密码有误!'}
def login(): if request.method == 'GET': return render_template('login.html') elif request.method == 'POST': username = request.form.get('username') password = request.form.get('password') users = User.query.filter(User.username == username).filter( User.password == password) if users.count(): user = users.first() token = uuid.uuid5(uuid.uuid4(), 'aa').hex cache.set(token, user.id, timeout=60 * 3) session['token'] = token return redirect(url_for('blue.index')) else: return '登录失败,输入信息有误'
def post(self): args = parse_base.parse_args() password = args.get('password') action = args.get('action').lower() if action == USER_ACTION_REGISTER: args_register = parse_register.parse_args() username = args_register.get('username') phone = args_register.get('phone') movie_user = CinemaUser() movie_user.username = username movie_user.password = password movie_user.phone = phone if not movie_user.save(): abort(400, msg='create fail') data = { 'status': HTTP_CREATE_OK, 'msg': 'user create success', 'data': movie_user } return marshal(data, single_cinema_user_fields) elif action == USER_ACTION_LOGIN: args_login = parse_login.parse_args() username = args_login.get('username') phone = args_login.get('phone') user = get_cinema_user(username) or get_cinema_user(phone) if not user: abort(400, msg='用户不存在') if not user.check_password(password): abort(401, msg='密码错误') if user.is_delete: abort(401, msg='用户不存在') token = generate_cinema_user_token() cache.set(token, user.id, timeout=60 * 60 * 24 * 7) data = {'msg': 'login success', 'status': HTTP_OK, 'token': token} return data else: abort(400, msg='请提供正确的参数')
def sortGoods(): page = int(request.args.get("page") or 1) type = request.args.get("type") try: type = type.split("/")[0] cache.set("type", type) except: type = cache.get("type") pass print(type) per = 12 paginates = Goods.query.filter(Goods.type == type).paginate(page, per) if g.user: return render_template('market.html', type=type, paginates=paginates, name=g.user.name, img=g.user.img) return render_template("sort.html", paginates=paginates, type=type)
def register(): if request.method == 'GET': return render_template('register.html') elif request.method == 'POST': user = User() user.tel = request.form.get('tel') user.passrod = request.form.get('password') user.email = request.form.get('email') # print(request.form.get('tel'),request.form.get('password'),request.form.get('email')) # db.session.add(user) db.session.commit() # 状态保持 token = uuid.uuid5(uuid.uuid4(), 'register').hex session['token'] = token cache.set(token, user.id, timeout=60 * 2) return redirect(url_for('blue.index'))
def post(self): """ 注册 """ args = parse_base.parse_args() password = args.get('password') action = args.get('action').lower() # 注册 if action == USER_ACTION_REGISTER: args_register = parse_register.parse_args() username = args_register.get('username').lower() email = args_register.get('email') phone = args_register.get('phone') if get_user(username): abort(RET.BadRequest, msg='用户名已注册') if get_user(phone): abort(RET.BadRequest, msg='手机号码已注册') if get_user(email): abort(RET.BadRequest, msg='邮箱已注册') user = User() user.username = username user.password = password user.email = email user.phone = phone if user.add(): data = {'status': RET.Created, 'msg': '注册成功', 'data': user} return marshal(data, sing_user_fields) abort(RET.BadRequest, msg='注册失败') # 登录 elif action == USER_ACTION_LOGIN: args_login = parse_login.parse_args() username = args_login.get('username').lower() user = get_user(username) if not user: abort(RET.BadRequest, msg='用户名或密码错误') if (not user.check_pwd(password)) or user.is_del != '0': abort(RET.Unauthorized, msg='用户名或密码错误') token = uuid.uuid4().hex cache.set(token, user.id, timeout=60 * 60 * 7) data = {'status': RET.OK, 'msg': '登录成功', 'token': token} return data else: abort(RET.BadRequest, msg='参数错误,请检查后重试')
def get(self): args = reset_parser.parse_args() phone = args.get('mobile') imageCode = args.get('imageCode') code = session.get('code') if code and imageCode.lower() == code.lower(): user = User.query.filter(User.phone == phone).first() if user: ret, smscode = send_duanxin(phone) if ret is not None: if ret['code'] == 200: cache.set(phone, smscode, timeout=180) return jsonify(status=200, msg='短信发送成功') else: return jsonify(status=400, msg='短信发送失败') else: return jsonify(status=400, msg='此用户未注册') else: return jsonify(status=400, msg='验证码有误')
def post(self): responsedata = {'time': str(int(time.time()))} parse = parser.parse_args() telephone = parse.get('telephone') password = parse.get('password') # 加密处理 users = User.query.filter(User.telephone == telephone) if not users.count(): return format_response(msg='登录失败!', status=406, err='用户不存在!') user = users.first() if user.isdelete: return format_response(msg='登录失败!', status=406, err='用户已经注销!') if not check_password_hash(user.password, password): #校验密码 return format_response(msg='登录失败!', status=406, err='密码错误!') else: if not user.isactive: #激活 # 邮件信息 msg = Message( subject='Tpp激活邮件', recipients=[user.email], # 收件人邮箱 sender="*****@*****.**") # 发件人 body_html = render_template( 'mail_send.html', name=user.name, active_url='http://127.0.0.1:5000/api/v1/useractive?token=' + user.token) msg.html = body_html # 发送邮件 mail.send(msg) # 状态保持,即控制注册链接的有效时间 cache.set(user.token, user.id, timeout=60) return format_response(msg='登录失败!', status=406, err='用户还没有激活,激活链接已经重新发送!!') user.token = get_token() db.session.add(user) db.session.commit() return format_response(msg='登录成功!', status=200, data=user)
def login(): if request.method == 'GET': return render_template('login.html') elif request.method == 'POST': tel = request.form.get('tel') password = request.form.get('password') print(tel, password) users = User.query.filter(User.tel == tel).filter( User.passrod == password) if users.count(): user = users.first() # 状态保持 token = uuid.uuid5(uuid.uuid4(), 'register').hex session['token'] = token cache.set(token, user.id, timeout=60 * 5) return redirect(url_for('blue.index')) else: return '账号或密码错误'
def post(self): params = register_args.parse_args() email = params.get('email') pwd = params.get('pwd') confirm_pwd = params.get('confirm_pwd') # 判断密码和确认密码是否一致 if pwd != confirm_pwd: return {'code': 2, 'msg': '密码不一致'} res = User.create_user(email=email, pwd=pwd) # 发送邮件,激活 url = 'http://' + request.host + '/active/' + create_unique_str() if res: # send_email.delay(email, url, res.id) title = '欢迎注册爱鲜蜂后台管理' msg = Message(title, [email], sender='*****@*****.**') msg.html = render_template('register/active.html', url=url) mail.send(msg) # 设置缓存 key = url.split('/')[-1] cache.set(key, res.id, timeout=60 * 60) return {'data': '/index/'} else: return {'code': 3, 'msg': '注册失败,邮箱已被使用'}
def post(self): parse = parser.parse_args() user = User() user.username = parse.get('username') user.password = generate_password_hash(parse.get('password')) user.email = parse.get('email') response_data = { 'date': str(time.time()), 'status': 404, 'user': '', 'token': '', } users = User.query.filter(User.username == user.username) if users.count(): response_data['msg'] = '注册失败,用户名已存在,请重新注册!' return response_data users = User.query.filter(User.email == user.email) if users.count(): response_data['msg'] = '注册失败,邮箱已存在,请重新注册!' return response_data db.session.add(user) db.session.commit() # 状态保持 token = uuid.uuid5(uuid.uuid4(), 'register').hex cache.set(token, user.id, timeout=60 * 5) response_data['status'] = 200 response_data['user'] = user response_data['msg'] = '注册成功!!!' response_data['token'] = token return render_template(url_for('blue.index'))
def hello_world(): # 设置 cache.set('username', 'atom', timeout=60) return render_template('index.html')