def get_token_info():
"""获取令牌信息"""
form = TokenForm().validate_for_api()
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(form.token.data, return_header=True)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
r = {
'uid':
data[0]['uid'],
'nickname':
data[0]['nickname'],
'scope':
data[0]['scope'],
'create_at':
time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(data[1]['iat'])),
'expire_in':
datetime.datetime.utcfromtimestamp(
data[1]['exp']).strftime('%Y-%m-%d %H:%M:%S')
}
return restful_json(r)
def verify_auth_token(token):
"""
验证 token
:param token:
:return:
"""
s = Serializer(current_app.config.get('SECRET_KEY'))
try:
data = s.loads(token)
except BadSignature:
# 令牌无效
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
# 令牌过期
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 当前用户是否有权限访问视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_token(token, secret):
ua = request.headers.get('User-Agent', '')
if ua != WHITELIST_UA:
timestamp = int(request.headers.get('Timestamp', 0))
if abs(timestamp - int(time.time())) > 100:
raise AuthFailed()
my_secret = md5(token + str(timestamp))
if my_secret != secret:
raise AuthFailed()
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
user = User.get_by_id(uid)
if not user:
raise NotFound()
allow = is_in_scope(user.scope, request.endpoint)
if not allow:
raise Forbidden()
g.user = user
return True
def verify(email, password):
user = User.query.filter_original(email=email).first()
if user.status == 0:
raise AuthFailed(msg='账号已被禁用,请联系管理员', error_code=1008)
if not user.check_password(password):
raise AuthFailed()
scope = 'AdminScope' if user.auth == 2 else 'UserScope'
return {'uid': user.id, 'scope': scope}
def create_session_api():
form = LoginForm().validate_for_api().data_
user = User.get_by_id(form['username'])
if user is None:
raise AuthFailed('User not found')
if not user.check_password(form['password']):
raise AuthFailed('Wrong username or password')
login_user(user, remember=True)
raise Success('Login successful')
def verify(email, password):
user = User.query.filter_by(email=email).first()
if not user:
raise NotFound(msg='账户不存在!')
if not user.check_password(password):
raise AuthFailed(msg='密码错误')
if not user.check_active():
raise AuthFailed(msg='该账号没有登录权限')
return {'uid': user.id, 'auth': user.auth}
def verify_auth_token(token):
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
return User(data['uid'], data['type'], data['scope'])
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='invalid token', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expiration', error_code=1003)
uid = data['uid']
return User(uid)
def verify_auth_token(token):
"""token验证"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(error_code=1002, msg='token is invalid')
except SignatureExpired:
raise AuthFailed(error_code=1003, msg='token is expired ')
return User(openid=data.get('openid'), type=data.get('type'))
def verify_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token.encode('utf-8'))
except BadSignature:
raise AuthFailed(msg='token is invalid',error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired',error_code=1003)
return data
def verify_hashkey(hashkey):
# 解析hashkey
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(hashkey)
except BadSignature:
raise AuthFailed(msg='激活码失效', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='激活码过期', error_code=1003)
return data
def login_api():
form = LoginForm().validate_for_api()
username = form.username.data
password = form.password.data
user = get_user_by_username(username)
if not user:
raise AuthFailed('Username does not exist')
if not check_password(user, password):
raise AuthFailed('Wrong username or password')
login_user(user, remember=True)
return Success('Login successful')
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired')
uid = data['uid']
ac_type = data['type']
scope = data['scope']
return User(uid, ac_type, '')
def verify_group(token, password):
(uid, ac_type, scope) = decrypt_token(token)
current_user = User.get_or_404(id=uid)
group_id = current_user.group_id
# 非admin用户,先进行校验
if not current_user.is_admin:
if group_id is None:
raise AuthFailed(msg='您还不属于任何权限组,请联系系统管理员获得权限')
allowed = is_in_auth_scope(group_id, request.endpoint)
if not allowed:
raise AuthFailed(msg='权限不够,请联系系统管理员获得权限')
g.user = current_user # UserTuple(uid, ac_type, scope)
def verify_auth_token(token):
s = Serial(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='非法身份,请重新登录', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='身份过期,请重新登录', error_code=1003)
uid = data['uid']
ac_type = data['type']
auth = data['auth']
return User(uid, ac_type, auth, '')
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
# 如果无法解密,当前token无效
# 根据不同错误信息,返回具体的错误信息
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=10031)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=10032)
user_id = data['user_id']
scopes = data['scopes']
# user_name = data['user_name']
# request 视图函数
return User(user_id, scopes)
def verify_auth_token(token):
s = Serializer(current_app.config["SECRET_KEY"])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg="token is invalid", error_code=1002)
except SignatureExpired:
raise AuthFailed(msg="token is expired", error_code=1003)
uid = data["uid"]
ac_type = data["type"]
scope = data["scope"]
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(message='Invalid token', error_code=1002)
except SignatureExpired:
raise AuthFailed(message='Token has expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
if not is_permitted(scope, request.endpoint):
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token():
form = TokenForm().validate_for_api()
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(form.token.data, return_header=True)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
return jsonify({
'scope': data[0]['scope'],
'create_at': data[1]['iat'],
'expire_in': data[1]['exp'],
'uid': data[0]['uid']
})
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(error_code=1002, msg='token is invalid')
except SignatureExpired:
raise AuthFailed(error_code=1003, msg='token is expired')
uid = data['uid']
ac_type = data['type']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token): #获取token中的信息。验证token合法性
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) #解密的方法
except BadSignature: #验证合法性。如果是BadSignature异常,则抛出自定义的AuthFailed
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired: #验证是否过期
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
allow = is_in_scope(scope,
request.endpoint) #endpoint表示要访问的视图函数,类似于url_for
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='Token不合法', error_code=4011)
except SignatureExpired:
raise AuthFailed(msg='Token过期', error_code=4012)
uid = data['uid']
ac_type = data['ac_type']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return UserInSession(uid, ac_type, scope, False)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) # token在请求头
except BadSignature:
raise AuthFailed(msg='token 无效', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token 过期', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 可以获取要访问的视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise ForbiddenException()
return UserTuple(uid, ac_type, scope)
def verify_auth_token(token): #解密token
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) #解密token 如果报错则说明不合法
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
#request 获取要访问的视图函数
allow = is_in_scope(scope, request.endpoint) #权限验证
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_by_mobile(mobile, password):
user = User.query.filter_by(mobile=mobile) \
.first_or_404(e=UserException(msg='该账号未注册'))
if not user.check_password(password):
raise AuthFailed(msg='密码错误')
scope = Scope.match_user_scope(auth=user.auth)
return {'uid': user.id, 'scope': scope}
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
user_id = data['user_id']
name = data['name']
scope = None
# request 视图函数
#allow = is_in_scope(scope, request.endpoint)
#if not allow:
# raise Forbidden()
return User(user_id, name, scope)
def verify_by_email(email, password):
user = User.query.filter_by(email=email).first_or_404(
e=UserException(msg='该账号未注册'))
if not user.check_password(password):
raise AuthFailed(msg='密码错误')
scope = 'AdminScope' if user.auth == ScopeEnum.Admin else 'UserScope'
return {'uid': user.id, 'scope': scope}
def verify(email, password):
user = User.query.filter_by(email=email).first_or_404()
if not user.check_password(password):
raise AuthFailed()
scope = 'AdminScope' if user.auth == 2 else 'UserScope'
# 划分scope,实际可能不止两个用户类型
return {'uid': user.id, 'scope': scope}
def verify(email, password):
user = User.query.filter_by(email=email) \
.first_or_404(description="user not found")
if not user.check_password(password):
raise AuthFailed()
scope = 'AdminScope' if user.auth == 2 else 'UserScope'
return {'uid': user.id, 'scope': scope}
def verify_by_email(email, password):
""""用于 API 调用"""
user = User.query.filter_by(email=email).first_or_404()
if not user.check_password(password):
raise AuthFailed()
authority = 'AdminAuthority' if user.auth == 2 else 'UserAuthority'
return {'uid': user.id, 'authority': authority}