Beispiel #1
0
 def delete(self, id):
     room = Room.query.get(id)
     if room is None:
         return api_abort(422, 'room do not exit')
     if g.current_user is not room.owner:
         return api_abort(403, 'permission denied')
     db.session.delete(room)
     db.session.commit()
Beispiel #2
0
 def put(self, id):  # 采用装饰器确认是否有权限
     room = Room.query.get(id)
     if room is None:
         return api_abort(422, 'room do not exit')
     if g.current_user is not room.owner:
         return api_abort(403, 'permission denied')
     data = room_put_reqparse.parse_args()
     data = room_put(data, room)
     return make_resp(data)
Beispiel #3
0
def signup(data):
    if User.query.filter_by(username=data['username']).first() is not None:
        return api_abort(401, 'username already exit')
    if User.query.filter_by(phone=data['phone']).first() is not None:
        return api_abort(401, 'phone already register')
    if not validate_code(data['phone'], data['verify_code'], 'create'):
        raise VerifyCodeError
    user = User(data['username'], data['password'], data['phone'])
    db.session.add(user)
    db.session.commit()
    g.current_user = user
    return user_schema(user)
Beispiel #4
0
    def delete(self):
        message = Message.query.get_or_404(id)

        if message.author is not g.current_user:
            return api_abort(403, 'permission denied')
        if datetime.utcnow().timestamp() - message.timestamp.timestamp(
        ) >= 120:
            return api_abort(403, 'time limit excess')

        data = message_schema(message)
        db.session.delete(message)
        db.session.commit()
        return make_resp(data)
Beispiel #5
0
    def get(self):
        action = request.args.get('action', None)
        phone = request.args.get('phone', None)
        if action is None or phone is None:
            return api_abort(400, 'action and phone is needed')
        code = random.randint(100001, 999999)

        if not check_time_interval(phone, 60):
            return api_abort(400, 'permission denied')

        send_message(phone, code)
        new_code = VerifyCode(code, phone, action)
        db.session.add(new_code)
        db.session.commit()
        return make_resp({})
Beispiel #6
0
 def put(self, id):
     data = user_put_reqparse.parse_args()
     if data['verify_code'] is None:
         if data['password'] is not None or data['phone'] is not None:
             return api_abort(400, 'verify code is needed')
     data = user_put(data)
     return make_resp(data=data)
Beispiel #7
0
    def decorated(*args, **kwargs):
        token_type, token = get_token()

        # Flask normally handles OPTIONS requests on its own, but in the
        # case it is configured to forward those to the application, we
        # need to ignore authentication headers and let the request through
        # to avoid unwanted interactions with CORS.
        if request.method != 'OPTIONS':
            if token_type is None:
                return api_abort(400, 'token missing')
            if token_type.lower() != 'bearer':
                return api_abort(400, 'The token type must be bearer.')
            if token is None:
                return token_missing()
            if not validate_token(token):
                raise InvalidTokenError
        return f(*args, **kwargs)
Beispiel #8
0
    def put(self, id):
        message = Message.query.get_or_404(id)
        data = message_put_reqparse.parse_args()

        if message.author is not g.current_user:
            return api_abort(403, 'permission denied')

        message.content = data['content']
        db.session.commit()
        return make_resp(message_schema(message))
Beispiel #9
0
 def post(self):
     data = room_post_reqparse.parse_args()
     if Room.query.filter_by(name=data['name']).first() is not None:
         return api_abort(422, 'room name already exit')
     room = Room(data['name'], data['introduce'])
     room.owner.append(g.current_user)
     room.users.append(g.current_user)
     db.session.add(room)
     db.session.commit()
     return make_resp(room_schema(room))
Beispiel #10
0
    def get(self, id):
        user = User.query.get(id)
        if user is None:
            return api_abort(422, 'user do not exit')

        if g.current_user.id != id:
            data = user_schema(user, False, False, False)
        else:
            data = user_schema(user)

        return make_resp(data)
Beispiel #11
0
    def post(self):
        action = request.args.get('action', None)
        # validate password or refresh_token before generate token
        if action == 'get' or action is None:
            data = token_get_reqparse.parse_args()
            user = User.query.filter_by(username=data['username']).first()
            if user is None or not user.validate_password(data['password']):
                return api_abort(
                    code=401,
                    message='Either the username or password was invalid.')
            g.current_user = user
        elif action is 'refresh':  # https://www.jianshu.com/p/25ab2f456904
            data = token_refresh_reqparse.parse_args()
            if not validate_token(data['refresh_token']):
                raise InvalidTokenError
        else:
            return api_abort(401, 'unknown action')

        data = generate_token(g.current_user)

        response = jsonify(data)
        response.headers['Cache-Control'] = 'no-store'
        response.headers['Pragma'] = 'no-cache'
        return response
Beispiel #12
0
 def delete(self, id):
     if len(g.current_user.rooms_owned) != 0:
         return api_abort(400, 'user owned some rooms')
     code = request.args.get('verify_code', None)
     data = user_delete(code)
     return make_resp(data)
Beispiel #13
0
 def get(self, id):
     room = Room.query.get(id)
     if room is None:
         return api_abort(422, 'room do not exit')
     data = room_schema(room)
     return make_resp(data)