def auth(request):
logging.info('check usr: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info("check user: %s %s" % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info("set current user: %s" % user.email)
request.__user__ = user
if request.path.startswith("/manage/") and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound("/signin")
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None # 先把请求的__user__属性绑定None
cookie_str = request.cookies.get(COOKIE_NAME) # 通过cookie名取得加密cookie字符串,COOKIE_NAME是在headlers模块中定义的
if cookie_str:
user = yield from cookie2user(cookie_str) # 验证cookie,并得到用户信息
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user # 将用户信息绑定到请求上
# 如果请求路径是管理页面,但是用户不是管理员,将重定向到登陆页面
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
# 这里的not去掉,让用户可以正常登陆admin(之前是: not request.__user__.admin)->省缺值是False
if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info("check user: %s %s" % (request.method, request.path))
request.__user__ = None # 先绑定一个None到请求的__user__属性
cookie_str = request.cookies.get(COOKIE_NAME) # 通过cookie名取得加密cookie字符串(不明白的看看handlers.py)
if cookie_str:
user = yield from cookie2user(cookie_str) # 验证cookie,并得到用户信息
if user:
logging.info("set current user: %s" % user.email)
request.__user__ = user # 将用户信息绑定到请求上
# 请求的路径是管理页面,但用户非管理员,将会重定向到登录页面?
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def search():
page = request.args.get('page', '1')
page_index = get_page_index(page)
#keyword为搜索词,查询blog的name
keyword = request.form['keyword']
blogs = select(b for b in Blog if keyword in b.name)
num = len(blogs[:])
p = Page(num, page_index)
user = cookie2user()
if num == 0:
return render_template('blogs.html', page_index=page_index, user=user, page=p, blogs=blogs)
blogs = blogs.order_by(Blog.created_at)[p.offset: p.limit+p.offset]
return render_template('blogs.html', page_index=page_index, user=user, page=p, blogs=blogs)
def auth(request):
logging.info("check user: %s %s" % (request.method, request.path))
request.__user__ = None # 先绑定一个None到请求的__user__属性
cookie_str = request.cookies.get(COOKIE_NAME) # 通过cookie名取得加密cookie字符串(不明白的看看handlers.py)
if cookie_str:
user = yield from cookie2user(cookie_str) # 验证cookie,并得到用户信息
if user:
logging.info("set current user: %s" % user.email)
request.__user__ = user # 将用户信息绑定到请求上
# 请求的路径是管理页面,但用户非管理员,将会重定向到登录页面?
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def index():
page = request.args.get('page', '1')
page_index = get_page_index(page)
with db_session:
num = len(select(b for b in Blog)[:])
p = Page(num, page_index)
if num == 0:
blogs = []
else:
with db_session:
blogs = select(b for b in Blog).order_by(desc(Blog.created_at))[p.offset: p.limit+p.offset]
user = cookie2user()
return render_template('blogs.html', page_index=page_index, blogs=blogs, user=user, page=p)
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
request.__guide__ = None
request.__guide_text__ = None
request.__guide_cur__ = None
request.__manage_guide__ = None
request.__manage_guide_text__ = None
request.__manage_guide_cur__ = None
guide = ('personal_video_manage', 'personal_video_owe', 'personal_video_collection', 'personal_study_plane', 'personal_message')
guide_text = {}
guide_text['personal_video_manage'] = '教程管理'
guide_text['personal_video_owe'] = '拥有教程'
guide_text['personal_video_collection'] = '教程收藏'
guide_text['personal_study_plane'] = '学习计划'
guide_text['personal_message'] = '我的消息'
manage_guide = ('manage_user', 'manage_video', 'manage_advice')
manage_guide_text = {}
manage_guide_text['manage_user'] = '******'
manage_guide_text['manage_video'] = '教程管理'
manage_guide_text['manage_advice'] = '反馈信息管理'
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
if request.path.startswith('/personal_'):
request.__guide__ = guide
request.__guide_text__ = guide_text
temp_cur_guide = request.path[request.path.find('/')+1:request.path.rfind('/')]
if temp_cur_guide == 'personal_video_create':
temp_cur_guide = 'personal_video_manage'
elif temp_cur_guide == 'personal_study_plane' or temp_cur_guide == 'personal_study_plane_create' or temp_cur_guide == 'personal_study_plane_history':
temp_cur_guide = 'personal_study_plane'
request.__guide__ = guide
request.__guide_cur__ = temp_cur_guide
if request.path.startswith('/manage_'):
request.__manage_guide__ = manage_guide
request.__manage_guide_text__ = manage_guide_text
temp_cur_guide = request.path[request.path.find('/')+1:request.path.rfind('/')]
request.__manage_guide__ = manage_guide
request.__manage_guide_cur__ = temp_cur_guide
#if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
# return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
# 把当前用户绑定到request上
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user:%s' % user.email)
request.__user__ = user
# 对URL/manage/进行拦截,检查当前用户是否是管理员身份
# if request.path.startswith('/manage') and (request.__user__ is None or not request.__user__.admin):
# return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
request.__user__ = None
if not configs.auth:
return (yield from handler(request))
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
request.__user__ = user
if request.__user__ is None:
if not request.path.endswith("login"):
resp = json.dumps({"retcode": 100, "message": "Not login yet"})
return web.Response(body=resp.encode("utf-8"))
return (yield from handler(request))
def manage_blogs():
page = request.args.get('page', '1')
#str转int
page_index = get_page_index(page)
#获得blog的数量
with db_session:
num = len(select(b for b in Blog)[:])
p = Page(num, page_index)
#查询当前页面下的blog并按照创建时间排序
with db_session:
blogs = select(b for b in Blog).order_by(Blog.created_at)[p.offset: p.limit+p.offset]
#根据cookie获取当前登录用户
user = cookie2user()
return render_template('manage_blogs.html', page_index=page_index, user=user)
def auth(request):
request.__user__ = None
if not configs.auth:
return (yield from handler(request))
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
request.__user__ = user
if request.__user__ is None:
if not request.path.endswith('login'):
resp = json.dumps({"retcode": 100, "message": "Not login yet"})
return web.Response(body=resp.encode('utf-8'))
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
#若存在cookie,解析用户信息
if cookie_str:
user = yield from cookie2user(cookie_str)
#若有用户信息,将其息绑定到request中,没有则表明cookie是伪造的
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
#若请求路径是管理页面,但用户信息不存在或拥有管理员权限,则无法操作,跳转到登录页面
if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user:%s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
print(cookie_str)
if cookie_str:
user = yield from cookie2user(cookie_str)
print(user)
if user:
logging.info('set current user:%s' % user.username)
request.__user__ = user
if request.path.startswith('/homepage') and request.__user__ is None:
return web.HTTPFound('/')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
# 获取要判断的cookie
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
# 通过cookie获取user信息
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
# 路径重新定位
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
## 去掉了Not 不然访问http://localhost:9000/manage/blogs/create时候总要跳掉登录界面
## 因为这里设置了只有管理员才能写日志
#if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
if request.path.startswith('/manage/') and (request.__user__ is None
or request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
if request.path.startswith('/manage/user/'):
if request.__user__ is None or (not request.__user__.admin and request.path.split('/')[3] != request.__user__.id):
return web.HTTPFound('/signin')
elif request.path.startswith('/manage/'):
if request.__user__ is None or not request.__user__.admin:
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
#获取到cookie字符串
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
#通过反向解析字符串和与数据库对比获取出user
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
#user存在则绑定到request上,说明当前用户是合法的
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
#执行下一步
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
#获取到cookie字符串
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
#通过反向解析字符串和与数据库对比获取出user
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
#user存在则绑定到request上,说明当前用户是合法的
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
return web.HTTPFound('/signin')
#执行下一步
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(
COOKIE_NAME) #从请求中提取COOKIE_NAME字段-》包含用户名和密码
if cookie_str: #如果存在
user = yield from cookie2user(cookie_str) #在服务端创建用户的cookie
if user:
logging.info('set current user: %s' %
user.email) #打印user email
request.__user__ = user #想request中添加__user__
if request.path.startswith('/manage/') and (request.__user__ is None
or request.__user__.admin):
#mangage 开始的界面 或者__user__不存在 或者管理员都调到登录页
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info("check user: %s %s" % (request.method, request.path))
request.__user__ = None
logging.info(request.cookies)
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info("set current user: %s" % user.email)
request.__user__ = user
logging.info(request.__user__)
if request.__user__ is None:
# 需要登录/sign/in
# return return web.HTTPFound('/signin')
pass
return (yield from handler(request))
def api_create_comment(id):
##通过Cookie查询登录用户
user = cookie2user()
if user is None:
raise APIPermissionError('Please signin first.')
content = request.json['content']
if not content or not content.strip():
raise APIValueError('content')
blog = Blog.get(id=id)
if blog is None:
raise APIResourceNotFoundError('Blog')
comment = Comment(blog_id=blog.id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=content.strip())
return comment.to_dict()
def auth(request) :
logger.info('check user : %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str :
user = yield from cookie2user(cookie_str)
if user :
logger.info('set current user: %s' % user.email)
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin) :
return web.HTTPFound('/signin')
logger.info('authenticate finished!')
r = yield from handler(request)
print()
logger.info(r)
print()
return r
def auth(request):
'''
if not configs.useAuth:
logging.info('not use auth_factory')
return (yield from handler(request))
'''
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__=None
cookie_str=request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
request.__user__=user
#if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
if request.path.startswith('/manage/') and (request.__user__ is None):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logger.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
# 获取到cookie字符串, cookies是用分号分割的一组名值对,在python中被看成dict
if cookie_str:
user = yield from cookie2user(cookie_str)
# 通过反向解析字符串和与数据库对比获取出user
if user:
logger.info('set current user: %s' % user.email)
request.__user__ = user
# user存在则绑定到request上
# if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
# return web.HTTPFound('/signin')
# 继续执行下一步
return (yield from handler(request))
def auth(request):
logging.info("check user: %s %s" % (request.method, request.path))
request.__user__ = None
logging.info(request.cookies)
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info("set current user: %s" % user.email)
request.__user__ = user
logging.info(request.__user__)
# logging.info(request.__user__.admin)
# 请求的路径是管理页面,但用户非管理员,将会重定向到登录页
# if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
if request.path.startswith('/manage/') and (request.__user__ is None):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
# 获取到cookie字符串, cookie是用分号分割的一组名值对,在python中被看成dict
if cookie_str:
user = yield from cookie2user(cookie_str)
# 通过反向解析字符串和与数据库对比获取出user
if user:
logging.info('set current user: %s' % user.email)
request.__user__ = user
# user存在则绑定到request上
# if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
# return web.HTTPFound('/signin')
# 继续执行下一步
return (yield from handler(request))
def auth(request):
logging.info("check user: %s %s" % (request.method, request.path))
request.__user__ = None
logging.info(request.cookies)
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
user = yield from cookie2user(cookie_str)
if user:
logging.info("set current user: %s" % user.email)
request.__user__ = user
logging.info(request.__user__)
# logging.info(request.__user__.admin)
# 请求的路径是管理页面,但用户非管理员,将会重定向到登录页
# if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
if request.path.startswith('/manage/') and (request.__user__ is None):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
# 服务器拿到客户端的cookie后进行验证
user = yield from cookie2user(cookie_str)
if user:
logging.info('set current user: %s' % user.email)
# 将登陆用户绑定到request上,后续的url处理函数能够直接拿到登陆用户
request.__user__ = user
if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin):
'''
检查当前用户是否为管理员
'''
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
#不需要手动创建 Request实例 - aiohttp.web 会自动创建。
#打印(请求方法,请求路径)日志:
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
#根据COOKIE名解析对应cookie;
user = yield from cookie2user(cookie_str)
#解析cookie信息不为空则赋值到request.__user__:
if user:
#打印(设置当前用户信息)日志:
logging.info('set current user: %s' % user.email)
request.__user__ = user
#请求路径以‘/manage/’开头,且cookie用户信息不为空或cookie用户权限是否为管理员权限:
if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def auth(request):
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(
COOKIE_NAME) # 从request的cookie中获取名称是COOKIE_NAME的cookie
if cookie_str:
user = yield from cookie2user(cookie_str) # 从cookie中解析user出来
if user:
logging.info(
'set current user: %s' % user.email
) # cookie中保存的当前user,将其放在request的__user__属性中,位之后使用
request.__user__ = user # 将当前user绑定到request上
if request.path.startswith('/manage/') and (
request.__user__ is None or not request.__user__.admin):
return web.HTTPFound(
'/signin'
) # 若是访问的路径是/manage/,且__user__是空(空的cookie),或者__user__不是admin,则跳转到登录页/signin
return (yield from handler(request)
) # handler 验证cookie之后的request,会去自动调用相应path的handler函数
def auth(request):
#不需要手动创建 Request实例 - aiohttp.web 会自动创建。
#打印(请求方法,请求路径)日志:
logging.info('check user: %s %s' % (request.method, request.path))
request.__user__ = None
cookie_str = request.cookies.get(COOKIE_NAME)
if cookie_str:
#根据COOKIE名解析对应cookie;
user = yield from cookie2user(cookie_str)
#解析cookie信息不为空则赋值到request.__user__:
if user:
#打印(设置当前用户信息)日志:
logging.info('set current user: %s' % user.email)
request.__user__ = user
#请求路径以‘/manage/’开头,且cookie用户信息不为空或cookie用户权限是否为管理员权限:
if request.path.startswith('/manage/') and (request.__user__ is None
or request.__user__.admin):
return web.HTTPFound('/signin')
return (yield from handler(request))
def api_update_blog():
#获取?后的属性
id = request.args.get('id')
user = cookie2user()
blog = Blog.get(id=id)
if request.method == 'POST':
blog_info = request.json
name = blog_info['name']
summary = blog_info['summary']
content = blog_info['content']
if not name or not name.strip():
raise APIValueError('name', 'name cannot be empty.')
if not summary or not summary.strip():
raise APIValueError('summary', 'summary cannot be empty.')
if not content or not content.strip():
raise APIValueError('content', 'content cannot be empty.')
blog.name = name.strip()
blog.summary = summary.strip()
blog.content = content.strip()
commit()
return blog.to_dict()
else:
return render_template('manage_blog_edit.html', user=user, id = blog.id)
