Beispiel #1
0
    def wrapper(*args, **kw):
        users = readUsers()
        cookie_session = request.get_cookie('session')
        guest_session_id = request.get_cookie("guest")
        guest_session = Session.getGuest(guest_session_id)
        private = Session.getGuest_key(guest_session_id, 'privateKey')
        user = None if guest_session is None or 'user' not in guest_session else guest_session['user']

        user_ans = session_ans = de_session = session_id = None
        try:
            if user and cookie_session and private:
                de_session = json.loads(deAES(users[user], cookie_session))
                # 第一层验证 cookie解密
                if user in users and de_session['user'] == user:
                    # 第二层验证 session
                    session_id = de_session['session_id']
                    session = Session.get(user, session_id)
                    # session 时间戳不活跃过期机制
                    if float(de_session['time']) + session_timeout > time.time() and \
                            session and session['user'] == user:
                        user_ans = user
                        session_ans = session

        except Exception:
            response.delete_cookie('guest')
            response.delete_cookie('session')
        temp = func(user=user_ans, session=session_ans, *args, **kw)
        if user_ans:
            de_session['time'] = time.time()
            de_session['session_id'] = Session.update(user, session_id, session_ans)
            encrypted = enAES(users[user], json.dumps(de_session))
            response.set_cookie("session", encrypted, path='/')
        return temp
Beispiel #2
0
def login():
    users = readUsers()
    user = request.forms.get("user")
    password = request.forms.get("password")
    guest_session_id = request.get_cookie("guest")
    private = Session.getGuest_key(guest_session_id, "privateKey")
    try:
        de_user = deRSA(user, private)
        de_password = deRSA(password, private)
        print de_user, de_password
        print users[de_user]

        if de_user in users and users[de_user] == de_password:
            session_id = Session.set(de_user, None, {"user": de_user})
            encrypted = enAES(de_password, json.dumps({"user": de_user, "time": time.time(), "session_id": session_id}))
            new_guest = Session.updateGuest(guest_session_id, {"user": de_user})
            response.set_cookie("guest", new_guest, path="/")
            response.set_cookie("session", encrypted, path="/")
            return resJSON(1, "ok")
    except Exception, e:
        print e