def registerAjax():
users = readUsers()
user = request.forms.get("user")
password = request.forms.get("password")
challenge = request.forms.get("validate[geetest_challenge]")
validate = request.forms.get("validate[geetest_validate]")
seccode = request.forms.get("validate[geetest_seccode]")
result = gt.geetest_validate(challenge, validate, seccode)
if not result:
return resJSON(0, "Validate Fail ")
guest_session_id = request.get_cookie("guest")
private = Session.getGuest_key(guest_session_id, "privateKey")
try:
de_user = deRSA(user, private)
de_password = deRSA(password, private)
flag, msg = addUser(de_user, de_password, False)
if flag:
return resJSON(1, msg)
else:
return resJSON(0, msg)
except Exception, e:
print e
def wrapper(*args, **kw):
users = readUsers()
cookie_session = request.get_cookie('session')
guest_session_id = request.get_cookie("guest")
guest_session = Session.getGuest(guest_session_id)
private = Session.getGuest_key(guest_session_id, 'privateKey')
user = None if guest_session is None or 'user' not in guest_session else guest_session['user']
user_ans = session_ans = de_session = session_id = None
try:
if user and cookie_session and private:
de_session = json.loads(deAES(users[user], cookie_session))
# 第一层验证 cookie解密
if user in users and de_session['user'] == user:
# 第二层验证 session
session_id = de_session['session_id']
session = Session.get(user, session_id)
# session 时间戳不活跃过期机制
if float(de_session['time']) + session_timeout > time.time() and \
session and session['user'] == user:
user_ans = user
session_ans = session
except Exception:
response.delete_cookie('guest')
response.delete_cookie('session')
temp = func(user=user_ans, session=session_ans, *args, **kw)
if user_ans:
de_session['time'] = time.time()
de_session['session_id'] = Session.update(user, session_id, session_ans)
encrypted = enAES(users[user], json.dumps(de_session))
response.set_cookie("session", encrypted, path='/')
return temp
def getPass(user, session):
users = readUsers()
if user and user in users:
n = request.forms.n
e = request.forms.e
publicKey = rsa.PublicKey(int(n), int(e))
allPass = loadPassword(user)
message = json.dumps(allPass)
after = enRSA(message, publicKey)
return resJSON(1, "ok", after)
return resJSON(0, "no")
def deletePass(user, session):
users = readUsers()
try:
if user and user in users:
id = request.forms.id
allPass = loadPassword(user)
if id in allPass:
del allPass[id]
savePassword(user, allPass)
return resJSON(1, "delete ok")
else:
return resJSON(1, "delete already")
except Exception:
print Exception
return resJSON(0, "Error. try refresh the page")
def login():
users = readUsers()
user = request.forms.get("user")
password = request.forms.get("password")
guest_session_id = request.get_cookie("guest")
private = Session.getGuest_key(guest_session_id, "privateKey")
try:
de_user = deRSA(user, private)
de_password = deRSA(password, private)
print de_user, de_password
print users[de_user]
if de_user in users and users[de_user] == de_password:
session_id = Session.set(de_user, None, {"user": de_user})
encrypted = enAES(de_password, json.dumps({"user": de_user, "time": time.time(), "session_id": session_id}))
new_guest = Session.updateGuest(guest_session_id, {"user": de_user})
response.set_cookie("guest", new_guest, path="/")
response.set_cookie("session", encrypted, path="/")
return resJSON(1, "ok")
except Exception, e:
print e
def editPass(user, session):
users = readUsers()
guest_key = request.get_cookie("guest")
private = Session.getGuest_key(guest_key, "privateKey")
try:
if user and user in users and private:
item = request.forms.item
item = deRSA(item, private)
item = item.split("|")
id = item[1]
value = item[0]
allPass = loadPassword(user)
allPass[id] = value
savePassword(user, allPass)
return resJSON(1, "save ok")
except Exception:
print Exception
return resJSON(0, "Error. try refresh the page")
allPass = loadPassword(user)
if id in allPass:
del allPass[id]
savePassword(user, allPass)
return resJSON(1, "delete ok")
else:
return resJSON(1, "delete already")
except Exception:
print Exception
return resJSON(0, "Error. try refresh the page")
@post("/logout")
@Auth
@Xsrf
def deletePass(user, session):
guest_session_id = request.get_cookie("guest")
Session.deleteGuest(guest_session_id)
response.delete_cookie("guest")
response.delete_cookie("token")
response.delete_cookie("session")
return resJSON(1, "bye")
if __name__ == "__main__":
makeDir()
readUsers()
gt = geetest(captcha_id, private_key)
run(host="127.0.0.1", port=port)
def listUsers():
users = readUsers()
for i, user in enumerate(users.keys()):
print i + 1, ":", user