def post(self): """ 用户注册 :return: """ # 1.0 获取注册参数 user_type = _USER_TYPE_BORROW argument_dict, aes_share_key, aes_nonce = self.get_argument_dict( must_keys=[ 'user_mobile', 'vcode', 'password', 'register_signature' ], check_token=False, invariable_key=True, api_type=user_type, request_type=_REQUEST_TYPE_REGISTER) user_mobile = argument_dict['user_mobile'] vcode = argument_dict['vcode'] password = argument_dict['password'] register_signature = argument_dict['register_signature'] vcode_service = VcodeService(aes_share_key=aes_share_key, aes_nonce=aes_nonce) # 2.0 校验touken vcode_service.check_register_signature(register_signature) # 3.0 检查验证码有效性 vcode_service.check_vcode(vcode, _VCODE_REGISTER, user_mobile, user_type=user_type) user_service = UserBaseService(aes_share_key=aes_share_key, aes_nonce=aes_nonce) # 4.0 处理用户注册逻辑 result = user_service.register(user_mobile, password, 0, user_type=user_type) if ('status' not in result) or result['status'] != "true": return result, aes_share_key, aes_nonce # 5.0 注册后直接登录 login_result = user_service.login(user_mobile, password, user_type) result = dict(result, **login_result) return result, aes_share_key, aes_nonce
def check_form_token(self, token): vcode_service = VcodeService() # 2.0 校验token return vcode_service.check_register_signature(token, direct_error=False)
def get_argument_dict(self, must_keys=None, format_str=False, format_keys=True, format_eval=True, verify_timeliness=True, encrypt=True, check_token=True, invariable_key=True, check_form_token=False, is_transfer=False, api_type=_USER_TYPE_INVEST, request_type=_REQUEST_TYPE_LOGIN, decode_by_inner=_DECODE_TYPE_DEFAULT, check_user_id=False): """ :param must_keys: 必须含有的key :param format_str: str格式化 :param format_keys: keys格式化 :param format_eval: :param verify_timeliness: 校验时效性 :param encrypt: 是否加密 :param check_token: 是否校验token :param invariable_key: 是否采用默认的sharekey解密 :param check_form_token: 是否校验表单的随机字符串 :param is_transfer: 是否是通过usercenter传递数据到其他平台 :param api_type: 访问接口的用户类型 :param request_type: 请求的类型:注册、登陆前、登陆后 :param decode_by_inner: 是否采用内网的sharekey解析 :param check_user_id: 是否校验userid的正确性 :return: """ env = get_conf('env') if env == 'dev' and get_conf('close_all_aes'): # 测试环境,关所有校验的函数头 verify_timeliness = False encrypt = False check_token = False invariable_key = False check_form_token = False try: # 1. 校验时效性 if not verify_timeliness: request_header = request.headers source = request_header.get("Source", _SOURCE_TYPE_1) else: ''' # 校验实效性,需要header中存在如下参数 Timestamp, Signature, Nonce, Source ''' redis_tools = RedisTools() request_header = request.headers # 1.0 判断时间是否在请求限制时间内 timestamp = request_header.get("Timestamp", '0') df_timestamp = abs(int(time.time()) - int(timestamp)) if df_timestamp > 6000 or df_timestamp < 0: self.return_error(10005) # 2.0 检查signature是否在redis中,防止重复请求 c_signature = request_header.get("Signature") if redis_tools.exists(c_signature): self.return_error(10003) # 3.0 验证c_signature合理性 nonce = request_header.get("Nonce", '') source = request_header.get("Source", _SOURCE_TYPE_1) if nonce == '' or source == '': self.return_error(10006) s_signature = sha256_hex( str(timestamp) + str(nonce) + str(source)) self.logger.info('check signature ' + str(timestamp) + ' ' + str(nonce) + ' ' + str(source) + ' ' + str(s_signature) + ' ' + str(c_signature)) if s_signature != c_signature: self.return_error(10004) # 4.0 将c_signature存到redis中 redis_tools.set(name=c_signature, value="c_signature", ex=60) content = self.get_request_content() share_key, nonce = None, None # 2.1 不解密解析,仅开发环境生效 if not encrypt: decrypt_content = content if 'data' in content and isinstance(content['data'], dict): for k, v in content['data'].items(): content[k] = v del content['data'] if check_token: # 2.0 获取用户信息 ts = ApiTokenService( aes_share_key=share_key, aes_nonce=nonce).check_access_token_by_user_id( decrypt_content, api_type) if not ts: self.return_error(10035) else: if 'data' not in content.keys(): self.return_error(10008) delete_user_id = False if is_transfer and content['user_mobile'] == '': invariable_key = False check_token = False decode_by_inner = _DECODE_TYPE_DEFAULT delete_user_id = True # 2.2 使用指定秘钥解密 if invariable_key: decrypt_content, share_key, nonce = self.decrypt_request_content( content, check_token=check_token, api_type=api_type, request_type=request_type, check_user_id=check_user_id, source=source) else: decrypt_content, share_key, nonce = self.decrypt_request_content_with_invariable_key( content, check_token=check_token, api_type=api_type, decode_by_inner=decode_by_inner, source=source) if delete_user_id: decrypt_content['user_id'] = '' # 3 规范入参 request_args = formate_args(decrypt_content, format_str, format_keys, format_eval) self.logger.info("request_args解析后:" + str(request_args)) # 4 确保表单有效性 if check_form_token: if 'form_token' not in request_args: self.return_error(10046) vcode_service = VcodeService(aes_share_key=share_key, aes_nonce=nonce) # 2.0 校验token vcode_service.check_register_signature( request_args['form_token']) request_args.pop('form_token') # 5 校验是否包含规定的参数 if must_keys: for key in must_keys: if key not in request_args: error_msg = "请求缺少 [%s] 参数" % key self.return_error(10048, error_msg=error_msg) return request_args, share_key, nonce except InvalidUsageException as error: raise_logger(error.error_msg, error_code=error.error_code) raise error except OperateUsageException as error: raise error except Exception as error: raise_logger(str(error), error_code=10022) self.return_error(10022)