def wrapper(*args, **kwargs):
# logger.warning(f" auth now: {fn}, {dir(fn)}")
if 'Resource.dispatch_request' in str(fn) or (
'__auth_not_required__' in dir(fn) and fn.__auth_not_required__ is True) or \
('__inner__' in dir(fn) and (
"Resource.dispatch_request" in str(fn.__inner__) or
"__auth_not_required__" in str(fn.__inner__))):
return fn(*args, **kwargs)
args_ = auth_reqparse.parse_args(http_error_code=401)
# logger.info(f" auth args: {args_}, {fn.__inner__ if '__inner__' in dir(fn) else '(no inner)'}")
auth = args_.get(Constants.JWT_HEADER_NAME, None)
if auth is None:
return make_result(401)
try:
if not db.session.token_available(auth):
raise BadSignature("Token disabled.")
data = Statics.tjw_access_token.loads(auth)
if data.get('type', None) != 'access_token':
raise BadSignature("Token type error.")
except (BadSignature, BadData, BadHeader, BadPayload) as e:
return make_result(422, message=f"Bad token: {e}")
except BadTimeSignature:
return make_result(423)
# logger.info(f"data: {data}")
fn_data = inspect.getfullargspec(fn)
if 'uid' in fn_data.args:
kwargs['uid'] = data.get('uid')
if 'access_token' in fn_data.args:
kwargs['access_token'] = auth
return fn(*args, **kwargs)
def post(self):
"""
注册
:json username: 用户名
:json password: 密码
:return:
"""
args = self.args_signin.parse_args()
username, password = args.get('username'), args.get('password')
result, text = password_check(password)
if not result:
return make_result(400, message=text)
# check_result = db.session.check_password(username=username, password=password)
# if not check_result:
# return make_result(403)
try:
uid = db.user.insert({
'username': username,
'nick': username,
'level': 1,
'state': 'normal',
'profile': {}
})
except exceptions.BlogUserExist:
return make_result(400, message='用户已存在')
db.session.insert(uid, password)
return make_result(data={'uid': uid})
def put(self, uid: int):
"""
更新用户信息
:param uid: uid
:return:
"""
user = reqparse.RequestParser().parse_args()
user['uid'] = uid
result = db.user.update_one(user)
if not result:
return make_result(400)
return make_result()
def get(self, cid: int):
"""
获取发布的内容
:param cid:
:return:
"""
content = db.content.get_by_cid(cid)
if content is None:
return make_result(404)
if 'password' not in content:
return make_result(data={'content': content})
password = self.args_visit_content.parse_args().get("password")
if password != content['password']:
return make_result(403)
return make_result(data={'content': content})
def get(self):
"""
获取内容的树状path
:return:
"""
root = db.content.get_tree_root()
return make_result(data={'tree': root})
def delete(self, uid: int):
"""
删除自己用户
:param uid: uid
:return:
"""
db.user.delete_user(uid)
return make_result()
def get(self, uid: int):
"""
获取 uid 对应用户信息
:param uid: uid
:return:
"""
user = db.user.get_by_uid(uid)
return make_result(data={'user': user})
def post(self):
args = self.args_login.parse_args()
username, password = args.get('username'), args.get('password')
user = db.user.find_by_username(username=username)
if user is None:
return make_result(403)
uid = user.get('uid')
result = db.session.check_password(uid=uid, password=password)
if not result:
return make_result(403)
db.session.update_login(uid)
token_payload = {'uid': uid}
access_token = create_access_token(token_payload)
refresh_token = create_refresh_token(token_payload)
return make_result(data={
'access_token': access_token,
'refresh_token': refresh_token
})
def post(self, uid: int):
"""
发布新内容
:return:
"""
content = self.args_post_content.parse_args()
content = {k: content[k] for k in content if content[k] is not None}
content['author'] = uid
cid = db.content.insert(content)
return make_result(data={'cid': cid})
def get(self):
"""
更新 access_token
:return:
"""
refresh_token = self.args_update.parse_args().get('refresh_token')
try:
data = Statics.tjw_refresh_token.loads(refresh_token)
except (BadSignature, BadData, BadHeader, BadPayload) as e:
return make_result(422, message=f"Bad token: {e}")
except BadTimeSignature:
return make_result(424)
uid = data.get('uid')
payload = {'uid': uid}
access_token = create_access_token(payload)
refresh_token_new = create_refresh_token(payload)
return make_result(data={
'access_token': access_token,
'refresh_token': refresh_token_new
})
def wrapper(*args, **kwargs):
# logger.warning(f" auth now: {fn}, {dir(fn)}")
if 'Resource.dispatch_request' in str(fn) or (
'__auth_not_required__' in dir(fn) and fn.__auth_not_required__ is True) or \
('__inner__' in dir(fn) and (
"Resource.dispatch_request" in str(fn.__inner__) or "__auth_not_required__" in str(
fn.__inner__))):
return fn(*args, **kwargs)
args_ = auth_reqparse.parse_args()
logger.info(f" auth args: {args_}, {fn.__inner__}")
auth = args_.get(Constants.JWT_HEADER_NAME, None)
if auth is None:
return make_result(401)
try:
data = Statics.tjw_access_token.loads(auth)
if data.get('type', None) != 'access_token':
raise BadSignature("Token type error.")
except (BadSignature, BadData, BadHeader, BadPayload) as e:
return make_result(422, message=f"Bad token: {e}")
except BadTimeSignature:
return make_result(423)
logger.info(f"data: {data}")
kwargs['uid'] = data.get('uid')
return fn(*args, **kwargs)
def get(self):
"""
获取发布的内容列表
:return:
"""
args = self.args_list_content.parse_args()
filters = args.get('filters')
filters = {} if filters is None else filters
args = {k: args[k] for k in args if args[k] is not None}
kwargs = {}
kws = ['sort_by', 'limit', 'offset', 'reverse']
for k in kws:
if k in args:
kwargs[k] = args[k]
# TODO: 检查 filter 是否合法
result = db.content.find(filters, **kwargs)
return make_result(data={'content_list': result})
def delete(self, uid: int):
"""
注销
:return:
"""
return make_result()
def put(self, uid: int):
password = self.args_update_password.parse_args().get('password')
if not db.session.update_one(uid, password):
return make_result(400)
return make_result()