def call_verification(code_url_obj, code):
"""
记录调用次数,并查看是否有调用权限
:return:
"""
# 记录调用
if current_user.is_authenticated:
user_id = current_user.str_id
else:
user_id = None
mdbs["sys"].db.sys_call_record.insert_one({
"type": "api",
"req_path": request.path,
"ip": request.remote_addr,
"user_id": user_id,
"time": time.time()
})
# 查找1分钟内本IP的调用次数
freq = mdbs["sys"].db.sys_call_record.find({
"type": "api",
"req_path": request.path,
"ip": request.remote_addr,
"user_id": user_id,
"time": {
"$gte": time.time() - 60
}
}).count(True)
if freq:
if freq > get_config("verify_code", "MAX_NUM_SEND_SAMEIP_PERMIN"):
# 大于单位时间最大调用次数访问验证
data = {
'msg':
gettext(
"The system detects that your network is sending verification codes frequently."
" Please try again later!"),
'msg_type':
"w",
"custom_status":
401
}
return False, data
elif freq > get_config("verify_code",
"MAX_NUM_SEND_SAMEIP_PERMIN_NO_IMGCODE") + 1:
# 已超过单位时间无图片验证码情况下的最大调用次数, 验证图片验证码
# 检验图片验证码
r = verify_image_code(code_url_obj, code)
if not r:
data = {
'msg':
gettext("Image verification code error, email not sent"),
'msg_type': "e",
"custom_status": 401
}
# 验证错误,开启验证码验证
data["open_img_verif_code"] = True
data["code"] = create_img_code()
return False, data
elif freq > get_config("verify_code",
"MAX_NUM_SEND_SAMEIP_PERMIN_NO_IMGCODE"):
# 如果刚大于单位时间内,无图片验证码情况下的最大调用次数, 返回图片验证码验证码
data = {
'msg':
gettext(
"The system detected that your operation is too frequent and"
" you need to verify the picture verification code"),
'msg_type':
"w",
"custom_status":
401
}
data["open_img_verif_code"] = True
data["code"] = create_img_code()
return False, data
return True, ""
def p_sign_in(username, password, code_url_obj, code, remember_me, use_jwt_auth=0):
'''
用户登录函数
:param adm:
:return:
'''
data = {}
if current_user.is_authenticated and username in [current_user.username,
current_user.email,
current_user.mphone_num]:
data['msg'] = gettext("Is logged in")
data["msg_type"] = "s"
data["http_status"] = 201
data['to_url'] = request.argget.all('next') or get_config("login_manager", "LOGIN_IN_TO")
return data
# name & pass
s, r = email_format_ver(username)
s2, r2 = mobile_phone_format_ver(username)
if s:
user = mdb_user.db.user.find_one({"email":username})
elif s2:
user = mdb_user.db.user.find_one({"mphone_num": username})
else:
user = mdb_user.db.user.find_one({"username":username})
if not user:
data = {"msg":gettext("Account or password error"), "msg_type":"e", "http_status":401}
return data
user = User(user["_id"])
# 判断是否多次密码错误,是就要验证图片验证码
user_p = mdb_user.db.user_login_log.find_one({'user_id':user.str_id})
PW_WRONG_NUM_IMG_CODE = get_config("login_manager", "PW_WRONG_NUM_IMG_CODE")
if user_p and 'pass_error' in user_p and user_p['pass_error'] >= PW_WRONG_NUM_IMG_CODE:
# 图片验证码验证
r = verify_image_code(code_url_obj, code)
if not r:
data["open_img_verif_code"] = True
data['msg'] = gettext("Verification code error")
data["msg_type"] = "e"
data["http_status"] = 401
return data
# 密码验证
if user and user.verify_password(password) and not user.is_delete:
if user.is_active:
if use_jwt_auth:
# 使用的时jwt验证
# 获取token
jwt_auth = JwtAuth()
data["auth_token"] = jwt_auth.get_login_token(user)
client = "app"
else:
login_user(user, remember_me)
client = "browser"
# 记录登录日志
login_log(user, client)
data['msg'] = gettext("Sign in success")
data["msg_type"] = "s"
data["http_status"] = 201
data["to_url"] = request.argget.all('next') or get_config("login_manager", "LOGIN_IN_TO")
return data
# 未激活
data['msg'] = gettext("Account is inactive or frozen")
data["msg_type"] = "w"
data["http_status"] = 401
else:
# 密码错误
mdb_user.db.user_login_log.update_one({'user_id':user.str_id},
{"$inc":{"pass_error":1}},
upsert=True)
# 判断是否多次密码错误
if user_p and 'pass_error' in user_p and user_p['pass_error'] >= PW_WRONG_NUM_IMG_CODE:
# 图片验证码验证码
data["open_img_verif_code"] = True
data['msg'] = gettext("Account or password error")
data["msg_type"] = "e"
data["http_status"] = 401
return data
