def process_request(self, request):
fullPath = request.get_full_path()
print("fullPath===============>", fullPath)
# token=request.META.get("HTTP_TOKEN")
# print("token=============>",token)
# request.session['token']=token
if request.method == 'GET':
filterList = [
"/index", "/favicon.ico", "/login", "/register", '.js', ".css",
".jpg", ".jpeg", ".png", ".gif", ".mp4", 'mp3', ".ttf",
".wotf", ".woff", ".woff2", ".otf", ".eot", ".svg", ".csv",
".xls", ".xlsx", ".doc", ".docx", ".ppt", ".pptx", ".html",
".htm", "detail", "/forum/flist", "/forum/list", "/admin",
"/xadmin", "/file/download", "/{}/remind/".format(schemaName),
"/{}/option/".format(schemaName), "/autoSort"
]
allModels = apps.get_app_config('main').get_models()
for m in allModels:
try:
foreEndList = m.__foreEndList__
except:
foreEndList = None
if foreEndList != "前要登":
filterList.append("/{}/list".format(m.__tablename__))
auth = True
if fullPath == '/':
pass
else:
for i in filterList:
if i in fullPath:
auth = False
if auth == True:
result = Auth.identify(Auth, request)
if result.get('code') != normal_code:
print('jwt auth success')
return JsonResponse(result)
elif request.method == 'POST':
post_list = [
'/{}/defaultuser/register'.format(schemaName),
'/{}/defaultuser/login'.format(schemaName),
'/{}/users/register'.format(schemaName),
'/{}/users/login'.format(schemaName),
"/{}/examusers/login".format(schemaName),
"/{}/examusers/register".format(schemaName),
] # 免认证list
if fullPath not in post_list and "register" not in fullPath and "login" not in fullPath: # 注册时不检测token。
result = Auth.identify(Auth, request)
if result.get('code') != normal_code:
print('jwt auth fail')
return JsonResponse(result)
def run(self):
print('Adding sample data to: Club')
self.additem(Club,Club(id = 8001, name_short = "InfoSec", name_long = "Information Security Club"))
self.additem(Club,Club(id = 8002, name_short = "ACM", name_long = "Association For Computing Machinery"))
self.additem(Club,Club(id = 8003, name_short = "IEEE", name_long = "Institute of Electrical and Electronics Engineers"))
print('Adding sample data to: Member (all with a password of \'password\')')
self.additem(Member,Member(id = 4457101, pw_hash = Auth.hash_password('password'), name_first = "Officer", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=101, member=4457101, club=8001, priv_level = Auth.officer, signup_date=datetime.date.today(), paid_date=datetime.date.today(), paid_amount=15, paid_until_date=datetime.date(2015,9,10)))
self.additem(Membership,Membership(id=1029, member=4457101, club=8002, priv_level = Auth.member, signup_date=datetime.date.today(), paid_date=datetime.date.today(), paid_amount=15, paid_until_date=datetime.date(2015,9,30)))
self.additem(Member,Member(id = 4457102, pw_hash = Auth.hash_password('password'), name_first = "Admin", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=102, member=4457102, club=8001, priv_level = Auth.admin, signup_date=datetime.date.today(), paid_date=datetime.date.today(), paid_amount=30))
self.additem(Member,Member(id = 4457103, pw_hash = Auth.hash_password('password'), name_first = "Member", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=103, member=4457103, club=8001, priv_level = Auth.member, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457104, pw_hash = Auth.hash_password('password'), name_first = "Alumni", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=104, member=4457104, club=8001, priv_level = Auth.alumni, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457105, pw_hash = Auth.hash_password('password'), name_first = "Associate", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=105, member=4457105, club=8001, priv_level = Auth.associate, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457201, pw_hash = Auth.hash_password('password'), name_first = "Officer", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=201, member=4457201, club=8002, priv_level = Auth.officer, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457202, pw_hash = Auth.hash_password('password'), name_first = "Admin", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=202, member=4457202, club=8002, priv_level = Auth.admin, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457203, pw_hash = Auth.hash_password('password'), name_first = "Member", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=203, member=4457203, club=8002, priv_level = Auth.member, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457204, pw_hash = Auth.hash_password('password'), name_first = "Alumni", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=204, member=4457204, club=8002, priv_level = Auth.alumni, signup_date=datetime.date.today()))
self.additem(Member,Member(id = 4457205, pw_hash = Auth.hash_password('password'), name_first = "Associate", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
self.additem(Membership,Membership(id=205, member=4457205, club=8002, priv_level = Auth.associate, signup_date=datetime.date.today()))
'''print('Adding sample data to: Event, RSVP')
self.additem(Event,Event(id=201, timestamp_start=datetime.datetime(2015,5,16,9,0), timestamp_end=datetime.datetime(2015,5,16,17,0), location='CO-125', title='ICCS Conference', description_short='International Conference on Cyber Security (ICCS) - $50 for students (includes food). This student offer is not valid for Day #2 of the event (May 17th).'))
self.additem(RSVP,RSVP(id=301, member=101, event=201, reply=1, comment='See ya there!'))
self.additem(RSVP,RSVP(id=302, member=102, event=201, reply=1))
self.additem(Event,Event(id=202, timestamp_start=datetime.datetime(2015,5,16,9,30), timestamp_end=datetime.datetime(2015,5,16,16,30), location='Cal Poly Pomona', title='SWIFT TechSymposium', description_short='SWIFT TechSymposium - A System- Administration Conference for Students and inquisitive minds. Free for students. Includes Python, security, and networking workshops.'))
self.additem(Event,Event(id=203, hosting_club=8001, timestamp_start=datetime.datetime(2015,5,27,11,0), timestamp_end=datetime.datetime(2015,5,27,12,30), location='JB-122', title='Guest Speakers: YP.com security folk', description_short='Security folk from YP.com - looking to hire Security/IT students'))
self.additem(RSVP,RSVP(id=303, member=103, event=203, reply=1))
self.additem(RSVP,RSVP(id=304, member=104, event=203, reply=0))
self.additem(RSVP,RSVP(id=305, member=105, event=203, reply=0))
self.additem(RSVP,RSVP(id=306, member=202, event=203, reply=1))
self.additem(RSVP,RSVP(id=307, member=203, event=203, reply=2, comment='Depends on my school schedule.'))
self.additem(Event,Event(id=204, hosting_club=8002, timestamp_start=datetime.datetime(2015,5,29,11,0), timestamp_end=datetime.datetime(2015,5,29,13,0), location='JB-358/359', title='Workshop: Test-driven Development', description_short='Workshop: Test-driven Development'))
self.additem(Event,Event(id=205, hosting_club=8002, timestamp_start=datetime.datetime(2015,5,29,13,0), timestamp_end=datetime.datetime(2015,5,29,15,0), location='JB-358/359', title='Workshop: Debugging', description_short='Workshop: Debugging'))
self.additem(Event,Event(id=206, hosting_club=8001, timestamp_start=datetime.datetime(2015,6,10,11,0), timestamp_end=datetime.datetime(2015,6,10,12,30), location='JB-122', title='Regular InfoSec Meeting', description_short='Security folk from ESRI'))
'''
'''print('Adding sample data to: Content')
self.additem(Content,Content(id=901, required_priv_level=Auth.permission_general, content_type='page', navpath='', title='Home page', data_blob='Home page content here'))
self.additem(Content,Content(id=902, required_priv_level=Auth.permission_general, content_type='page', navpath='', title='Events page', data_blob='Event calendar here'))
self.additem(Content,Content(id=903, required_priv_level=Auth.permission_general, content_type='page', navpath='Projects', title='WRCCDC', data_blob='# Western Regional Collegiate Cyber Defense Competition\n\n## About\n\nHosted by CalPoly Pomona.\n\n## How we practice for it\n\nIn a super cool lab.'))
self.additem(Content,Content(id=904, required_priv_level=Auth.permission_general, content_type='page', navpath='Projects', title='WRCCDC', data_blob='# Western Regional Collegiate Cyber Defense Competition\n\n## About\n\nHosted by CalPoly Pomona.\n\n## How we practice for it\n\nIn a super cool lab.'))
'''
db.session.commit()
def login():
form = LoginForm()
if form.validate_on_submit():
if Auth.check(form.username.data, form.password.data):
Auth.login(form.username.data, form.password.data)
else:
flash('Invalid credentials.')
if 'user' in session and session['user'].priv_level >= Auth.member:
return redirect('/members')
if 'user' in session and session['user'].priv_level <= Auth.admin:
return redirect('/admin')
return render_template('login.tmpl', form=form, hideback=True)
def login():
form = LoginForm()
if form.validate_on_submit():
if Auth.check(form.username.data, form.password.data):
Auth.login(form.username.data, form.password.data)
else:
flash('Invalid credentials.')
if 'user' in session and session['user'].priv_level >= Auth.member:
return redirect('/members')
if 'user' in session and session['user'].priv_level <= Auth.admin:
return redirect('/admin')
return render_template('login.html', form=form, hideback=True)
def discussshangpinxinxi_login(request):
if request.method in ["POST", "GET"]:
msg = {'code': normal_code, "msg": mes.normal_code}
req_dict = request.session.get("req_dict")
datas = discussshangpinxinxi.getbyparams(discussshangpinxinxi,
discussshangpinxinxi,
req_dict)
if not datas:
msg['code'] = password_error_code
msg['msg'] = mes.password_error_code
return JsonResponse(msg)
try:
__sfsh__ = discussshangpinxinxi.__sfsh__
except:
__sfsh__ = None
if __sfsh__ == '是':
if datas[0].get('sfsh') == '否':
msg['code'] = other_code
msg['msg'] = "账号已锁定,请联系管理员审核!"
return JsonResponse(msg)
req_dict['id'] = datas[0].get('id')
return Auth.authenticate(Auth, discussshangpinxinxi, req_dict)
def wrapper(self, *args, **kwargs):
from flask import request
from util.auth import Auth
# 请求头是否包含"jwt"
if "jwt" in request.headers:
is_vaild, info = Auth.decode_auth_token(request.headers['jwt'])
if is_vaild:
fn = origin_func(self, *args, **kwargs)
return fn
else:
return falseReturn(info)
else:
return VaildReturn("")
def users_login(request):
if request.method in ["POST", "GET"]:
msg = {'code': normal_code, "msg": mes.normal_code}
req_dict = request.session.get("req_dict")
if req_dict.get('role') != None:
del req_dict['role']
datas = users.getbyparams(users, users, req_dict)
if not datas:
msg['code'] = password_error_code
msg['msg'] = mes.password_error_code
return JsonResponse(msg)
req_dict['id'] = datas[0].get('id')
return Auth.authenticate(Auth, users, req_dict)
db.session.add(item)
print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' added')
else:
print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' already exists')
if __name__ == '__main__':
print('Adding sample clubs...')
additem(Club,Club(id = 8001, shortname = "InfoSec",
longname = "Information Security Club"))
additem(Club,Club(id = 8002, shortname = "ACM",
longname = "Association For Computing Machinery"))
additem(Club,Club(id = 8003, shortname = "IEEE",
longname = "Institute of Electrical and Electronics Engineers"))
print('Adding sample members, all with a password of \'password\'...')
additem(Member,Member(id=5001, student_id = "000000001", pw_hash = Auth.hash_password('password'),
primary_club = 8002,
priv_level = Auth.admin,
name_first = "Mike", name_middle = "", name_last = "Korcha",
email1 = "*****@*****.**", email2="*****@*****.**",
acad_standing = "Graduate", gender="Male", shirt_size="M",
signup_date = datetime.utcfromtimestamp(0)))
additem(Member,Member(id=5002, student_id = "000000002", pw_hash = Auth.hash_password('password'),
primary_club = 8001,
priv_level = Auth.member,
name_first = "Kenneth", name_middle = "", name_last = "Johnson",
email1 = "*****@*****.**",
acad_standing="Undergraduate",
signup_date = datetime.utcfromtimestamp(0)))
print('Adding sample content blocks...')
def additem(table, item):
if table.query.filter_by(id=item.id).first() is None:
db.session.add(item)
print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' added')
else:
print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' already exists')
if __name__ == '__main__':
print('Adding sample data to: Club')
additem(Club,Club(id = 8001, name_short = "InfoSec", name_long = "Information Security Club"))
additem(Club,Club(id = 8002, name_short = "ACM", name_long = "Association For Computing Machinery"))
additem(Club,Club(id = 8003, name_short = "IEEE", name_long = "Institute of Electrical and Electronics Engineers"))
print('Adding sample data to: Member (all with a password of \'password\')')
additem(Member,Member(id=101, student_id = "900000101", pw_hash = Auth.hash_password('password'), priv_level = Auth.officer, name_first = "Officer", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=101, member=101, club=8001, signup_date=datetime.utcfromtimestamp(0), paid_date=datetime.utcfromtimestamp(0), paid_amount=30, paid_until_date=datetime(2015,6,20)))
additem(Member,Member(id=102, student_id = "900000102", pw_hash = Auth.hash_password('password'), priv_level = Auth.admin, name_first = "Admin", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=102, member=102, club=8001, signup_date=datetime.utcfromtimestamp(0), paid_date=datetime.utcfromtimestamp(0), paid_amount=30, paid_until_date=datetime(2015,6,20)))
additem(Member,Member(id=103, student_id = "900000103", pw_hash = Auth.hash_password('password'), priv_level = Auth.member, name_first = "Member", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=103, member=103, club=8001, signup_date=datetime.utcfromtimestamp(0)))
additem(Member,Member(id=104, student_id = "900000104", pw_hash = Auth.hash_password('password'), priv_level = Auth.alumni, name_first = "Alumni", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=104, member=104, club=8001, signup_date=datetime.utcfromtimestamp(0)))
additem(Member,Member(id=105, student_id = "900000105", pw_hash = Auth.hash_password('password'), priv_level = Auth.associate, name_first = "Associate", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=105, member=105, club=8001, signup_date=datetime.utcfromtimestamp(0)))
additem(Member,Member(id=201, student_id = "900000201", pw_hash = Auth.hash_password('password'), priv_level = Auth.officer, name_first = "Officer", name_middle = "", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=201, member=201, club=8002, signup_date=datetime.utcfromtimestamp(0)))
additem(Member,Member(id=202, student_id = "900000202", pw_hash = Auth.hash_password('password'), priv_level = Auth.admin, name_first = "Admin", name_middle = "", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=202, member=202, club=8002, signup_date=datetime.utcfromtimestamp(0)))
additem(Member,Member(id=203, student_id = "900000203", pw_hash = Auth.hash_password('password'), priv_level = Auth.member, name_first = "Member", name_middle = "", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate"))
additem(Membership,Membership(id=203, member=203, club=8002, signup_date=datetime.utcfromtimestamp(0)))
def logout():
Auth.logout()
flash('You have been logged out.')
return redirect('/login')
Club,
Club(id=8002,
shortname="ACM",
longname="Association For Computing Machinery"))
additem(
Club,
Club(id=8003,
shortname="IEEE",
longname="Institute of Electrical and Electronics Engineers"))
print('Adding sample members, all with a password of \'password\'...')
additem(
Member,
Member(id=5001,
student_id="000000001",
pw_hash=Auth.hash_password('password'),
primary_club=8002,
priv_level=Auth.admin,
name_first="Mike",
name_middle="",
name_last="Korcha",
email1="*****@*****.**",
email2="*****@*****.**",
acad_standing="Graduate",
gender="Male",
shirt_size="M",
signup_date=datetime.utcfromtimestamp(0)))
additem(
Member,
Member(id=5002,
student_id="000000002",
def logout():
Auth.logout()
flash('You have been logged out.')
return redirect('/login')
