def do(self):
if request.method=="GET":
appid=request.args.get("appid","")
appsecret=request.args.get("appsecret","")
if appid=="" or appsecret=="":
return jsonify({"token":"null"})
else:
from v1.db.DbHelper import DbHelper
dh=DbHelper()
user_token=dh.load("UserMapper","user_token")
sql=dh.do("query",user_token).filter(user_token.appid==appid,
user_token.appsecret==appsecret)
getUser=sql.first()
if getUser:
import hashlib
tokenstr=hashlib.sha256(appid+appsecret).hexdigest()
import datetime
now=datetime.datetime.now()
starttime=now.strftime("%Y-%m-%d %H:%M:%S")
endtime=now+datetime.timedelta(seconds=30)
sql.update({"tokenstr":tokenstr,"starttime":starttime,"endtime":endtime})
dh.do("commit")
return jsonify({"token":tokenstr})
else:
return jsonify({"token":"null"})
def __token(*args):
getToken=request.args.get("token")
from v1.db.DbHelper import DbHelper
dh=DbHelper()
user_token=dh.load("UserMapper", "user_token")
ret=dh.do("query",user_token).filter(user_token.tokenstr==getToken\
,user_token.starttime<=datetime.datetime.now()\
,user_token.endtime>=datetime.datetime.now()).first()
if ret:
# print ret.appid
return func(*args,appid=ret.appid)
else:
return jsonify({"result":"access error"})
def __init__(self):
self.dh=DbHelper()
class UserController():
dh=None
cusor=None
def __init__(self):
self.dh=DbHelper()
def userlist(self): #对应GET方法,获取用户列表
userid=request.args.get('userid','')
if userid!='':
return self.userinfo(userid)
return 'userlist111'
def userinfo(self,userid): #对应GET方法,获取用户信息,
return 'userinfo,userid='+userid
def adduser(self): #对应POST方法,添加用户
user_name=request.json.get('user_name')
#redis判断用户是否存在
user=myredis.rs.hget("user_map",user_name)
if user is not None:
return jsonify(success=False,message='用户名/邮箱/手机号 已存在')
#检查用户名的是否符合要求
reg_type=check_username(user_name)
if reg_type is False:
return jsonify(success=False,message='用户名不符合要求')
user_pass=request.json.get('user_pass')
user_pass=desEncrypt(bytes(user_pass)) #入库前加密密码
#_user_validate用户验证 默认0 未验证 1 已验证 学生角色的不需要验证
#_user_role 角色 1 学生 2 老师 3……待扩展
user_role=request.json.get('user_role','1')
user_validate=1 if user_role=="1" else 0
user_email=user_name if reg_type==2 else ""
user_phone=user_name if reg_type==3 else ""
#注册成功的时候会直接生成一个token给新用户
access_token=generate_access_token()
#使用ORM的情况
if is_use_orm:
USER_MAP=self.dh.load("UserMapper","USER_MAP")
USER_SYS=self.dh.load("UserMapper", "USER_SYS") #加载user_sys类
new_user=USER_SYS(user_name=user_name,
user_email=user_email,
user_phone=user_phone,
user_pass=user_pass,
user_role=user_role,
user_validate=user_validate,
user_access_token=access_token)
self.dh.save(new_user)
user_id=new_user.user_id
if user_id:
new_user_map=USER_MAP(user_name=user_name,user_id=user_id)
self.dh.save(new_user_map)
USER_LOG=self.dh.load("UserMapper", "USER_LOG")
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=1)
self.dh.save(new_log)
#使用存储过程
else:
cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor)
cursor.callproc('sp_user_reg',(user_name,
user_email,
user_phone,
user_pass,
user_role,
request.remote_addr,
access_token))
new_user=cursor.fetchone()
cursor.close()
self.dh.dbconn.commit()
self.dh.dbconn.close()
user_id=new_user['user_id']
#更新redis上的用户信息
myredis.rs.hset("user_map",user_name,user_id)
myredis.rs.hmset("user:{user_id}".format(user_id=user_id),{"user_id":user_id,
"user_name":str(user_name),
"user_email":user_email,
"user_phone":user_phone,
"user_pass":user_pass,
"user_role":user_role,
"user_validate":user_validate,
"user_last_login_ip":request.remote_addr,
"user_last_login_time":time.time(),
"user_error_times":0
})
myredis.rs.hset("userid_token",user_id,access_token)
myredis.rs.hset("token_userid",access_token,user_id)
return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message="注册成功")
def updateuser(self): #对应PUT方法,更新用户信息
userid=request.form['userid']
return 'updateuser'+userid
def deleteuser(self): #对应DELETE方法,删除用户
userid=request.form['userid']
return 'delete user'
def userlogin(self):
user_name=request.json.get("user_name")
user_pass=request.json.get("user_pass")
user_pass=desEncrypt(bytes(user_pass))
success=False
message='登录成功'
access_token=generate_access_token()
#先从redis获取用户信息判断用户是否存在
user_id=myredis.rs.hget("user_map",user_name)
if user_id is not None:
user=myredis.rs.hgetall("user:{user_id}".format(user_id=user_id))
user_error_times=int(user['user_error_times'])
user_last_login_time=float(user['user_last_login_time'])
if user_error_times==5 :
if (time.time()-user_last_login_time)>=86400:
user_error_times=0
else:
return jsonify(success=False,message="您已经连续登录失败5次,请24小时之后再来")
else:
return jsonify(success=False,message='用户不存在')
if is_use_orm:
USER_SYS=self.dh.load("UserMapper", "USER_SYS")
USER_LOG=self.dh.load("UserMapper", "USER_LOG")
user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).first()
if user_pass==user.user_pass:
if user.user_validate is True:
#登录成功,将登录失败次数归0,同时记录用户登录日志
success=True
user_error_times=0
user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_access_token':access_token,'user_error_times':user_error_times})
self.dh.dbsession.commit()
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=1)
self.dh.save(new_log)
else:
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=0)
self.dh.save(new_log)
message="用户未验证"
else:
#登录失败,将登录失败次数加1,同时记录用户登录日志
user_error_times+=1
self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_error_times':user_error_times})
self.dh.dbsession.commit()
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=0)
self.dh.save(new_log)
message="密码错误"
else:
cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor)
cursor.callproc('sp_user_login',(user_name,user_pass,request.remote_addr,access_token))
#登录成功返回一行用户信息,错误返回相关错误信息
user=cursor.fetchone()
cursor.close()
self.dh.dbconn.commit()
self.dh.dbconn.close()
message=user['message']
#登录成功
if user['result']=='success':
user_error_times=0
success=True
else:
user_error_times+=1
#更新redis上的用户信息
myredis.rs.hmset('user:{user_id}'.format(user_id=user_id),{"user_last_login_ip":request.remote_addr,
"user_last_login_time":time.time(),
"user_error_times":user_error_times
})
if success:
#删除旧的token
old_token=myredis.rs.hget("userid_token",user_id)
if old_token:
myredis.rs.hdel("token_userid",old_token)
#更新token
myredis.rs.hset("userid_token",user_id,access_token)
myredis.rs.hset("token_userid",access_token,user_id)
return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message=message)
else:
return jsonify(success=False,message=message)
def userunlogin(self):
return "userunlogin"
def do(self):
if request.method=='GET':
return self.userlist()
elif request.method=='POST':
getaction=request.args.get("action",None)
if getaction is not None:
if getaction=="userlogin":
return self.userlogin()
elif getaction=="userunlogin":
return self.userunlogin()
elif getaction=='userreg':
return self.adduser()
return "找不到相关操作"
elif request.method=='PUT':
return self.updateuser()
elif request.method=='DELETE':
return self.deleteuser()
