def post(r):
"""POST /api/oauth/token"""
code = r.d.code
dict_ = JWT.decrypt(code)
if dict_['type'] != JWType.AUTH_CODE:
raise AuthError.REQUIRE_AUTH_CODE
user_app_id = dict_['user_app_id']
user_app = UserApp.get_by_id(user_app_id, check_bind=True)
ctime = dict_['ctime']
if user_app.app.field_change_time > ctime:
raise AuthError.APP_FIELD_CHANGE
if user_app.last_auth_code_time != str(ctime):
raise AuthError.NEW_AUTH_CODE_CREATED
token, dict_ = JWT.encrypt(
dict(
user_app_id=user_app.user_app_id,
type=JWType.AUTH_TOKEN,
),
expire_second=OAUTH_TOKEN_EXPIRE_TIME,
)
dict_['token'] = token
dict_['avatar'] = user_app.user.get_avatar_url()
return dict_
def get_login_token(user: User):
token, _dict = JWT.encrypt(dict(
user_id=user.pk,
), expire_second=30 * 60 * 60 * 24)
_dict['token'] = token
_dict['user'] = user.d()
return _dict
def get(r):
""" GET /api/user/verify
自动识别身份信息
"""
user = r.user
if user.verify_status != User.VERIFY_STATUS_UNVERIFIED:
if user.verify_status == User.VERIFY_STATUS_UNDER_AUTO or \
user.verify_status == User.VERIFY_STATUS_UNDER_MANUAL:
raise IDCardError.VERIFYING('无法继续识别')
else:
raise IDCardError.REAL_VERIFIED('无法继续识别')
urls = user.get_card_urls()
if not urls['front'] or not urls['back']:
raise IDCardError.CARD_NOT_COMPLETE
front_info = IDCard.detect_front(urls['front'])
back_info = IDCard.detect_back(urls['back'])
back_info.update(front_info)
back_info['type'] = 'idcard-verify'
back_info['user_id'] = user.user_str_id
token, verify_info = JWT.encrypt(back_info, expire_second=60 * 5)
verify_info['token'] = token
user.update_verify_type(User.VERIFY_CHINA)
return verify_info
def analyse_invite_ticket(ticket):
d = JWT.decrypt(ticket)
type_ = d.get('type')
if type_ != AuthType.INVITE:
raise AuthError.TOKEN_MISS_PARAM('type')
spaceman = d.get('spaceman')
return SpaceMan.get_by_union(spaceman)
def get_invite_ticket(spaceman: SpaceMan):
ticket, d = JWT.encrypt(dict(
type=AuthType.INVITE,
spaceman=spaceman.get_union(),
),
expire_second=30 * 60)
return ticket
def validate_token(request):
jwt_str = request.META.get('HTTP_TOKEN')
# jwt_str = request.COOKIES['token']
if not jwt_str:
raise AuthError.REQUIRE_LOGIN
return JWT.decrypt(jwt_str)
def get_login_token(user: User):
token, _dict = JWT.encrypt(dict(
user_id=user.pk,
))
_dict['token'] = token
_dict['user'] = user.d()
return _dict
def get_login_token(user: User):
token, dict_ = JWT.encrypt(
dict(
type=JWType.LOGIN_TOKEN,
user_id=user.user_str_id,
))
dict_['token'] = token
dict_['user'] = user.d()
return dict_
def get_login_token(user: MiniUser, session_key):
if DEV_MODE:
encrypt_session_key = session_key
else:
encrypt_session_key = Crypto.AES.encrypt(session_key)
token, _dict = JWT.encrypt(
dict(
user_id=user.user_id,
session_key=encrypt_session_key,
))
_dict['token'] = token
_dict['user'] = user.d()
return _dict
def post(r):
""" POST /api/user/verify
确认认证信息
"""
user = r.user
if user.verify_status != User.VERIFY_STATUS_UNVERIFIED:
if user.verify_status == User.VERIFY_STATUS_UNDER_AUTO or \
user.verify_status == User.VERIFY_STATUS_UNDER_MANUAL:
raise IDCardError.VERIFYING('无法继续确认')
else:
raise IDCardError.REAL_VERIFIED('无法继续确认')
if r.d.auto:
# 自动验证
token = r.d.token
dict_ = JWT.decrypt(token)
if 'user_id' not in dict_:
raise IDCardError.AUTO_VERIFY_FAILED
if user.user_str_id != dict_['user_id']:
raise IDCardError.AUTO_VERIFY_FAILED
crt_time = datetime.datetime.now().timestamp()
valid_start = datetime.datetime.strptime(dict_['valid_start'],
'%Y-%m-%d').timestamp()
valid_end = datetime.datetime.strptime(dict_['valid_end'],
'%Y-%m-%d').timestamp()
if valid_start > crt_time or crt_time > valid_end:
raise IDCardError.CARD_VALID_EXPIRED
user.update_card_info(
dict_['name'],
dict_['male'],
dict_['idcard'],
datetime.datetime.strptime(dict_['birthday'],
'%Y-%m-%d').date(),
)
user.update_verify_status(User.VERIFY_STATUS_DONE)
else:
# 人工验证
for param in Verify.VERIFY_PARAMS:
if not getattr(r.d, param.name):
return PError.NULL_NOT_ALLOW(param.name, param.read_name)
user.update_card_info(
**r.d.dict('name', 'birthday', 'idcard', 'male'))
user.update_verify_status(User.VERIFY_STATUS_UNDER_MANUAL)
Email.real_verify(user, '')
return user.d()
def get_login_token(user: User, session_key):
if DEV_MODE:
encrypt_session_key = session_key
else:
encrypt_session_key = Crypto.AES.encrypt(session_key)
token, d = JWT.encrypt(
dict(
type=AuthType.LOGIN,
user_id=user.user_id,
session_key=encrypt_session_key,
))
d['token'] = token
d['user'] = user.d()
return d
def do_bind(cls, user, app):
if app.is_user_full():
raise AppError.USER_FULL
premise_list = app.check_premise(user)
for premise in premise_list:
error = E.sid2e[premise['check']['identifier']]
if not error.ok:
raise error
crt_timestamp = datetime.datetime.now().timestamp()
try:
user_app = cls.get_by_user_app(user, app)
user_app.bind = True
user_app.last_auth_code_time = crt_timestamp
user_app.frequent_score += 1
user_app.last_score_changed_time = crt_timestamp
user_app.save()
except E as e:
if e.eis(AppError.USER_APP_NOT_FOUND):
try:
user_app = cls(
user=user,
app=app,
user_app_id=cls.get_unique_id(),
bind=True,
last_auth_code_time=crt_timestamp,
frequent_score=1,
last_score_changed_time=crt_timestamp,
)
user_app.save()
user_app.app.user_num += 1
user_app.app.save()
except Exception as err:
raise AppError.BIND_USER_APP(debug_message=err)
else:
raise e
return JWT.encrypt(dict(
user_app_id=user_app.user_app_id,
type=JWType.AUTH_CODE,
ctime=crt_timestamp
), replace=False, expire_second=5 * 60)
def validate_token(r):
jwt_str = r.META.get('HTTP_TOKEN')
if jwt_str is None:
raise AuthError.REQUIRE_LOGIN
return JWT.decrypt(jwt_str)