def identify(self, request):
"""
用户鉴权
:param request:
:return:
"""
# 获取header中的Authorization
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token_arr = auth_header.split(" ")
if not auth_token_arr or auth_token_arr[0] != 'JWT' or len(
auth_token_arr) != 2:
return HttpCode.auth_error
else:
auth_token = auth_token_arr[1]
payload = self.decode_auth_token(auth_token)
if not isinstance(payload, str):
user_id = payload.get('data').get('id')
login_time = payload.get('data').get('login_time')
user = UserLogin.query.get(user_id)
if not user:
return HttpCode.un_auth_error
else:
if user.last_login == login_time:
return success(msg='用户认证成功',
data={"user_id": user.user_id})
else:
return error(code=HttpCode.auth_error,
msg='用户认证失败')
else:
return error(code=HttpCode.auth_error, msg='用户认证失败')
else:
return error(code=HttpCode.auth_error, msg='用户认证失败')
def post(self):
dict_data = request.args
old_password = dict_data.get('old_password')
new_password = dict_data.get('new_password')
# session鉴权
user_id = session.get('user_id')
if not user_id:
return error(HttpCode.params_error, '请先登录')
try:
user = UserLogin.query.filter(UserLogin.id == user_id).first()
except Exception as e:
current_app.logger.error(e)
return error(HttpCode.params_error, '查询失败')
if not user:
return error(HttpCode.params_error, '用户不存在')
if not user.check_password(old_password):
return error(HttpCode.params_error, '旧密码不符')
user.password_hash = UserLogin.crypto_secret(new_password)
try:
db.session.add(user)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return error(HttpCode.db_error, '添加数据失败')
return success('修改成功')
def identity(self, request):
# 用户鉴权
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token_array = auth_header.split(" ")
if not auth_token_array or auth_token_array[0] != 'JWT' or len(auth_token_array) != 2:
return HttpCode.AUTH_ERROR
else:
auth_token = auth_token_array[1]
payload = self.decode_auth_token(auth_token)
if not isinstance(payload, str):
user_id = payload.get('data').get('id')
login_time = payload.get('data').get('login_time')
user = UserLogin.query.get(user_id)
if not user:
return HttpCode.AUTH_ERROR
else:
if user.last_login == login_time:
return success(msg='用户认证成功', data={"user_id": user.id})
else:
return error(code=HttpCode.AUTH_ERROR, msg='用户认证失败')
else:
return error(code=HttpCode.AUTH_ERROR, msg='用户认证失败')
else:
return error(code=HttpCode.AUTH_ERROR, msg='用户认证失败')
def post(self):
parser = reqparse.RequestParser(bundle_errors=True)
parser.add_argument('mobile', type=inputs.regex('1[3456789]\\d{9}'), required=True,
nullable=False, location=['json'], help='手机号格式不正确')
parser.add_argument('nickname', type=inputs.regex('^[A-Za-z][A-Za-z0-9]{2,7}'), required=True,
nullable=False, location=['json'], help='昵称格式不正确')
parser.add_argument('password', required=True, nullable=False, location=['json'],
help='密码不正确')
args = parser.parse_args()
user = UserLogin()
user.nickname = args.nickname
user.mobile = args.mobile
try:
db.session.add(user)
db.session.commit()
userinfo = UserLogin.query.filter(UserLogin.mobile == args.mobile).first()
if not userinfo:
return error(code=HttpCode.DB_ERROR, msg='注册数据失败')
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return error(code=HttpCode.DB_ERROR, msg='注册数据失败')
return success(msg='注册成功', data=user.to_dict())
def authenticate(self, mobile, password):
user = UserLogin.query.filter_by(mobile=mobile).first()
if not user:
return error(HttpCode.AUTH_ERROR, '用户不存在')
if user.check_password(password):
login_time = int(time.time())
user.login_time = login_time
user.update()
token = self.encode_auth_token(user.id, login_time)
token = str(token, encoding='utf-8')
return success('登录成功', data={'token': token})
else:
return error(HttpCode.PARAMS_ERROR, '密码错误')
def post(self):
file_avatar = request.args.get('avatar')
if not file_avatar:
return error(HttpCode.params_error, '对象不存在')
try:
img_data = file_avatar.read()
image_name = image_storage.image_storage(img_data)
except Exception as e:
current_app.logger.error(e)
return error(HttpCode.params_error, '上传失败')
g.user.avatar_url = QINIU_DOMIN_PREFIX + image_name
return success(msg='上传成功', data={'avatar_url': QINIU_DOMIN_PREFIX + image_name})
def post(self):
parser = reqparse.RequestParser(bundle_errors=True)
parser.add_argument('cur_id',
required=True,
nullable=False,
location=['json'],
help='验证码图片id参数不正确')
parser.add_argument('pre_id',
required=True,
nullable=False,
location=['json'],
help='验证码图片id参数不正确')
args = parser.parse_args()
name, text, img_data = captcha.captcha.generate_captcha()
try:
redis_store.set(f'img_data:{arg.cur_id}', text,
IMAGE_CODE_REDIS_EXPIRES)
if args.pre_id:
redis_store.delete(f'img_data:{args.pre_id}')
except Exception as e:
current_app.logger.error(e)
return error(code=HttpCode.db_error, msg='redis存储失败')
response = make_response(img_data)
response.headers['Content-Type'] = 'image/jpg'
return response
def session_commit():
try:
db.session.commit()
except SQLAlchemyError as e:
db.session.rollback()
reason = str(e)
return error(code=HttpCode.DB_ERROR,msg=reason)
def wrapper(*args, **kwargs):
result = Auth().identify(request)
if result['code'] == 200:
user_id = result['data']['user_id']
g.user = UserInfo.query.get(user_id)
return view_func(*args, **kwargs)
else:
return error(HttpCode.auth_error, "用户未通过认证")
def post(self):
user_id = session.get('user_id')
if not user_id:
error(HttpCode.params_error, '请先登录')
user_profile = {}
dict_data = request.args
user_profile['mobile'] = dict_data.get('mobile')
user_profile['nickname'] = dict_data.get('nickname')
# user_profile['avatar_url'] = dict_data.get('avatar_url')
user_profile['signature'] = dict_data.get('signature')
user_profile['sex'] = dict_data.get('sex')
user_profile['birth_date'] = dict_data.get('birth_date')
if not all(user_profile.values()):
return error(HttpCode.params_error, '参数不能全为空')
if user_profile['mobile'] and not re.fullmatch(r'1[356789]\d{9}',
user_profile['mobile']):
return error(HttpCode.params_error, msg='手机号格式错误')
if user_profile['nickname'] and not re.fullmatch(
r'^[A-Za-z][A-Za-z0-9]{2,7}', user_profile['nickname']):
return error(HttpCode.params_error, msg='昵称格式错误')
if user_profile['sex'] and user_profile['sex'] not in ['0', '1', '2']:
return error(HttpCode.params_error, msg='性别输入错误')
try:
user = UserInfo.query.filter(UserInfo.id == user_id).first()
except Exception as e:
current_app.logger.error(e)
return error(HttpCode.db_error, '获取数据失败')
if not user:
return error(HttpCode.params_error, '用户不存在')
user.from_dict(user_profile)
try:
db.session.add(user)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return error(HttpCode.db_error, '更新数据失败')
return success('修改成功')
def post(self):
parser = reqparse.RequestParser(bundle_errors=True)
parser.add_argument('mobile', type=inputs.regex('1[3456789]\\d{9}'), required=True,
nullable=False, location=['json'], help='手机号格式不正确')
# parser.add_argument('nickname', type=inputs.regex('^[A-Za-z][A-Za-z0-9]{2,7}'), required=True,
# nullable=False, location=['json'], help='昵称格式不正确')
parser.add_argument('password', required=True, nullable=False, location=['json'],
help='密码不正确')
args = parser.parse_args()
try:
user = UserLogin.query.filter_by(mobile=args.mobile).first()
except Exception as e:
current_app.logger.error(e)
return error(HttpCode.DB_ERROR, msg='获取数据出错')
if not user:
return error(HttpCode.PARAMS_ERROR, msg='用户不存在')
if not user.check_password(args.password):
return error(HttpCode.PARAMS_ERROR, msg='密码错误')
# 保存session
session['user_id'] = user.id
session['mobile'] = user.mobile
user.last_login = dt.now()
try:
db.session.add(user)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return error(code=HttpCode.DB_ERROR, msg='注册数据失败')
g.data = {
'id': user.id,
'success': True
}
return success(msg='登录成功', data=user.to_dict())
def post(self):
parser = reqparse.RequestParser(bundle_errors=True)
parser.add_argument('mobile',
type=inputs.regex('1[3456789]\\d{9}'),
required=True,
nullable=False,
location=['json'],
help='手机号参数不正确')
parser.add_argument('password',
required=True,
nullable=False,
location=['json'],
help='密码参数不正确')
args = parser.parse_args()
verify_code = verify_imgcode(args.img_code_id, args.img_code)
if verify_code == -2:
return error(HttpCode.params_error, '验证码id不正确',
{'img_code_id': args.img_code_id})
elif verify_code == -1:
return error(HttpCode.params_error, '验证码不正确',
{'img_code': args.img_code})
try:
user = UserLogin.query.filter(UserLogin.mobile == mobile).first()
except Exception as e:
current_app.logger.error(e)
return error(HttpCode.db_error, msg='获取数据出错')
if not user:
return error(HttpCode.params_error, msg='用户不存在')
if not user.check_password(args.password):
return error(HttpCode.params_error, msg='密码错误')
# 保存session
session['user_id'] = user.id
session['mobile'] = args.mobile
user.last_login = dt.now()
try:
db.session.add(user)
db.session.commit()
except Exception as e:
db.session.rollback()
current_app.logger.error(e)
return error(HttpCode.db_error, msg='添加数据失败')
return success(msg='登录成功', data=user.to_dict())
def post(self):
if not g.data.get('success'):
return error(code=HttpCode.PARAMS_ERROR, msg='用户未登录')
def post(self):
parser = reqparse.RequestParser(bundle_errors=True)
parser.add_argument('mobile',
type=inputs.regex('1[3456789]\\d{9}'),
required=True,
nullable=False,
location=['json'],
help='手机号参数不正确')
parser.add_argument('nickname',
type=inputs.regex('^[A-Za-z][A-Za-z0-9]{2,7}'),
required=True,
nullable=False,
location=['json'],
help='昵称格式不正确')
parser.add_argument('password',
required=True,
nullable=False,
location=['json'],
help='密码参数不正确')
parser.add_argument('img_code_id',
required=True,
nullable=False,
location=['json'],
help='验证码图片id参数不正确')
parser.add_argument('img_code',
required=True,
nullable=False,
location=['json'],
help='验证码参数不正确')
args = parser.parse_args()
# 验证码
verify_code = verify_imgcode(args.img_code_id, args.img_code)
if verify_code == -2:
return error(HttpCode.params_error, '验证码id不正确',
{'img_code_id': args.img_code_id})
elif verify_code == -1:
return error(HttpCode.params_error, '验证码不正确',
{'img_code': args.img_code})
user_profile = UserInfo()
user_profile.nickname = args.nickname
user_profile.mobile = args.mobile
try:
db.session.add(user_profile)
db.session.commit()
userinfo = UserInfo.query.filter(
UserInfo.mobile == args.mobile).first()
if not userinfo:
return error(code=HttpCode.db_error, msg='添加数据失败')
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return error(code=HttpCode.db_error, msg='添加数据失败')
user = UserLogin()
user.mobile = args.mobile
user.password_hash = user.crypto_secret(args.password)
user.user_id = user_profile.id
try:
db.session.add(user)
db.session.add(user_profile)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
return error(code=HttpCode.db_error,
msg='注册失败',
data=user.to_dict())
return success(msg='注册成功', data=user.to_dict())
