def logout(self, data): auth_token = "" or data if auth_token: resp = User.decode_auth_token(auth_token) # 判断token是否在黑名单 if not isinstance(resp, str): # mark the token as blacklisted return self.save_token(token=auth_token) # 退出登录后自动加入黑名单,销毁Token else: msg.set_msg(code=UNAUTHORIZED, msg=resp) else: msg.set_msg(code=FORBIDDEN, msg="Provide a valid auth token.") return msg.body
def generate_token(user): """ token 生成器 """ try: # generate the auth token auth_token = User.encode_auth_token(user.id) # token编码 data = dict(Authorization=auth_token.decode()) msg.set_msg(code=CREATED, msg="Successfully registered.", data=data) return msg.body except Exception as e: logs.debug(e) msg.set_msg(code=UNAUTHORIZED, msg="Some error occurred. Please try again.") return msg.body
def create_user(self, data): """ 新增用户 """ user = User.query.filter_by( phone=data["phone"]).first() # 判断是否新增:身份唯一性 if not user: new_user = User.create(**data) # 创建新用户 return self.generate_token(new_user) # 生成Token else: # 用户已存在 msg.set_msg( code=CONFLICT, msg="User already exists. Please Log in.", data=user.user_name, ) return msg.body
def login(data): # 登录校验 try: # fetch the user data user = User.query.filter_by(phone=data["phone"]).first() # 判断身份唯一性 if user and user.check_password(data.get("password")): # 校验用户密码 auth_token = User.encode_auth_token(user.id) if auth_token: # 校验通过 success = MsgBody() # 初始化响应消息 data = dict(Authorization=auth_token.decode()) success.set_msg( code=SUCCESS, msg="Successfully logged in.", data=data ) return success.body else: msg.set_msg(code=UNAUTHORIZED, msg="phone or password does not match.") except Exception as e: logs.error(e) msg.set_msg(code=INTERNAL_SERVER_ERROR, msg="Try again") return msg.body
def create_token(data): # 登录校验 try: # fetch the user data user = User.query.filter_by(phone=data["username"]).first() # 判断身份唯一性 if user and user.check_password(data.get("password")): # 校验用户密码 auth_token = User.encode_auth_token(user.id) if auth_token: # 校验通过 success = MsgBody() # 初始化响应消息 success.set_msg( code=SUCCESS, msg="Successfully logged in." ) success.add_fields(access_token=auth_token.decode(), token_type="bearer") # access_token return success.body else: msg.set_msg(code=UNAUTHORIZED, msg="phone or password does not match.") except Exception as e: logs.error(e) msg.set_msg(code=INTERNAL_SERVER_ERROR, msg="Try again") return msg.body
def get_user_permission(request=None): """ 1.权限查询 2.等级查询 可拓展为:接口权限、方法权限、查询权限 role 角色表 :param request: :return: """ auth_token = request.headers.get('Authorization') # get the auth token if auth_token: resp = User.decode_auth_token(auth_token[7:]) # Token解码 if not isinstance(resp, str): # 查询成功会返回int类型 user = User.query.filter_by(id=resp).first() success = MsgBody() # 初始化响应消息 data = dict(user_id=user.id, email=user.email, is_admin=user.is_admin) success.set_msg(code=SUCCESS, msg="The query is successful.", data=data) return success.body msg.set_msg(code=UNAUTHORIZED, msg=resp) else: msg.set_msg(code=UNAUTHORIZED, msg="Provide a valid auth token.") return msg.body
def get_logged_in_user(new_request): auth_token = new_request.headers.get("Authorization") # get the auth token if auth_token: resp = User.decode_auth_token(auth_token[7:]) if not isinstance(resp, str): user = User.query.filter_by(id=resp).first() response_object = { "status": "success", "data": { "user_id": user.id, "email": user.email, # "is_admin": user.is_admin, # 'registered_on': str(user.registered_on) }, } return response_object, 200 response_object = {"status": "fail", "message": resp} return response_object, 401 else: response_object = { "status": "fail", "message": "Provide a valid auth token.", } return response_object, 401