Example #1
0
    def post(self):
        logging.info(self.request)
        logging.info(self.request.body)

        # 允许跨域访问
        self.set_header('Access-Control-Allow-Origin', '*')
        self.set_header('Access-Control-Allow-Methods',
                        'POST, PUT, DELETE, GET, OPTIONS')
        self.set_header('Access-Control-Max-Age', 1000)
        self.set_header('Access-Control-Allow-Headers', '*')

        _body = json_decode(self.request.body)
        appid = None
        app_secret = None
        login = None
        verify_code = None
        md5pwd = None
        try:
            appid = _body['appid']
            app_secret = _body['app_secret']
            login = _body['login']
            verify_code = _body['verify_code']
            md5pwd = _body['pwd']
            logging.info("got appid %r", appid)
            logging.info("got app_secret %r", app_secret)
            logging.info("got login %r", login)
            logging.info("got verify_code %r", verify_code)
        except:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        if appid is None or app_secret is None or login is None or verify_code is None or md5pwd is None:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        _login = auth_login_dao.auth_login_dao().query_not_safe(login)
        if not _login:
            self.set_status(404)  # Not Found
            self.write('Not Found')
            self.finish()
            return

        try:
            if verify_code != _login['verify_code']:
                self.set_status(401)  # Unauthorized
                self.write('Unauthorized')
                self.finish()
                return
        except:  # Not found verify_code
            self.set_status(401)  # Unauthorized
            self.write('Unauthorized')
            self.finish()
            return

        _timestamp = int(time.time())
        try:
            if _timestamp > int(_login['last_apply_verify_code_time']
                                ) + 300:  # ttl is 5 minutes
                self.set_status(408)  # Request Timeout
                self.write('Request Timeout')
                self.finish()
                return
        except:  # Not found last_apply_verify_code_time
            self.set_status(401)  # Unauthorized
            self.write('Unauthorized')
            self.finish()
            return

        # store new password & salt
        salt = generate_nonce_str()
        _hash_pwd = hash_pwd(md5pwd, salt)
        _json = {
            '_id': login,
            'hash_pwd': _hash_pwd,
            'salt': salt,
            'last_update_time': _timestamp
        }
        auth_login_dao.auth_login_dao().update(_json)

        self.set_status(200)  # OK
        self.write('OK')
        self.finish()
        return
Example #2
0
    def post(self):
        logging.info(self.request)
        logging.info(self.request.body)
        _body = json_decode(self.request.body)

        phone = _body['phone']
        logging.info("got phone %r", phone)
        if phone is None or phone == "":
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        _login = auth_login_dao.auth_login_dao().query_not_safe(phone)
        if not _login:
            self.set_status(404)  # Not Found
            self.write('Not Found')
            self.finish()
            return

        _timestamp = int(time.time())
        logging.info("got timestamp %d", _timestamp)
        try:
            last_time = int(_login['last_apply_vcode_time'])
            logging.info("got last_time %d", last_time)
            if (_timestamp > last_time) and (
                    _timestamp < last_time + 300):  # ttl is 5 minutes
                self.set_status(204)  # No Content
                self.write('No Content')
                self.finish()
                return
        except:  # Not found last_apply_vcode_time
            logging.info("no found last_time")

        # store phone verify code
        vcode = generate_verify_code()
        logging.info("got verify_code %r", vcode)
        _json = {
            "_id": phone,
            "vcode": vcode,
            "last_update_time": _timestamp,
            "last_apply_vcode_time": _timestamp,
            "counts": 0
        }
        auth_login_dao.auth_login_dao().update(_json)

        # Logic: send sms by sendcloud
        param = {
            'smsUser': SMS_USER,
            'templateId': 151,
            'msgType': 0,
            'phone': phone,
            'vars': {
                '%ekey%': vcode
            },
        }
        sign = generate_sms_sign(SMS_KEY, param)
        param['signature'] = sign

        headers = {'content-type': 'application/json'}
        _json = json_encode(param)
        logging.info("post body %r", _json)
        http_client = HTTPClient()
        response = None
        try:
            response = http_client.fetch(SMS_URL,
                                         method="POST",
                                         headers=headers,
                                         body=_json)
            logging.info("got sendcloud sms response %r", response.body)
        except httpclient.HTTPError as e:
            # HTTPError is raised for non-200 responses; the response
            # can be found in e.response.
            logging.error("sendcloud sms error: %r", str(e))
            self.set_status(500)  # Internal Server Error
            self.write(str(e))
            self.finish()
        except Exception as e:
            # Other errors are possible, such as IOError.
            logging.error("sendcloud sms error: %r", str(e))
            self.set_status(500)  # Internal Server Error
            self.write(str(e))
            self.finish()
        else:
            # if no exception,get here
            self.set_status(200)  # OK
            self.write('OK')
            self.finish()
        finally:
            http_client.close()

        return
Example #3
0
    def post(self):
        logging.info(self.request)
        logging.info(self.request.body)

        # 允许跨域访问
        self.set_default_headers()

        _body = json_decode(self.request.body)
        appid = None
        app_secret = None
        login = None
        try:
            appid = _body['appid']
            app_secret = _body['app_secret']
            login = _body['login']
            logging.info("got appid %r", appid)
            logging.info("got app_secret %r", app_secret)
            logging.info("got login %r", login)
        except:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        if appid is None or app_secret is None or login is None:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        _login = auth_login_dao.auth_login_dao().query_not_safe(login)
        if not _login:
            self.set_status(404)  # Not Found
            self.write('Not Found')
            self.finish()
            return

        _timestamp = int(time.time())
        last_time = 0
        try:
            last_time = int(_login['last_apply_verify_code_time'])
        except:  # Not found last_apply_verify_code_time
            logging.warn("no found last_apply_verify_code_time")
        logging.info("got timestamp %d last_time %d", _timestamp, last_time)
        if _timestamp > last_time and _timestamp < (last_time +
                                                    300):  # ttl is 5 minutes
            self.set_status(200)  # No Content
            self.write('OK')
            self.finish()
            return

        # store phone verify code
        verify_code = generate_verify_code()
        logging.info("got verify_code %r", verify_code)
        _json = {
            "_id": login,
            "verify_code": verify_code,
            "last_update_time": _timestamp,
            "last_apply_verify_code_time": _timestamp
        }
        auth_login_dao.auth_login_dao().update(_json)

        # Logic: send sms by sup-http
        param = {'phone': login, 'ekey': verify_code}
        headers = {'content-type': 'application/json'}
        _json = json_encode(param)
        logging.info("post body %r", _json)
        http_client = HTTPClient()
        response = None
        try:
            response = http_client.fetch("http://localhost:8080/sendcloud/sms",
                                         method="POST",
                                         headers=headers,
                                         body=_json)
            logging.info("got sup-http sms response %r", response.body)
        except HTTPError as e:
            # HTTPError is raised for non-200 responses; the response
            # can be found in e.response.
            logging.error("sup-http sms error: %r", str(e))
            self.set_status(500)  # Internal Server Error
            self.write(str(e))
            self.finish()
        except Exception as e:
            # Other errors are possible, such as IOError.
            logging.error("sup-http sms error: %r", str(e))
            self.set_status(500)  # Internal Server Error
            self.write(str(e))
            self.finish()
        else:
            # if no exception,get here
            self.set_status(200)  # OK
            self.write(response.body)
            self.finish()
        finally:
            http_client.close()

        return
Example #4
0
    def post(self):
        logging.info(self.request)
        logging.info(self.request.body)

        # 允许跨域访问
        self.set_header('Access-Control-Allow-Origin', '*')
        self.set_header('Access-Control-Allow-Methods',
                        'POST, PUT, DELETE, GET, OPTIONS')
        self.set_header('Access-Control-Max-Age', 1000)
        self.set_header('Access-Control-Allow-Headers', '*')

        _body = json_decode(self.request.body)
        appid = None
        app_secret = None
        login = None
        md5pwd = None
        try:
            appid = _body['appid']
            app_secret = _body['app_secret']
            login = _body['login']
            md5pwd = _body['pwd']
            logging.info("got appid %r", appid)
            logging.info("got app_secret %r", app_secret)
            logging.info("got login %r", login)
        except:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        if appid is None or app_secret is None or login is None or md5pwd is None:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        # TODO check appid & app_secret

        _login = auth_login_dao.auth_login_dao().query_not_safe(login)
        if not _login:
            self.set_status(404)  # Not Found
            self.write('login & password pair are wrong')
            self.finish()
            return

        salt = _login['salt']
        _hash_pwd = hash_pwd(md5pwd, salt)
        if _hash_pwd != _login['hash_pwd']:
            self.set_status(404)  # Not Found
            self.write('login & password pair are wrong')
            self.finish()
            return

        _timestamp = int(time.time())
        logging.info("timestamp %r", _timestamp)
        access_token = generate_uuid_str()
        expires_at = _timestamp + TOKEN_EXPIRES_IN  # 2hours
        refresh_token = generate_uuid_str()
        _json = {
            '_id': access_token,
            'token_type': 'Bearer',
            'expires_at': expires_at,
            'refresh_token': refresh_token,
            'account_id': _login['account_id'],
            'scope': 'all'
        }
        auth_access_dao.auth_access_dao().create(_json)

        self.set_status(200)  # OK
        session_ticket = {
            "access_token": access_token,
            "token_type": "Bearer",
            "expires_at": expires_at,
            "refresh_token": refresh_token,
            "account_id": _login['account_id'],
            "scope": "all"
        }
        logging.info("got session_ticket response %r", session_ticket)

        self.finish(JSON.dumps(session_ticket))
        return
Example #5
0
    def post(self):
        logging.info(self.request)

        # 允许跨域访问
        self.set_header('Access-Control-Allow-Origin', '*')
        self.set_header('Access-Control-Allow-Methods',
                        'POST, PUT, DELETE, GET, OPTIONS')
        self.set_header('Access-Control-Max-Age', 1000)
        self.set_header('Access-Control-Allow-Headers', '*')

        _body = json_decode(self.request.body)
        appid = None
        app_secret = None
        login = None
        md5pwd = None
        try:
            appid = _body['appid']
            app_secret = _body['app_secret']
            login = _body['login']
            md5pwd = _body['pwd']
            logging.info("got appid %r", appid)
            logging.info("got app_secret %r", app_secret)
            logging.info("got login %r", login)
        except:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        if appid is None or app_secret is None or login is None or md5pwd is None:
            self.set_status(400)  # Bad Request
            self.write('Bad Request')
            self.finish()
            return

        _login = auth_login_dao.auth_login_dao().query_not_safe(login)
        if _login:
            logging.info("_login %r", _login['_id'])
            self.set_status(409)  # Conflict
            self.write('Conflict')
            self.finish()
            return

        _timestamp = int(time.time())
        logging.info("timestamp %r", _timestamp)
        account_id = generate_uuid_str()
        _json = {'_id': account_id, 'create_time': _timestamp}
        auth_basic_dao.auth_basic_dao().create(_json)

        salt = generate_nonce_str()
        _hash_pwd = hash_pwd(md5pwd, salt)
        _json = {
            '_id': login,
            'hash_pwd': _hash_pwd,
            'salt': salt,
            'account_id': account_id,
            'create_time': _timestamp
        }
        auth_login_dao.auth_login_dao().create(_json)

        self.set_status(201)  # Created
        account = {"account_id": account_id}
        logging.info("got account response %r", account)

        self.finish(JSON.dumps(account))
        return