def post(self):
""" POST
"""
input_json = request.get_json()
if 'account' not in input_json:
return self.response_json(self.HttpErrorCode.PARAMS_VALID_ERROR, '账号不能为空')
if 'password' not in input_json:
return self.response_json(self.HttpErrorCode.PARAMS_VALID_ERROR, '密码不能为空')
account, password = input_json.get('account'), input_json.get('password')
# 获取账号
account = Account.query.filter_by(account=account).first()
if not bcrypt.checkpw(password.encode('utf-8'), account.password.encode('utf-8')):
return self.response_json(self.HttpErrorCode.AUTHORIZED_ERROR)
# Cookie设置
res = make_response(self.response_json(self.HttpErrorCode.SUCCESS))
session_token = SessionCache().create_session(account.id)
res.set_cookie(
'session_token',
session_token,
expires=time.time()+24*60*60,
domain=request.host
)
return res
def get(self):
session_token = request.cookies.get('session_token', None)
if not session_token:
return self.response_json(self.HttpErrorCode.SUCCESS)
SessionCache().delete(session_token)
res = make_response(self.response_json(self.HttpErrorCode.SUCCESS))
res.set_cookie('session_token', session_token, expires=0)
return res
def get_current_user(self):
session_token = request.cookies.get('session_token', '')
user_id = SessionCache().get_user_id_by_token(session_token)
if not user_id:
return None
user = Account.query.filter_by(id=user_id).first()
if user:
bussiness_id = UserBussinessCache().get(user.id) or 1
# TODO 需要修复db.model自动保存的问题
if self._is_bussiness_admin(user.id, bussiness=bussiness_id) and user.role != 'super_admin':
user.role = 'admin'
user.role = 'super_admin' if user.id == 1 else user.role
return user
def post(self, panel_id=None):
try:
query_params = request.get_json()
except:
query_params = {}
# 用户名称添加到参数中
session_token = request.cookies.get('session_token', '')
user = None
query_params.get("query", {}).setdefault("isadmin", 0)
if session_token:
user_id = SessionCache().get_user_id_by_token(session_token)
user = Account.query.filter_by(id=user_id).first()
query_params.get("query", {}).setdefault("username", user.name)
else:
username = request.cookies.get('admin_name', None)
user = Account.query.filter_by(account=username).first()
query_params.get("query", {}).setdefault("username", username)
if user and user.role in ('super_admin', 'admin'):
query_params.get("query", {}).update({"isadmin": 1})
if panel_id:
panel_data = self.session.query(PanelsModel).filter_by(
id=panel_id).first()
panel_data, errors = PanelSchema(
exclude=PanelsModel.column_filter).dump(panel_data)
if errors:
return self.response_json(self.HttpErrorCode.ERROR,
msg=str(errors))
else:
panel_data = {}
panel_data.update(query_params)
try:
dtype, db = get_db_by_id(panel_data['db_source'])
query_datas = DataAccess(dtype, db, **panel_data).get_datas()
except Exception as e:
error_message = str(e)
return self.response_json(self.HttpErrorCode.ERROR,
msg=error_message)
return self.response_json(self.HttpErrorCode.SUCCESS, data=query_datas)
def get(self):
session_token = request.cookies.get('session_token', None)
auth_type = current_app.config["AUTH_TYPE"]
sso_url = current_app.config["SSO_URL"]
login_url = request.host_url + "login"
if sso_url and auth_type == "SSO":
response = make_response(self.response_json(self.HttpErrorCode.UNAUTHORIZED, data=sso_url))
else:
response = make_response(self.response_json(self.HttpErrorCode.UNAUTHORIZED, data=login_url))
response.set_cookie("admin_uid", '', expires=0, domain=".oa.com")
response.set_cookie("admin_key", '', expires=0, domain=".oa.com")
if not session_token:
return response
SessionCache().delete(session_token)
response.set_cookie('session_token', session_token, expires=0)
return response