def normalize_url(url):
url_parts = url_parse(url)
if not url_parts.netloc:
url = 'http://{}'.format(url)
url_parts = url_parse(url)
if not url_parts.path:
url = '{}/'.format(url)
return url
def norm(self):
normalized_url = url_normalize(self._url_str)
parsed_url = url_parse(normalized_url)
scheme = 'https' \
if parsed_url.scheme == 'http' \
else parsed_url.scheme
netloc = parsed_url.netloc[4:] \
if parsed_url.netloc.startswith('www.') \
else parsed_url.netloc
return Url(
url_unparse(
parsed_url._replace(scheme=scheme, netloc=netloc, query='')))
def admin():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
user = Manager.query.filter_by(ManagerNum=username).first()
if user is None or not user.check_password(password):
flash('Invalid username or password!')
return redirect(url_for('admin'))
login_user(user)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index')
return redirect(url_for('manager'))
return render_template('admin.html')
def make_environ(self):
request_url = url_parse(self.path)
def shutdown_server():
self.server.shutdown_signal = True
url_scheme = self.server.ssl_context is None and 'http' or 'https'
path_info = url_unquote(request_url.path)
environ = {
'wsgi.version': (1, 0),
'wsgi.url_scheme': url_scheme,
'wsgi.input': self.rfile,
'wsgi.errors': sys.stderr,
'wsgi.multithread': self.server.multithread,
'wsgi.multiprocess': self.server.multiprocess,
'wsgi.run_once': False,
'werkzeug.server.shutdown':
shutdown_server,
'SERVER_SOFTWARE': self.server_version,
'REQUEST_METHOD': self.command,
'SCRIPT_NAME': '',
'PATH_INFO': wsgi_encoding_dance(path_info),
'QUERY_STRING': wsgi_encoding_dance(request_url.query),
'CONTENT_TYPE': self.headers.get('Content-Type', ''),
'CONTENT_LENGTH': self.headers.get('Content-Length', ''),
'REMOTE_ADDR': self.client_address[0],
'REMOTE_PORT': self.client_address[1],
'SERVER_NAME': self.server.server_address[0],
'SERVER_PORT': str(self.server.server_address[1]),
'SERVER_PROTOCOL': self.request_version
}
for key, value in self.headers.items():
key = 'HTTP_' + key.upper().replace('-', '_')
if key not in ('HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH'):
environ[key] = value
if request_url.netloc:
environ['HTTP_HOST'] = request_url.netloc
return environ
def make_environ(self):
request_url = url_parse(self.path)
def shutdown_server():
self.server.shutdown_signal = True
url_scheme = self.server.ssl_context is None and 'http' or 'https'
path_info = url_unquote(request_url.path)
environ = {
'wsgi.version': (1, 0),
'wsgi.url_scheme': url_scheme,
'wsgi.input': self.rfile,
'wsgi.errors': sys.stderr,
'wsgi.multithread': self.server.multithread,
'wsgi.multiprocess': self.server.multiprocess,
'wsgi.run_once': False,
'werkzeug.server.shutdown': shutdown_server,
'SERVER_SOFTWARE': self.server_version,
'REQUEST_METHOD': self.command,
'SCRIPT_NAME': '',
'PATH_INFO': wsgi_encoding_dance(path_info),
'QUERY_STRING': wsgi_encoding_dance(request_url.query),
'CONTENT_TYPE': self.headers.get('Content-Type', ''),
'CONTENT_LENGTH': self.headers.get('Content-Length', ''),
'REMOTE_ADDR': self.client_address[0],
'REMOTE_PORT': self.client_address[1],
'SERVER_NAME': self.server.server_address[0],
'SERVER_PORT': str(self.server.server_address[1]),
'SERVER_PROTOCOL': self.request_version
}
for key, value in self.headers.items():
key = 'HTTP_' + key.upper().replace('-', '_')
if key not in ('HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH'):
environ[key] = value
if request_url.netloc:
environ['HTTP_HOST'] = request_url.netloc
return environ
def login():
if isinstance(current_user._get_current_object(), Manager):
logout_user()
if current_user.is_authenticated:
if isinstance(current_user._get_current_object(), Student):
return redirect(url_for('student_index'))
elif isinstance(current_user._get_current_object(), Teacher):
return redirect(url_for('teacher_index'))
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
remember = request.form.get('remember')
remember = [True if remember == 'on' else False][0]
error = None
is_student = 1
user = Student.query.filter_by(StudentNum=username).first()
# 判断是否为学生
if not user:
# 若不是,则选取老师
is_student = 0
user = Teacher.query.filter_by(TeacherNum=username).first()
if not user:
error = '学号不存在!'
elif not user.check_password(password):
error = '密码错误!'
if error is None:
login_user(user, remember=remember)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index')
if is_student:
return redirect(url_for('student_index'))
else:
return redirect(url_for('teacher_index'))
flash(error)
return render_template('login.html')
def get_headers_for_request(url,
region,
service,
access_key,
secret_key,
session_token=None,
payload='',
headers={},
method='GET',
t=None):
# Create a date for headers and the credential string
if not t:
t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope
# ************* TASK 1: CREATE A CANONICAL REQUEST *************
# http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
# Step 1 is to define the verb (GET, POST, etc.)--already done.
# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
parsed = url_parse(url)
host = parsed.netloc
canonical_uri = quote(parsed.path)
# Step 3: Create the canonical query string. In this example (a GET request),
# request parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
# For this example, the query string is pre-formatted in the request_parameters variable.
params = OrderedDict(sorted(parse_qs(
parsed.query).items())) if parsed.query else {}
canonical_querystring = urlencode(params, doseq=True)
# Step 4: Create the canonical headers and signed headers. Header names
# and value must be trimmed and lowercase, and sorted in ASCII order.
# Note that there is a trailing \n.
canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'
# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers lists those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
headers_to_sign = ['host', 'x-amz-date']
signed_headers = ';'.join(headers_to_sign)
# Step 6: Create payload hash (hash of the request body content). For GET
# requests, the payload is an empty string ("").
if payload is None:
payload = ''
# handle differences between library requests 2.11.0 and previous
if type(payload) is bytes:
payload_hash = hashlib.sha256(payload).hexdigest()
else:
payload_hash = hashlib.sha256(payload.encode("utf-8")).hexdigest()
# Step 7: Combine elements to create create canonical request
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
# ************* TASK 2: CREATE THE STRING TO SIGN*************
# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + hashlib.sha256(
canonical_request.encode('utf-8')).hexdigest()
# ************* TASK 3: CALCULATE THE SIGNATURE *************
# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, datestamp, region, service)
# Sign the string_to_sign using the signing_key
signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'),
hashlib.sha256).hexdigest()
# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************
# The signing information can be either in a query string value or in
# a header named Authorization. This code shows how to use a header.
# Create authorization header and add to request headers
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
# The request can include any headers, but MUST include "host", "x-amz-date",
# and (for this scenario) "Authorization". "host" and "x-amz-date" must
# be included in the canonical_headers and signed_headers, as noted
# earlier. Order here is not significant.
# Python note: The 'host' header is added automatically by the Python 'requests' library.
headers_to_add = {
'x-amz-date': amzdate,
'Authorization': authorization_header
}
if session_token:
headers_to_add['X-Amz-Security-Token'] = session_token
headers.update(headers_to_add)
return headers
def get_headers_for_request(url, region, service, access_key, secret_key, session_token=None, payload='', headers={}, method='GET', t=None):
# Create a date for headers and the credential string
if not t:
t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope
# ************* TASK 1: CREATE A CANONICAL REQUEST *************
# http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
# Step 1 is to define the verb (GET, POST, etc.)--already done.
# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
parsed=url_parse(url)
host = parsed.netloc
canonical_uri = quote(parsed.path)
# Step 3: Create the canonical query string. In this example (a GET request),
# request parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
# For this example, the query string is pre-formatted in the request_parameters variable.
params = OrderedDict(sorted(parse_qs(parsed.query).items())) if parsed.query else {}
canonical_querystring = unquote(urlencode(params, doseq=True))
# Step 4: Create the canonical headers and signed headers. Header names
# and value must be trimmed and lowercase, and sorted in ASCII order.
# Note that there is a trailing \n.
canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'
# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers lists those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
headers_to_sign=['host','x-amz-date']
signed_headers = ';'.join(headers_to_sign)
# Step 6: Create payload hash (hash of the request body content). For GET
# requests, the payload is an empty string ("").
if payload is None:
payload=''
# handle differences between library requests 2.11.0 and previous
if type(payload) is bytes:
payload_hash = hashlib.sha256(payload).hexdigest()
else:
payload_hash = hashlib.sha256(payload.encode("utf-8")).hexdigest()
# Step 7: Combine elements to create create canonical request
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
# ************* TASK 2: CREATE THE STRING TO SIGN*************
# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
# ************* TASK 3: CALCULATE THE SIGNATURE *************
# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, datestamp, region, service)
# Sign the string_to_sign using the signing_key
signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()
# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************
# The signing information can be either in a query string value or in
# a header named Authorization. This code shows how to use a header.
# Create authorization header and add to request headers
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
# The request can include any headers, but MUST include "host", "x-amz-date",
# and (for this scenario) "Authorization". "host" and "x-amz-date" must
# be included in the canonical_headers and signed_headers, as noted
# earlier. Order here is not significant.
# Python note: The 'host' header is added automatically by the Python 'requests' library.
headers_to_add = {'x-amz-date':amzdate, 'Authorization':authorization_header}
if session_token:
headers_to_add['X-Amz-Security-Token']=session_token
headers.update(headers_to_add)
return headers
def is_absolute(self):
return bool(url_parse(self._url_str).netloc)
