async def authenticate(*, email, passwd):
"""登录操作"""
# 验证参数
if not email:
raise APIValueError('email', 'Invalid email.')
if not passwd:
raise APIValueError('passwd', 'Invalid password.')
# 从数据库中查询用户信息
users = await User.findAll('email=?', [email])
if len(users) == 0:
raise APIValueError('email', 'Email not exist.')
user = users[0]
# check passwd:
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password.')
# authenticate ok, set cookie:
r = web.Response()
r.set_cookie(COOKIE_NAME,
user2cookie(user, 86400),
max_age=86400,
httponly=True)
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
async def api_update_blog(*, title, summary, content, blog_id, request):
# 更新blog API
check_user(request)
if not title or not title.strip():
raise APIValueError("title", "title cannot be empty")
if not summary or not summary.strip():
raise APIValueError("summary", "summary cannot be empty")
if not content or not content.strip():
raise APIValueError("content", "content cannot be empty")
blog = await Blog.find_by_pri_key(blog_id)
blog.title = title
blog.summary = summary
blog.content = content
await blog.update()
return dict(msg='update blog success', blog=blog)
async def api_signin(*, email, password):
# 登录API
if not email:
raise APIValueError('email')
if not password:
raise APIValueError('password')
user = await User.find_all(where='email=?', args=[email])
if len(user) == 0:
raise APIValueError('email', 'Email not exists.')
user = user[0]
sha1_password = hashlib.sha1('{}:{}'.format(user.id, password).encode('utf-8')).hexdigest()
if user.password != sha1_password:
raise APIValueError('password', 'Wrong password.')
user.cookie = user2cookie(user, 86400)
user.password = '******'
return dict(msg='signin success', user=user)
async def api_create_blog(*, title, summary, content, request):
# 创建blog API
check_user(request)
if not title or not title.strip():
raise APIValueError("title", "title cannot be empty")
if not summary or not summary.strip():
raise APIValueError("summary", "summary cannot be empty")
if not content or not content.strip():
raise APIValueError("content", "content cannot be empty")
blog = Blog(
user_id=request.user.id,
user_name=request.user.name,
user_avatar=request.user.avatar,
title=title.strip(),
summary=summary.strip(),
content=content.strip())
await blog.save()
return dict(msg='create blog success', blog=blog)
async def api_register_user(*, email, name, password):
# 注册API
if not name or not name.strip():
raise APIValueError('name')
if not email or not _RE_EMAIL.match(email):
raise APIValueError('email')
# if not password or not _RE_SHA1.match(password):
if not password:
raise APIValueError('password')
users = await User.find_count(where='email=?', args=[email])
if users:
raise APIError('register:failed', 'email', 'Email already exists.')
user_id = next_id()
# hexdigest()函数将hash对象转换成16进制表示的字符串
sha1_password = hashlib.sha1('{}:{}'.format(user_id, password).encode('utf-8')).hexdigest()
avatar = "http://www.gravatar.com/avatar/{}?d=retro&s=120".format(hashlib.md5(email.encode('utf-8')).hexdigest())
user = User(id=user_id, name=name.strip(), email=email, password=sha1_password, avatar=avatar)
await user.save()
user.cookie = user2cookie(user, 86400)
user.password = '******'
return dict(msg='register success', user=user)
async def api_register_user(*, email, name, passwd):
"""用户注册操作"""
# 验证数据
if not name or not name.strip():
raise APIValueError('name')
if not email or not _RE_EMAIL.match(email):
raise APIValueError('email')
if not passwd or not _RE_SHA1.match(passwd):
raise APIValueError('passwd')
# 是否已经注册过
users = await User.findAll('email=?', [email])
if len(users) > 0:
raise APIError('register:failed', 'email', 'Email is already in use.')
# 保存用户数据
uid = next_id()
sha1_passwd = '%s:%s' % (uid, passwd)
user = User(id=uid,
name=name.strip(),
email=email,
passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(),
image='http://www.gravatar.com/avatar/%s?d=mm&s=120' %
hashlib.md5(email.encode('utf-8')).hexdigest())
await user.save()
# make session cookie:
response = web.Response()
response.set_cookie(COOKIE_NAME,
user2cookie(user, 86400),
max_age=86400,
httponly=True)
user.passwd = '******'
response.content_type = 'application/json'
response.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return response
async def api_create_comment(*, content, blog_id, request):
# 创建某blog评论 API
check_user(request)
if not content or not content.strip():
raise APIValueError("content", "content cannot be empty")
blog = await Blog.find_by_pri_key(blog_id)
if blog is None:
raise APIResourceNotFoundError("Blog", "No such a blog.")
comment = Comment(
blog_id=blog.id,
user_id=request.user.id,
user_name=request.user.name,
user_avatar=request.user.avatar,
content=content.strip())
await comment.save()
return dict(msg='create comment success', comment=comment)