def verify_auth_token(token): s = Serializer(SysConfig.SecretKey()) try: data = s.loads(token) except SignatureExpired: print("token过期了") return SysConfig.ReturnCode("TOKEN_EXPIRED") except BadSignature: print("无效的token") return SysConfig.ReturnCode("TOKEN_ERROR") user = User.query.get(data['ID']) return user
def wrapper(*args, **kwargs): parser.add_argument('UserID', location='headers') args = parser.parse_args() print("UserID认证:", {args["UserID"]}) if not args["UserID"]: return SysConfig.ReturnCode("USERID_NEED") check_user = User.query.get(args["UserID"]) if not check_user: return SysConfig.ReturnCode("USER_NOT_EXIST") if check_user.RoleID != 1: return SysConfig.ReturnCode("USER_NOT_PERMISSION") return func(*args, **kwargs)
def delete(self, *args, **kwargs): parser.add_argument("ArticleID") args = parser.parse_args() check_article = Article.query.get(args["ArticleID"]) if not check_article: return SysConfig.ReturnCode("ARTICLE_NOT_EXIST") db.session.delete(check_article) try: db.session.commit() return SysConfig.ReturnCode("DELETE_SUCCESS") except Exception as e: db.session.rollback() return {"code": 204, "message": f"删除失败!{str(e)}"}
def post(self): parser.add_argument("Password", help="用户密码") args = parser.parse_args() check_user = User.query.filter_by(UserName=args["UserName"]).first() if not check_user: return SysConfig.ReturnCode("USER_NOT_EXIST") if not check_user.verify_password(args["Password"]): return SysConfig.ReturnCode("USER_PASSWORD_ERROR") token = check_user.generate_auth_token() return { "code": 200, "Token": token.decode('ascii'), "UserID": check_user.ID }
def post(self): print("开始添加用户") parser.add_argument("Password", help="密码") args = parser.parse_args() if args["UserName"] == None or args["UserName"] == "": return SysConfig.ReturnCode("USER_NAME_EMPTY") if args["Password"] == None or args["Password"] == "": return SysConfig.ReturnCode("USER_PASSWORD_EMPTY") check_user = User.query.filter_by(UserName=args["UserName"]).first() if check_user: return SysConfig.ReturnCode("USER_EXIST") check_user = User() check_user.UserName = args["UserName"] check_user.password = args["Password"] db.session.add(check_user) db.session.commit() return SysConfig.ReturnCode("SIGN_UP_SUCCESS")
def put(self, *args, **kwargs): parser.add_argument("ArticleID") parser.add_argument("Title") parser.add_argument("Text") args = parser.parse_args() check_article = Article.query.get(args["ArticleID"]) if not check_article: return SysConfig.ReturnCode("ARTICLE_NOT_EXIST") check_article.Title = args["Title"] check_article.Text = args["Text"] check_article.UpdateTime = datetime.now() try: db.session.commit() return SysConfig.ReturnCode("CHANGE_SUCCESS") except Exception as e: db.session.rollback() return {"code": 204, "message": f"添加失败!{str(e)}"}
def wrapper(*args, **kwargs): parser.add_argument('Token', location='headers') args = parser.parse_args() print("token认证:", {args["Token"]}) if not args["Token"]: return SysConfig.ReturnCode("TOKEN_NEED") check_user = User.verify_auth_token(args["Token"]) if type(check_user) == type({}): return check_user return func(*args, **kwargs)
def get(self, *args, **kwargs): parser.add_argument("ArticleID") args = parser.parse_args() # 下面注释了无需链表的查询 # article = Article.query.get(args['ArticleID']) article = db.session.query( Article.Title, Article.Text, Article.UserID, Article.CreateTime, Article.UpdateTime, User.UserName).outerjoin(User, Article.UserID == User.ID).filter( Article.ID == args['ArticleID']).first() if not article: return SysConfig.ReturnCode("ARTICLE_NOT_EXIST") article_schema = ArticleSchema() return article_schema.dump(article)
def generate_auth_token(self, expiration=600): s = Serializer(SysConfig.SecretKey(), expires_in=expiration) return s.dumps({'ID': self.ID})