def post(self):
logging.info(self.request)
logging.info(self.request.body)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
_body = json_decode(self.request.body)
appid = None
app_secret = None
login = None
verify_code = None
md5pwd = None
try:
appid = _body['appid']
app_secret = _body['app_secret']
login = _body['login']
verify_code = _body['verify_code']
md5pwd = _body['pwd']
logging.info("got appid %r", appid)
logging.info("got app_secret %r", app_secret)
logging.info("got login %r", login)
logging.info("got verify_code %r", verify_code)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if appid is None or app_secret is None or login is None or verify_code is None or md5pwd is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
_login = auth_login_dao.auth_login_dao().query_not_safe(login)
if not _login:
self.set_status(404) # Not Found
self.write('Not Found')
self.finish()
return
try:
if verify_code != _login['verify_code']:
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
except: # Not found verify_code
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
_timestamp = int(time.time())
try:
if _timestamp > int(_login['last_apply_verify_code_time']
) + 300: # ttl is 5 minutes
self.set_status(408) # Request Timeout
self.write('Request Timeout')
self.finish()
return
except: # Not found last_apply_verify_code_time
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
# store new password & salt
salt = generate_nonce_str()
_hash_pwd = hash_pwd(md5pwd, salt)
_json = {
'_id': login,
'hash_pwd': _hash_pwd,
'salt': salt,
'last_update_time': _timestamp
}
auth_login_dao.auth_login_dao().update(_json)
self.set_status(200) # OK
self.write('OK')
self.finish()
return
def post(self):
logging.info(self.request)
logging.info(self.request.body)
_body = json_decode(self.request.body)
phone = _body['phone']
logging.info("got phone %r", phone)
if phone is None or phone == "":
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
_login = auth_login_dao.auth_login_dao().query_not_safe(phone)
if not _login:
self.set_status(404) # Not Found
self.write('Not Found')
self.finish()
return
_timestamp = int(time.time())
logging.info("got timestamp %d", _timestamp)
try:
last_time = int(_login['last_apply_vcode_time'])
logging.info("got last_time %d", last_time)
if (_timestamp > last_time) and (
_timestamp < last_time + 300): # ttl is 5 minutes
self.set_status(204) # No Content
self.write('No Content')
self.finish()
return
except: # Not found last_apply_vcode_time
logging.info("no found last_time")
# store phone verify code
vcode = generate_verify_code()
logging.info("got verify_code %r", vcode)
_json = {
"_id": phone,
"vcode": vcode,
"last_update_time": _timestamp,
"last_apply_vcode_time": _timestamp,
"counts": 0
}
auth_login_dao.auth_login_dao().update(_json)
# Logic: send sms by sendcloud
param = {
'smsUser': SMS_USER,
'templateId': 151,
'msgType': 0,
'phone': phone,
'vars': {
'%ekey%': vcode
},
}
sign = generate_sms_sign(SMS_KEY, param)
param['signature'] = sign
headers = {'content-type': 'application/json'}
_json = json_encode(param)
logging.info("post body %r", _json)
http_client = HTTPClient()
response = None
try:
response = http_client.fetch(SMS_URL,
method="POST",
headers=headers,
body=_json)
logging.info("got sendcloud sms response %r", response.body)
except httpclient.HTTPError as e:
# HTTPError is raised for non-200 responses; the response
# can be found in e.response.
logging.error("sendcloud sms error: %r", str(e))
self.set_status(500) # Internal Server Error
self.write(str(e))
self.finish()
except Exception as e:
# Other errors are possible, such as IOError.
logging.error("sendcloud sms error: %r", str(e))
self.set_status(500) # Internal Server Error
self.write(str(e))
self.finish()
else:
# if no exception,get here
self.set_status(200) # OK
self.write('OK')
self.finish()
finally:
http_client.close()
return
def post(self):
logging.info(self.request)
logging.info(self.request.body)
# 允许跨域访问
self.set_default_headers()
_body = json_decode(self.request.body)
appid = None
app_secret = None
login = None
try:
appid = _body['appid']
app_secret = _body['app_secret']
login = _body['login']
logging.info("got appid %r", appid)
logging.info("got app_secret %r", app_secret)
logging.info("got login %r", login)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if appid is None or app_secret is None or login is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
_login = auth_login_dao.auth_login_dao().query_not_safe(login)
if not _login:
self.set_status(404) # Not Found
self.write('Not Found')
self.finish()
return
_timestamp = int(time.time())
last_time = 0
try:
last_time = int(_login['last_apply_verify_code_time'])
except: # Not found last_apply_verify_code_time
logging.warn("no found last_apply_verify_code_time")
logging.info("got timestamp %d last_time %d", _timestamp, last_time)
if _timestamp > last_time and _timestamp < (last_time +
300): # ttl is 5 minutes
self.set_status(200) # No Content
self.write('OK')
self.finish()
return
# store phone verify code
verify_code = generate_verify_code()
logging.info("got verify_code %r", verify_code)
_json = {
"_id": login,
"verify_code": verify_code,
"last_update_time": _timestamp,
"last_apply_verify_code_time": _timestamp
}
auth_login_dao.auth_login_dao().update(_json)
# Logic: send sms by sup-http
param = {'phone': login, 'ekey': verify_code}
headers = {'content-type': 'application/json'}
_json = json_encode(param)
logging.info("post body %r", _json)
http_client = HTTPClient()
response = None
try:
response = http_client.fetch("http://localhost:8080/sendcloud/sms",
method="POST",
headers=headers,
body=_json)
logging.info("got sup-http sms response %r", response.body)
except HTTPError as e:
# HTTPError is raised for non-200 responses; the response
# can be found in e.response.
logging.error("sup-http sms error: %r", str(e))
self.set_status(500) # Internal Server Error
self.write(str(e))
self.finish()
except Exception as e:
# Other errors are possible, such as IOError.
logging.error("sup-http sms error: %r", str(e))
self.set_status(500) # Internal Server Error
self.write(str(e))
self.finish()
else:
# if no exception,get here
self.set_status(200) # OK
self.write(response.body)
self.finish()
finally:
http_client.close()
return
def post(self):
logging.info(self.request)
logging.info(self.request.body)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
_body = json_decode(self.request.body)
appid = None
app_secret = None
login = None
md5pwd = None
try:
appid = _body['appid']
app_secret = _body['app_secret']
login = _body['login']
md5pwd = _body['pwd']
logging.info("got appid %r", appid)
logging.info("got app_secret %r", app_secret)
logging.info("got login %r", login)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if appid is None or app_secret is None or login is None or md5pwd is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
# TODO check appid & app_secret
_login = auth_login_dao.auth_login_dao().query_not_safe(login)
if not _login:
self.set_status(404) # Not Found
self.write('login & password pair are wrong')
self.finish()
return
salt = _login['salt']
_hash_pwd = hash_pwd(md5pwd, salt)
if _hash_pwd != _login['hash_pwd']:
self.set_status(404) # Not Found
self.write('login & password pair are wrong')
self.finish()
return
_timestamp = int(time.time())
logging.info("timestamp %r", _timestamp)
access_token = generate_uuid_str()
expires_at = _timestamp + TOKEN_EXPIRES_IN # 2hours
refresh_token = generate_uuid_str()
_json = {
'_id': access_token,
'token_type': 'Bearer',
'expires_at': expires_at,
'refresh_token': refresh_token,
'account_id': _login['account_id'],
'scope': 'all'
}
auth_access_dao.auth_access_dao().create(_json)
self.set_status(200) # OK
session_ticket = {
"access_token": access_token,
"token_type": "Bearer",
"expires_at": expires_at,
"refresh_token": refresh_token,
"account_id": _login['account_id'],
"scope": "all"
}
logging.info("got session_ticket response %r", session_ticket)
self.finish(JSON.dumps(session_ticket))
return
def post(self):
logging.info(self.request)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
_body = json_decode(self.request.body)
appid = None
app_secret = None
login = None
md5pwd = None
try:
appid = _body['appid']
app_secret = _body['app_secret']
login = _body['login']
md5pwd = _body['pwd']
logging.info("got appid %r", appid)
logging.info("got app_secret %r", app_secret)
logging.info("got login %r", login)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if appid is None or app_secret is None or login is None or md5pwd is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
_login = auth_login_dao.auth_login_dao().query_not_safe(login)
if _login:
logging.info("_login %r", _login['_id'])
self.set_status(409) # Conflict
self.write('Conflict')
self.finish()
return
_timestamp = int(time.time())
logging.info("timestamp %r", _timestamp)
account_id = generate_uuid_str()
_json = {'_id': account_id, 'create_time': _timestamp}
auth_basic_dao.auth_basic_dao().create(_json)
salt = generate_nonce_str()
_hash_pwd = hash_pwd(md5pwd, salt)
_json = {
'_id': login,
'hash_pwd': _hash_pwd,
'salt': salt,
'account_id': account_id,
'create_time': _timestamp
}
auth_login_dao.auth_login_dao().create(_json)
self.set_status(201) # Created
account = {"account_id": account_id}
logging.info("got account response %r", account)
self.finish(JSON.dumps(account))
return