def AppFindPwd(request, account, captcha): # print "find pwd first", account, captcha if not account or not captcha: return HttpReturn(ArgError) mycaptcha = request.session.pop(request.COOKIES.get(G_CSRFTOKEN), None) if not mycaptcha or cmp(mycaptcha, captcha): return HttpReturn(CaptchaError) try: accobj = AppUser.objects.raw( 'SELECT * FROM user_manager_appuser where uname = %s OR email = %s OR phone= %s', [account, account, account])[0] except: return HttpReturn(UserNotExists) else: if not accobj: return HttpReturn(TargetNotExists) smscode = hashlib.md5(accobj.phone + str(time.time())).hexdigest().upper() ipaddr = request.META.get(G_REMOTE_ADDR) redis_pool.hmset(smscode, {G_PHONE: accobj.phone, G_IPADDR: ipaddr}) redis_pool.expire(smscode, settings.SESSION_COOKIE_AGE) res = { 'name': accobj.uname, G_PHONE: "%s****%s" % (accobj.phone[:3], accobj.phone[-4:]), G_SMSCODE: smscode, G_OK: True } return HttpReturn(json.dumps(res))
def AppShareDev(body, *args): user, devuuid, _ = args # print "share devices ---------- ",user,devuuid try: # results = AppBindDevList.objects.raw("SELECT devid_id from bindlist WHERE appid_id = %s AND devid_id=%s", # [user.uuid.hex,devuuid]) results = AppBindDevList.objects.filter(devid_id=devuuid, appid_id=user)[0] except (ObjectDoesNotExist, IndexError) as e: return HttpReturn(TargetNotExists) # print "result id ",results if results.devid.uuid.hex != devuuid: return HttpReturn(TargetNotExists) otpuuid = uuid.uuid4().hex # body = GetRequestBody(request) # print "------ >type body is",type(body) if not body or not isinstance(body, dict): return HttpReturn(ArgError) topics = body.get(G_TOPICS, None) # print "----------- >share topics is ",topics # 检查topics 是否为空,是否是为列表类型,是否全部为真. if not topics or not isinstance(topics, list): return HttpReturn(ArgError) # if not all(devuuid in item for item in topics): # return HttpReturn(ShareError) # full_url = ''.join(['http://', get_current_site(request).domain, # '/shared/%s' % otpuuid]) expire = settings.SESSION_COOKIE_AGE * 6 res = {G_OK: True, 'otp': otpuuid, G_EXPIRE: expire} redis_pool.hmset(otpuuid, { G_APPID: user, G_DEVID: devuuid, G_TOPICS: json.dumps(topics) }) redis_pool.expire(otpuuid, expire) # return JsonResponse(res,safe=False) return HttpReturn(json.dumps(res))
def AppSendSmsToNewPhone(body, *args): if not all(x in body for x in [G_PHONE, G_CAPTCHA]): return HttpReturn(ArgError) user, request = args mycaptcha = request.session.pop(request.COOKIES.get(G_CSRFTOKEN), None) print "mycaptcha ", mycaptcha == str(body.get(G_CAPTCHA, None)) if not mycaptcha or cmp(mycaptcha, str(body.get(G_CAPTCHA, None))): return HttpReturn(CaptchaError) phone = str(body.get(G_PHONE, '')) # 不能发给已经注册的手机. if len(AppUser.objects.filter(phone=phone)) > 0: return HttpReturn(PhoneExists) smscode = hashlib.md5(phone + str(time.time())).hexdigest().upper() ipaddr = request.META.get(G_REMOTE_ADDR) redis_pool.hmset(smscode, {G_PHONE: phone, G_IPADDR: ipaddr}) redis_pool.expire(smscode, settings.SESSION_COOKIE_AGE) res = {G_PHONE: phone, G_SMSCODE: smscode, G_OK: True} return HttpReturn(json.dumps(res))
def IotAppRegister(data, *args): # {"name":"test3","email":"*****@*****.**","phone":"13825461111","key":123456,"captcha":123456} request = args[0] email = data.get(G_EMAIL, None) uname = data.get(G_NAME, None) phone = data.get(G_PHONE, None) key = data.get(G_KEY, None) captcha = str(data.get(G_CAPTCHA, None)) # print "data is ",data # print "my captcha", request.session.pop(request.COOKIES.get(G_CSRFTOKEN)) mycaptcha = request.session.pop(request.COOKIES.get(G_CSRFTOKEN), None) if not mycaptcha or cmp(mycaptcha, captcha): return HttpReturn(CaptchaError) if uname: try: tmp = AppUser.objects.get(uname=uname) except: pass else: return HttpReturn(UserError) else: return HttpReturn(ArgError) if phone: if len(phone) != 11: return HttpReturn(PhoneError) try: int(phone) except: return HttpReturn(PhoneError) try: tmp = AppUser.objects.get(phone=phone) except: pass else: return HttpReturn(PhoneExists) else: return HttpReturn(ArgError) if email: try: tmp = AppUser.objects.get(email=email) except: pass else: return HttpReturn(EmailError) else: return HttpReturn(ArgError) if not key: return HttpReturn(ArgError) ### 注册成功,验证手机激活帐号##### sendsms_code = hashlib.md5(phone + str(time.time())).hexdigest().upper() nuuid = uuid.uuid4().hex ipaddr = request.META.get(G_REMOTE_ADDR) redis_pool.hmset( sendsms_code, { G_EMAIL: email, G_KEY: key, G_UNAME: uname, G_UUID: nuuid, G_REGISTER: 1, G_PHONE: phone, G_IPADDR: ipaddr }) redis_pool.expire(sendsms_code, settings.SESSION_COOKIE_AGE) return HttpReturn( json.dumps({ G_OK: True, G_UUID: nuuid, G_SMSCODE: sendsms_code }))
def PreCheckRequest(request, obj, rawpwd): # print len(data),data; # signMethod = data.get('signMethod','') # rawpwd = data.get(G_KEY, '') # print "request key", rawpwd,obj.key if not check_password(rawpwd, obj.key): return HttpReturn(UnAuth) # srvobj = SrvList.objects.annotate(max_mark=Min('concount')).filter(concount=F('max_mark')) # ##选取最小的连接数的服务器 srvipaddr = '0.0.0.0' retdict = {} hkey = 'null' try: srvipaddr = SrvList.objects.values_list(G_IPADDR).annotate( Min('concount')).order_by('concount')[0] except (ObjectDoesNotExist, IndexError) as e: retdict[G_SRVS] = None # retdict[G_VER] = None else: srvobj = SrvList.objects.get(ipaddr=srvipaddr[0]) retdict[G_SRVS] = ':'.join([srvobj.ipaddr, str(srvobj.port)]) retdict[G_EXPIRE] = settings.SESSION_COOKIE_AGE hasher, iterations, salt, code = obj.key.split('$') # retdict[G_SIGN] = hmac.new(str(salt), str(time.time())).hexdigest().upper() retdict[G_OK] = True # hkey = retdict[G_SIGN] request.session.set_expiry(settings.SESSION_COOKIE_AGE) request.session.save() retdict[G_SIGN] = sessionid = request.session.session_key # sessionid = request.COOKIES.get(G_SESSIONID,None) # print "login cookies",sessionid,request.COOKIES ipaddr, state = IpAddress.objects.get_or_create( ipaddr=request.META.get(G_REMOTE_ADDR)) # print "ipaddr",ipaddr redis_pool.hmset( sessionid, { G_PASSWORD: hashlib.sha256(rawpwd).hexdigest(), G_IPADDR: ipaddr.ipaddr, G_UUID: obj.uuid.hex }) redis_pool.expire(sessionid, settings.SESSION_COOKIE_AGE) tokenlist = [] if 'dev' in request.path: # print "devices cookies ",request.COOKIES,sessionid tokenlist.append(obj.uuid.hex) DevicesLoginHistory.objects.create(devices=obj, inout=True, ipaddr=ipaddr) else: tokenlist = [obj.uname, obj.uuid.hex, obj.phone, obj.email] AppUserLoginHistory.objects.create(user=obj, inout=True, ipaddr=ipaddr) retdict[G_UUID] = obj.uuid.hex # 记录登录数据,十分钟之内的重复登录,不查数据,只查redis redis_pool.hmset(sessionid, { "res": json.dumps(retdict), G_ACCOUNT: tokenlist }) redis_pool.expire(sessionid, settings.SESSION_COOKIE_AGE) retdict['time'] = str(int(time.time())) return HttpReturn(json.dumps(retdict))
def AppSendSms(request, account): SENDCOUNT = 'sendcount' # phone = redis_pool.hget(account, G_PHONE) adict = redis_pool.hgetall(account) # print "all key is",adict if G_PHONE not in adict: return HttpReturn(UnAuth) # redis_pool.hdel(account, G_PHONE) # print "phone number ", phone ### 同一号24小时只能发送三次短信. ### sendnum = redis_pool.hget(adict[G_PHONE], SENDCOUNT) # print "gettxt from redis", sendnum if sendnum and int(sendnum) == 3: return HttpReturn(SmsOverError) sendtime = redis_pool.hget(adict[G_PHONE], 'lastime') if sendtime and (time.time() - int(sendtime)) < settings.SESSION_COOKIE_AGE / 10: return HttpReturn(SmsIntervalError) # ipaddr = request.META.get('REMOTE_ADDR') ipobj, ok = IpAddress.objects.get_or_create( ipaddr=request.META.get(G_REMOTE_ADDR)) oldaddr = redis_pool.hget(account, G_IPADDR) if cmp(ipobj.ipaddr, oldaddr): return HttpReturn(IpAddrError) try: (sms, state) = sendsms.SendSMS(adict[G_PHONE]) except HTTPError: return HttpReturn(InternalError) except IndexError: SmsErrorLog.objects.create(-100, ipobj, timezone.now, adict[G_PHONE]) return HttpReturn(InternalError) if state == 0: redis_pool.expire(adict[G_PHONE], settings.SESSION_COOKIE_AGE) redis_pool.hset(adict[G_PHONE], 'lastime', int(time.time())) # redis_pool.expire(phone,settings.SESSION_COOKIE_AGE) if redis_pool.hget(adict[G_PHONE], SENDCOUNT): redis_pool.hincrby(adict[G_PHONE], SENDCOUNT, 1) else: redis_pool.hset(adict[G_PHONE], SENDCOUNT, 1) resetcode = hashlib.md5(adict[G_PHONE] + str(time.time())).hexdigest().upper() if G_REGISTER in adict: for (k, v) in adict.items(): redis_pool.hset(resetcode, k, v) redis_pool.hmset(resetcode, {G_PHONE: adict[G_PHONE], 'sms': sms}) # print "reset code dict is",redis_pool.hgetall(resetcode) redis_pool.expire(resetcode, settings.SESSION_COOKIE_AGE) redis_pool.hdel(account, G_PHONE) # 删除这个键,一次有效 return HttpReturn(json.dumps({G_OK: True, 'rescode': resetcode})) else: if state in ErrDict: errobj, ok = SmsErrorTable.objects.get_or_create(errcode=state, msg=ErrDict.get( state, u"未知错误")) SmsErrorLog.objects.create(errcode=errobj, ipaddr=ipobj, addtime=timezone.now(), phone=adict[G_PHONE]) if state in [10006, 10007, 10005]: return HttpReturn( json.dumps({ G_ERR: "OtherError", G_MSG: ErrDict[state] })) else: return HttpReturn(InternalError)