def Token(token: str): tData = Safety.Decode(token) if tData : redis = Redis() tData['time'] = redis.Ttl(Env.admin_token_prefix+'_token_'+tData['uid']) redis.Close() return tData
def Create(data: dict): data['l_time'] = Util.Date('%Y-%m-%d %H:%M:%S') token = Safety.Encode(data) # 缓存 redis = Redis() key = Env.api_token_prefix + '_token_' + str(data['uid']) redis.Set(key, '1') redis.Expire(key, Env.api_token_time) redis.Close() return token
def Login(self): uname = self.Post('uname') passwd = self.Post('passwd') # 验证用户名 if not Safety.IsRight('uname',uname) and not Safety.IsRight('tel',uname) and not Safety.IsRight('email',uname): return self.GetJSON({'code':4000, 'msg':'请输入用户名/手机/邮箱'}) # 密码长度 if not Safety.IsRight('passwd',passwd) : return self.GetJSON({'code':4000, 'msg':'请输入6~16位密码'}) # 查询 model = UserM() model.Table('user AS a') model.LeftJoin('user_info AS b', 'a.id=b.uid') model.LeftJoin('sys_perm AS c', 'a.id=c.uid') model.LeftJoin('sys_role AS d', 'c.role=d.id') model.Where( '(a.uname=%s OR a.tel=%s OR a.email=%s) AND a.password=%s', uname, uname, uname, Hash.Md5(passwd) ) model.Columns('a.id', 'a.state', 'b.position', 'b.nickname', 'b.name', 'b.gender', 'b.birthday', 'b.img', 'c.perm', 'd.perm as role_perm') data = model.FindFirst() # 是否存在 if not data : return self.GetJSON({'code':4000, 'msg':'帐号或密码错误!'}) # 是否禁用 if data['state']!='1' : return self.GetJSON({'code':4000, 'msg':'该用户已被禁用!'}) # 权限 perm = data['role_perm'] if data['perm'] : perm=data['perm'] if not perm : return self.GetJSON({'code':4000, 'msg':'该用户不允许登录!'}) redis = Redis() key = Env.admin_token_prefix+'_perm_'+str(data['id']) redis.Set(key, perm) redis.Expire(key, Env.admin_token_time) redis.Close() # 登录时间 model.Table('user') model.Set({'ltime': Util.Time()}) model.Where('id=%s', data['id']) model.Update() # 返回 return self.GetJSON({ 'code': 0, 'msg': '成功', 'token': AdminToken.Create({'uid':str(data['id']), 'uname':uname}), 'uinfo': { 'uid': data['id'], 'uname': uname, 'position': data['position'], 'nickname': data['nickname'], 'name': data['name'], 'gender': data['gender'], 'img': Env.base_url+data['img'] if data['img']!='' else '', } })
def Perm(token: str): permAll = {} # Token tData = Safety.Decode(token) if not tData: return permAll # 权限 redis = Redis() permStr = redis.Get(Env.api_token_prefix + '_perm_' + tData['uid']) redis.Close() # 拆分 arr = [] if not permStr else Util.Explode(' ', permStr) for val in arr: s = Util.Explode(':', val) permAll[s[0]] = int(s[1]) return permAll
def Verify(token: str, urlPerm: str): # Token if token == '': return 'Token不能为空!' tData = Safety.Decode(token) if not tData: return 'Token验证失败!' # 是否过期 uid = str(tData['uid']) redis = Redis() time = redis.Ttl(Env.api_token_prefix + '_token_' + uid) redis.Close() if time < 1: return 'Token已过期!' # 续期 if Env.api_token_auto: redis = Redis() redis.Expire(Env.api_token_prefix + '_token_' + uid, Env.api_token_time) redis.Expire(Env.api_token_prefix + '_perm_' + uid, Env.api_token_time) redis.Close() # URL权限 if urlPerm == '': return '' arr = Util.Explode('/', urlPerm) action = arr[-1:][0] controller = Util.Implode('/', arr[:-1]) # 菜单 menu = ApiMenu() menu.Columns('id', 'action') menu.Where('controller=%s', controller) menuData = menu.FindFirst() if not menuData: return '菜单验证无效!' # 验证-菜单 id = str(menuData['id']) permData = ApiToken.Perm(token) if id not in permData.keys(): return '无权访问菜单!' # 验证-动作 actionVal = permData[id] permArr = Util.JsonDecode(menuData['action']) permVal = 0 for val in permArr: if action == val['action']: permVal = int(val['perm']) break if actionVal & permVal == 0: return '无权访问动作!' return ''
def Writer(text: str): redis = Redis() redis.RPush('logs', text) redis.Close()