def wrapper(*args, **kwargs):
token = request.args['token']
u = current_user()
t = Token.one(token=token)
if token == t.token and t.userID == u.id:
Token.delete(t.id)
return f(*args, **kwargs)
else:
abort(401)
def wrapper(*args, **kwargs):
token = request.args['token']
u = current_user()
t = Token.one(csrf_token=token)
if t.user_id == u.id:
Token.delete(id=t.id)
log('删除了token')
return f(*args, **kwargs)
else:
abort(401)
def wrapper(*args, **kwargs):
if '_csrf' in request.form:
token = request.form['_csrf']
else:
token = request.args['_csrf']
u = current_user()
t = Token.one(content=token)
log("verify token", t)
if t is not None and (t.user_id is None or t.user_id == u.id):
Token.delete(content=token)
return f(*args, **kwargs)
else:
abort(401)
