def post_signup(self, id, email, password): """ 注册 $input: id?str: 用户ID email?email&optional: 邮箱 password?str: 密码 $output: @message $error: 400.IDConflict: 用户ID已存在 400.EmailConflict: 邮箱已存在 """ if db.run(r.table("user").get(id)): abort(400, "IDConflict", "%s already exists" % id) if email and db.first(r.table("user").get_all(email, index="email")): abort(400, "EmailConflict", "%s already exists" % email) db.run(r.table("user").insert({ "id": id, "email": email, "pwdhash": gen_pwdhash(password), "role": "normal", "date_create": arrow.utcnow().datetime, "date_modify": arrow.utcnow().datetime, "timestamp": arrow.utcnow().timestamp })) return {"message": "OK"}
def post_login(self, account, password): """ 登录 $input: account?str: 用户ID或邮箱 password?str: 密码 $output: @user $error: 403.UserNotFound: 帐号不存在 403.WrongPassword: 密码错误 """ user = db.run(r.table("user").get(account)) if not user: user = db.first(r.table("user").get_all(account, index="email")) if not user: abort(403, "UserNotFound", "帐号不存在") self.check_password(user, password) db.run( r.table("user") .get(user["id"]) .update({ "lastlogin_date": arrow.utcnow().datetime, "lastlogin_ip": request.remote_addr, "lastlogin_ua": request.headers.get('User-Agent'), "timestamp": arrow.utcnow().timestamp }) ) g.token = {"type": "login", "id": user["id"]} return user
def post_forgot(self, email): """ 忘记密码,Token有效时间为2小时 $input: email?email: 邮箱 $output: @message $error: 400.UserNotFound: 用户不存在 """ user = db.first(r.table("user").get_all(email, index="email")) if not user: abort(400, "UserNotFound", "用户不存在") token = auth.encode_token({ "type": "reset", "id": user["id"], "exp": arrow.utcnow().replace(hours=2).timestamp, "timestamp": user["timestamp"] }) token = token.decode("ascii") msg = Message("PurePage重置密码", recipients=[email]) msg.html = render_template( "user-reset.html", token=token, userid=user["id"]) mail.send(msg) return {"message": "重置链接已发送至邮箱,请查收"}
def get(self, account): """ 查找帐号 $input: account?str: 用户名或邮箱 $output: @user $error: 404.NotFound: 用户不存在 """ user = db.run(r.table("user").get(account)) if not user: user = db.first(r.table("user").get_all(account, index="email")) if not user: abort(404, "NotFound", "用户不存在") return user