def wrapper(request, **kwargs) :
if 'HTTP_DEVICE_ID' not in request.META :
result = dict(success=False, message=u'device id is not in the request header')
return HttpResponse(dumps(result))
if 'HTTP_SERVER_KEY' not in request.META :
result = dict(success=False, message=u'server key is not in the request header')
return HttpResponse(dumps(result))
device_id = request.META['HTTP_DEVICE_ID']
server_key = request.META['HTTP_SERVER_KEY']
key_cache = get_cache('user_key')
saved_server_key = key_cache.get(device_id)
if server_key != saved_server_key :
result = dict(success=False, message=u'server key does not match')
return HttpResponse(dumps(result))
user_session = get_cache('user_session')
user_info = user_session.get(server_key)
if not user_info :
result = dict(success=False, message=u'need login')
return HttpResponse(dumps(result))
user_info = loads(user_info)
if not user_info['is_admin'] :
result = dict(success=False, message=u'you are not an admin')
return HttpResponse(dumps(result))
return f(request, **kwargs)
def get_user_id(meta) :
# login한 상태를 가정하고 짠거기 때문에 결과에 취약
# 키의 2중화때문에 독이 될 수도 있다.
key_cache = get_cache('user_key')
user_session = get_cache('user_session')
if 'HTTP_DEVICE_ID' not in meta :
return None
if 'HTTP_SERVER_KEY' not in meta :
return None
server_key = key_cache.get(meta['HTTP_DEVICE_ID'])
if server_key != meta['HTTP_SERVER_KEY'] :
return None
user_info = loads(user_session.get(server_key))
if not user_info :
return None
return user_info['user_id']
