async def get(self, request, **kwargs): """获取某用户所有todo或者获取所有用户的所有todo""" user_id_args = request.args.get("user_id") user_id = request[Constant.auth_info][Constant.user_id] logger.info("user_id: %s, user_id_args: %s", user_id, user_id_args) # 查看自己的用户信息 if user_id_args: if user_id_args == str(user_id): async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_todos, (user_id_args)) data = await cur.fetchall() data = formatTodosInfo(data) return webJson(data=data) # 管理员查看信息 is_admin = False async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_permission, (user_id)) data = await cur.fetchone() if data: is_admin = User.checkIfAdmin(data.permission) if not is_admin: return webJson(RetCode.FORBIDDEN) # 如果传入参数有user_id, 那就只看该id信息 if user_id_args: await cur.execute(S.s_user_todos, (user_id_args)) data = await cur.fetchall() else: await cur.execute(S.s_all_todo) data = await cur.fetchall() data = formatTodosInfo(data) return webJson(data=data)
async def get(request, **kwargs): """获取群组用户列表或者当前用户信息""" user_id_args = request.args.get("user_id") user_id = request[Constant.auth_info][Constant.user_id] logger.info("user_id: %s, user_id_args: %s", user_id, user_id_args) # 查看自己的用户信息 if user_id_args: if user_id_args == str(user_id): async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_info, (user_id)) data = await cur.fetchone() data = formatUserInfo(data) return webJson(data=data) # 管理员查看信息 is_admin = False async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_permission, (user_id)) data = await cur.fetchone() if data: is_admin = User.checkIfAdmin(data.permission) if not is_admin: return webJson(RetCode.FORBIDDEN) # 如果传入参数有user_id, 那就只看该id信息 if user_id_args: await cur.execute(S.s_user_info, (user_id_args)) data = await cur.fetchone() data = formatUserInfo(data) else: await cur.execute(S.s_alluser) data = await cur.fetchall() for i in range(len(data)): data[i] = formatUserInfo(data[i]) return webJson(data=data)
def regist(): """注册过程有缺陷,要加上confirm等""" email = requestPostParam(request, 'email') password = requestPostParam(request, 'password') img = request.files.get("img", None) logger.info("email: %s, img: %s", email, img) if None in (email, password, img): return webJson(RetCode.PARAMS_ERROR) if User.query.filter_by(email=email).first(): logger.warn('email duplication') return webJson(RetCode.EMAIL_DUPLICATION) user = User(email=email, password=password) db.session.add(user) db.session.commit() try: avatar = saveAvatar(user, img) except UploadNotAllowed: return webJson(RetCode.FILE_SUFFIX_ERROR) except ValueError: return webJson(RetCode.AVATAR_TOO_BIG) user.avatar = avatar db.session.add(user) db.session.commit() return webJson(RetCode.SUCCESS)
async def delete(self, request, todo_id, **kwargs): """删除用户单条todo""" user_id = request[Constant.auth_info][Constant.user_id] async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_todo, (user_id, todo_id)) todo = await cur.fetchone() if todo: await cur.execute(S.d_user_todo, (todo.id, )) else: return webJson(RetCode.PARAMETER_ERROR, data="无此todo") await conn.commit() return webJson(data=todo.title)
def login(): """获取token只允许用账号和密码,禁止用token更新token. 这里最好不用login_required,而是自己处理一个表单, 然后把token返回去,后续再使用token_auth""" user_info = g.user.info() user_info["token"] = g.user.generate_auth_token() return webJson(RetCode.SUCCESS, data=user_info)
async def delete(request, **kwargs): """注销,非登出""" user_id = request[Constant.auth_info][Constant.user_id] async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.d_user, (user_id, )) await conn.commit() return webJson(data=user_id)
async def post(self, request, **kwargs): """注册""" form = postUserListView(request) async with request.app.db.acquire() as conn: async with conn.cursor() as cur: if_name_exist = await ifNameExist(cur, form.name) if if_name_exist: return webJson(RetCode.PARAMETER_ERROR, data="用户名已存在") logger.info("start to regist") await cur.execute( S.i_user, (form.name, form.password, form.email, form.age,\ form.sex, form.city, form.signature, form.created_time, form.updated_time, form.last_login)) await conn.commit() user = {"name": form.name} return webJson(data=user)
async def post(self, request, **kwargs): """创建todo""" form = postTodoListView(request) user_id = request[Constant.auth_info][Constant.user_id] async with request.app.db.acquire() as conn: async with conn.cursor() as cur: logger.info("check if title exists") await cur.execute(S.s_todo_title, (form.title, user_id)) todo = await cur.fetchone() if todo: return webJson(RetCode.PARAMETER_ERROR, data=("title exists")) logger.info("start to insert todo") await cur.execute(S.i_todo, (user_id, form.title, form.detail, form.created_time, form.updated_time)) await conn.commit() return webJson(data=form.title)
async def put(self, request, todo_id, **kwargs): """待完善""" user_id = request[Constant.auth_info][Constant.user_id] form = request.json async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_todo, (user_id, todo_id)) todo = await cur.fetchone() return webJson(data=todo)
async def decorated(request, *args, **kwargs): if request.token: user_info = User.verifyToken(request.token) # 每个http请求的request都是不同的,所以可以用来保存该次请求中的全局变量 request[Constant.auth_info] = user_info response = await func(request, *args, **kwargs) return response else: return webJson(RetCode.NEED_LOGIN)
async def get(request, **kwargs): """获取登陆信息""" user_id = request[Constant.auth_info][Constant.user_id] async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_login_info, (user_id, )) data = await cur.fetchone() if data: data.last_login = datetime2str(data.last_login) return webJson(data=data)
def test_upload(): upload_file = request.files.get("files", None) logger.info('---%s', upload_file) filename = files.save(upload_file) # 如果是多文件上传 # for filename in request.files.getlist('photo'): # photos.save(filename) logger.info(filename) logger.info("path: %s", files.path(filename)) logger.info("url: %s", files.url(filename)) return webJson(RetCode.SUCCESS)
async def get(self, request, todo_id, **kwargs): """获取用户单条todo""" user_id = request[Constant.auth_info][Constant.user_id] # user_id = request.get("user_id") # 还需求证一下,request共用于同一个线程,还需考虑一个协程在await时,另一个协程去认证,造成前一个协程的user_id被改变 # 应该不会有上面的问题,因为每个request的args都是不同的, request其实只在sanic/app.handle_request中处理 # 经过大量的并发实验,该方案可行 async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_user_todo, (user_id, todo_id)) todo = await cur.fetchone() todo = formatTodoInfo(todo) return webJson(data=todo)
async def post(self, request, **kwargs): """登陆, 不需要权限控制""" name = request.form.get("name") password = request.form.get("password") if None in (name, password): return webJson(RetCode.PARAMETER_NOT_ENOUGH) async with request.app.db.acquire() as conn: async with conn.cursor() as cur: await cur.execute(S.s_password, (name, name)) logger.debug("sql: %s: %s", S.s_password, name) sql_data = await cur.fetchone() if not sql_data: return webJson(RetCode.PARAMETER_ERROR, data="无此用户") if User.verifyPassword(password, sql_data.password): data = {Constant.user_id: sql_data.id} data = User.generalToken( data, expiration=Constant.expires_in_login) await cur.execute(S.u_user_login, (User.last_login.default(), sql_data.id)) await conn.commit() return webJson(data=data) else: return webJson(RetCode.PARAMETER_ERROR, data="用户名或者密码错误") return webJson()
async def index(request): # logger.info("visit main by get") main_url = app.url_for("main.index") users = app.url_for("user.UserListView") token = app.url_for("user.TokenView") todos = app.url_for("todo.TodoListView") todo = app.url_for("todo.TodoView", todo_id=42) info = { f'{main_url}': "show all the url for this app", f"{users}": "POST: 注册; GET: 查看用户组信息; PUT: 更新用户信息; DELETE: 注销用户, 非登出,而是删除", f"{token}": "POST: 登陆; GET: 查看当前登陆信息; PUT: 更新登陆信息, DELETE: 登出", f"{todo}": "GET: 获取某条todo; DELETE: 删除该条todo; PUT: 更新该条todo", f"{todos}": "POST: 创建todo; GET: 当前用户的所有todo" } return webJson(data=info)
def handleParamsError(error): return webJson(RetCode.PARAMS_ERROR, data=error.data)
def invalidUsage(request, exception): return webJson(RetCode.NOT_FOUND, data="请求方法有误")
def paramsError(request, exception): return webJson(RetCode.PARAMETER_ERROR, data=exception.data)
def basicUnauthorized(): return webJson(RetCode.NEED_LOGIN)
def tokenUnauthorized(): return webJson(RetCode.NEED_LOGIN)
def paramsError(request, exception): return webJson(RetCode.TOKEN_ERROR, data=exception.data)
async def put(request, **kwargs): """修改登陆信息""" return webJson(RetCode.INCOMPLETE)
async def delete(request, **kwargs): """登出""" return webJson(RetCode.INCOMPLETE)
def serverError(request, exception): logger.exception(exception) return webJson(RetCode.SERVER_ERROR)
def handle401(error): return webJson(RetCode.NEED_LOGIN)
def notfound(request, exception): return webJson(RetCode.NOT_FOUND)
def handle404(error): return webJson(RetCode.PAGE_NOT_FOUND)
def internal_server_error(e): logger.exception("SERVER ERROR 500: %s", e) code = 500 if isinstance(e, HTTPException): code = e.code return webJson(RetCode.SERVER_ERROR, data=code)
def timeout(request, exception): return webJson(RetCode.REQUEST_TIMEOUT)