def check_if_token_in_blacklist(decrypted_token):
identity = decrypted_token['identity']
jti = decrypted_token['jti']
entry = redis_0.get("soco:access_token:{}".format(identity))
if entry is None:
return True
return entry != jti.encode()
def post(self, **kwargs):
"""密码登录
---
tags:
- 登录、注册
parameters:
- name: phone
in: body
type: string
required: true
- name: password
in: body
type: string
required: true
- name: verify_code
in: body
type: string
required: true
- name: uuid
in: body
type: string
required: true
responses:
200:
description: A list of colors (may be filtered by palette)
examples:
response: {"data": {"access_token": "xxx"}, "message": "成功"}
"""
phone = kwargs.get("phone")
password = kwargs.get("password")
verify_code = kwargs.get("verify_code")
unique_id = kwargs.get("uuid")
# if not valid_phone(phone):
# return json_response(message="无效的手机号", status=403)
if len(verify_code) != 4 or not verify_code.isdigit():
return {"msg": "验证码格式错误"}
verify_code_redis = redis_0.get("verify_code:" + unique_id)
if not verify_code_redis:
return json_response(message="验证码过期,请重新获取", status=403)
else:
if verify_code != verify_code_redis.decode():
return json_response(message="验证码错误", status=403)
else:
user = User.query.filter(or_(User.phone == phone, User.username == phone)).first()
if not user:
return json_response(message="用户不存在", status=404)
if not user.salt:
return json_response(message="您输入的密码有误,请重新输入", status=401)
password_hashed = bcrypt.hashpw(password.encode(), user.salt.encode())
if password_hashed != user.password.encode():
return json_response(message="您输入的密码有误,请重新输入", status=401)
access_token = create_access_token(identity=user.id)
user_schema = UserSchema()
user_data = user_schema.dump(user).data
return json_response({
"access_token": access_token,
"user": user_data,
}, message="成功")
def post(self, **kwargs):
"""手机验证码登录
---
tags:
- 登录、注册
parameters:
- name: phone
in: body
type: string
required: true
- name: phone_code
in: body
type: string
required: true
responses:
200:
description: A list of colors (may be filtered by palette)
examples:
response: {"data": {"access_token": "jwt 一长串"}, "message": "ok"}
"""
phone = kwargs.get("phone")
phone_code = kwargs.get("phone_code")
# 判断验证码是否过期
if redis_0.get(f"sms_code_{phone}") and phone_code == str(redis_0.get(f"sms_code_{phone}"), "utf8"):
user = db.session.query(User).filter(
User.phone == phone,
).first()
else:
return json_response(message="验证码错误/过期", status=403)
access_token = create_access_token(identity=user.id)
user_schema = UserSchema()
user_data = user_schema.dump(user).data
return json_response(data={
"access_token": access_token,
"user": user_data,
}, message="ok")
def post(self, **kwargs):
"""手机号 密码 注册
---
tags:
- 登录、注册
parameters:
- name: phone
in: body
type: string
required: true
description: 手机号
- name: verify_code
in: body
type: string
required: true
description: 图片验证码
- name: password
in: body
type: string
required: true
description: 密码
- name: again_password
in: body
type: string
required: true
description: 再次输入密码
- name: uuid
in: body
type: string
required: true
description: 验证码的uuid
responses:
200:
description: 成功
examples:
response: {"message": "ok"}
403:
description: 失败
examples:
response: {"message": ["无效的手机号", "验证码格式错误", "两次密码输入不一致", "密码最少需要八位", "验证码过期,请重新获取", "验证码错误"]}
409:
description: 手机号已注册
500:
description: 注册失败 代码有问题
"""
phone = kwargs['phone']
password = kwargs['password']
again_password = kwargs['again_password']
verify_code = kwargs['verify_code']
unique_id = kwargs['uuid']
password, again_password = password.replace(
" ", ""), again_password.replace(" ", "")
if not valid_phone(phone):
return json_response(message="无效的手机号", status=403)
elif len(verify_code) != 4 or not verify_code.isdigit():
return json_response(message="验证码格式错误", status=403)
if password != again_password:
return json_response(message="两次密码输入不一致", status=403)
if len(password) < 8:
return json_response(message="密码最少需要八位", status=403)
verify_code_redis = redis_0.get("verify_code:" + unique_id)
if not verify_code_redis:
return json_response(message="验证码过期,请重新获取", status=403)
else:
if verify_code != verify_code_redis.decode():
return json_response(message="验证码错误", status=403)
else:
user = User.query.filter_by(phone=phone).first()
if user:
return json_response(message="该手机号已注册", status=409)
else:
try:
salt = bcrypt.gensalt()
new_password = bcrypt.hashpw(password.encode(), salt)
user = User(phone=phone,
password=new_password.decode(),
salt=salt.decode(),
nickname=config['system']
['USER_DISABLE_NICKNAME_PREFIX'] +
phone[-4:],
create_time=time.time())
db.session.add(user)
db.session.commit()
return json_response(None, message='注册成功', status=200)
except Exception as e:
_ = e
db.session.rollback()
return json_response(None,
message=f'注册失败{_}',
status=500)
def post(self, **kwargs):
"""重置密码
---
tags:
- 登录、注册
parameters:
- name: phone
in: body
type: string
required: true
description: 手机号
- name: phone_code
in: body
type: string
required: true
description: 验证码
- name: password
in: body
type: string
required: true
description: 密码
- name: again_password
in: body
type: string
required: true
description: 再次输入密码
responses:
200:
description: 成功
examples:
response: {"message": "ok"}
403:
description: 失败
examples:
response: {"message": ["验证码错误/过期", "您的密码2次输入有差异", "密码最少需要八位"]}
409:
description: 手机号已注册
500:
description: 注册失败 代码有问题
"""
phone_code, phone = kwargs['phone_code'], kwargs['phone']
password, again_password = kwargs['password'].replace(" ", ""), kwargs['again_password'].replace(" ", "")
# 判断验证码是否过期
if redis_0.get(f"sms_code_{phone}") and phone_code == str(redis_0.get(f"sms_code_{phone}"), "utf8"):
user = db.session.query(User).filter(
User.phone == phone,
).first()
else:
return json_response(message="验证码错误/过期", status=403)
if password != again_password:
return json_response(message='您的密码2次输入有差异', status=403)
if len(password) < 8:
return json_response(message="密码最少需要八位", status=403)
salt = bcrypt.gensalt()
password = bcrypt.hashpw(password.encode(), salt)
try:
user.salt = salt.decode()
user.password = password.decode()
db.session.add(user)
db.session.commit()
return json_response(None, message='修改密码成功', status=200)
except Exception as e:
_ = e
db.session.rollback()
return json_response(None, message='修改密码失败', status=500)