def auth(request): logging.info('check usr: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: request.__user__ = user if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info("check user: %s %s" % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info("set current user: %s" % user.email) request.__user__ = user if request.path.startswith("/manage/") and (request.__user__ is None or not request.__user__.admin): return web.HTTPFound("/signin") return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None # 先把请求的__user__属性绑定None cookie_str = request.cookies.get(COOKIE_NAME) # 通过cookie名取得加密cookie字符串,COOKIE_NAME是在headlers模块中定义的 if cookie_str: user = yield from cookie2user(cookie_str) # 验证cookie,并得到用户信息 if user: logging.info('set current user: %s' % user.email) request.__user__ = user # 将用户信息绑定到请求上 # 如果请求路径是管理页面,但是用户不是管理员,将重定向到登陆页面 if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user # 这里的not去掉,让用户可以正常登陆admin(之前是: not request.__user__.admin)->省缺值是False if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info("check user: %s %s" % (request.method, request.path)) request.__user__ = None # 先绑定一个None到请求的__user__属性 cookie_str = request.cookies.get(COOKIE_NAME) # 通过cookie名取得加密cookie字符串(不明白的看看handlers.py) if cookie_str: user = yield from cookie2user(cookie_str) # 验证cookie,并得到用户信息 if user: logging.info("set current user: %s" % user.email) request.__user__ = user # 将用户信息绑定到请求上 # 请求的路径是管理页面,但用户非管理员,将会重定向到登录页面? if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def search(): page = request.args.get('page', '1') page_index = get_page_index(page) #keyword为搜索词,查询blog的name keyword = request.form['keyword'] blogs = select(b for b in Blog if keyword in b.name) num = len(blogs[:]) p = Page(num, page_index) user = cookie2user() if num == 0: return render_template('blogs.html', page_index=page_index, user=user, page=p, blogs=blogs) blogs = blogs.order_by(Blog.created_at)[p.offset: p.limit+p.offset] return render_template('blogs.html', page_index=page_index, user=user, page=p, blogs=blogs)
def index(): page = request.args.get('page', '1') page_index = get_page_index(page) with db_session: num = len(select(b for b in Blog)[:]) p = Page(num, page_index) if num == 0: blogs = [] else: with db_session: blogs = select(b for b in Blog).order_by(desc(Blog.created_at))[p.offset: p.limit+p.offset] user = cookie2user() return render_template('blogs.html', page_index=page_index, blogs=blogs, user=user, page=p)
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None request.__guide__ = None request.__guide_text__ = None request.__guide_cur__ = None request.__manage_guide__ = None request.__manage_guide_text__ = None request.__manage_guide_cur__ = None guide = ('personal_video_manage', 'personal_video_owe', 'personal_video_collection', 'personal_study_plane', 'personal_message') guide_text = {} guide_text['personal_video_manage'] = '教程管理' guide_text['personal_video_owe'] = '拥有教程' guide_text['personal_video_collection'] = '教程收藏' guide_text['personal_study_plane'] = '学习计划' guide_text['personal_message'] = '我的消息' manage_guide = ('manage_user', 'manage_video', 'manage_advice') manage_guide_text = {} manage_guide_text['manage_user'] = '******' manage_guide_text['manage_video'] = '教程管理' manage_guide_text['manage_advice'] = '反馈信息管理' cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user if request.path.startswith('/personal_'): request.__guide__ = guide request.__guide_text__ = guide_text temp_cur_guide = request.path[request.path.find('/')+1:request.path.rfind('/')] if temp_cur_guide == 'personal_video_create': temp_cur_guide = 'personal_video_manage' elif temp_cur_guide == 'personal_study_plane' or temp_cur_guide == 'personal_study_plane_create' or temp_cur_guide == 'personal_study_plane_history': temp_cur_guide = 'personal_study_plane' request.__guide__ = guide request.__guide_cur__ = temp_cur_guide if request.path.startswith('/manage_'): request.__manage_guide__ = manage_guide request.__manage_guide_text__ = manage_guide_text temp_cur_guide = request.path[request.path.find('/')+1:request.path.rfind('/')] request.__manage_guide__ = manage_guide request.__manage_guide_cur__ = temp_cur_guide #if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): # return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) # 把当前用户绑定到request上 if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user:%s' % user.email) request.__user__ = user # 对URL/manage/进行拦截,检查当前用户是否是管理员身份 # if request.path.startswith('/manage') and (request.__user__ is None or not request.__user__.admin): # return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): request.__user__ = None if not configs.auth: return (yield from handler(request)) cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: request.__user__ = user if request.__user__ is None: if not request.path.endswith("login"): resp = json.dumps({"retcode": 100, "message": "Not login yet"}) return web.Response(body=resp.encode("utf-8")) return (yield from handler(request))
def manage_blogs(): page = request.args.get('page', '1') #str转int page_index = get_page_index(page) #获得blog的数量 with db_session: num = len(select(b for b in Blog)[:]) p = Page(num, page_index) #查询当前页面下的blog并按照创建时间排序 with db_session: blogs = select(b for b in Blog).order_by(Blog.created_at)[p.offset: p.limit+p.offset] #根据cookie获取当前登录用户 user = cookie2user() return render_template('manage_blogs.html', page_index=page_index, user=user)
def auth(request): request.__user__ = None if not configs.auth: return (yield from handler(request)) cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: request.__user__ = user if request.__user__ is None: if not request.path.endswith('login'): resp = json.dumps({"retcode": 100, "message": "Not login yet"}) return web.Response(body=resp.encode('utf-8')) return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) #若存在cookie,解析用户信息 if cookie_str: user = yield from cookie2user(cookie_str) #若有用户信息,将其息绑定到request中,没有则表明cookie是伪造的 if user: logging.info('set current user: %s' % user.email) request.__user__ = user #若请求路径是管理页面,但用户信息不存在或拥有管理员权限,则无法操作,跳转到登录页面 if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user:%s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) print(cookie_str) if cookie_str: user = yield from cookie2user(cookie_str) print(user) if user: logging.info('set current user:%s' % user.username) request.__user__ = user if request.path.startswith('/homepage') and request.__user__ is None: return web.HTTPFound('/') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None # 获取要判断的cookie cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: # 通过cookie获取user信息 user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): # 路径重新定位 return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user ## 去掉了Not 不然访问http://localhost:9000/manage/blogs/create时候总要跳掉登录界面 ## 因为这里设置了只有管理员才能写日志 #if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user if request.path.startswith('/manage/user/'): if request.__user__ is None or (not request.__user__.admin and request.path.split('/')[3] != request.__user__.id): return web.HTTPFound('/signin') elif request.path.startswith('/manage/'): if request.__user__ is None or not request.__user__.admin: return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None #获取到cookie字符串 cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: #通过反向解析字符串和与数据库对比获取出user user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) #user存在则绑定到request上,说明当前用户是合法的 request.__user__ = user if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): return web.HTTPFound('/signin') #执行下一步 return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get( COOKIE_NAME) #从请求中提取COOKIE_NAME字段-》包含用户名和密码 if cookie_str: #如果存在 user = yield from cookie2user(cookie_str) #在服务端创建用户的cookie if user: logging.info('set current user: %s' % user.email) #打印user email request.__user__ = user #想request中添加__user__ if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin): #mangage 开始的界面 或者__user__不存在 或者管理员都调到登录页 return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info("check user: %s %s" % (request.method, request.path)) request.__user__ = None logging.info(request.cookies) cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info("set current user: %s" % user.email) request.__user__ = user logging.info(request.__user__) if request.__user__ is None: # 需要登录/sign/in # return return web.HTTPFound('/signin') pass return (yield from handler(request))
def api_create_comment(id): ##通过Cookie查询登录用户 user = cookie2user() if user is None: raise APIPermissionError('Please signin first.') content = request.json['content'] if not content or not content.strip(): raise APIValueError('content') blog = Blog.get(id=id) if blog is None: raise APIResourceNotFoundError('Blog') comment = Comment(blog_id=blog.id, user_id=user.id, user_name=user.name, user_image=user.image, content=content.strip()) return comment.to_dict()
def auth(request) : logger.info('check user : %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str : user = yield from cookie2user(cookie_str) if user : logger.info('set current user: %s' % user.email) request.__user__ = user if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin) : return web.HTTPFound('/signin') logger.info('authenticate finished!') r = yield from handler(request) print() logger.info(r) print() return r
def auth(request): ''' if not configs.useAuth: logging.info('not use auth_factory') return (yield from handler(request)) ''' logging.info('check user: %s %s' % (request.method, request.path)) request.__user__=None cookie_str=request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__=user #if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): if request.path.startswith('/manage/') and (request.__user__ is None): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logger.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) # 获取到cookie字符串, cookies是用分号分割的一组名值对,在python中被看成dict if cookie_str: user = yield from cookie2user(cookie_str) # 通过反向解析字符串和与数据库对比获取出user if user: logger.info('set current user: %s' % user.email) request.__user__ = user # user存在则绑定到request上 # if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): # return web.HTTPFound('/signin') # 继续执行下一步 return (yield from handler(request))
def auth(request): logging.info("check user: %s %s" % (request.method, request.path)) request.__user__ = None logging.info(request.cookies) cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info("set current user: %s" % user.email) request.__user__ = user logging.info(request.__user__) # logging.info(request.__user__.admin) # 请求的路径是管理页面,但用户非管理员,将会重定向到登录页 # if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): if request.path.startswith('/manage/') and (request.__user__ is None): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) # 获取到cookie字符串, cookie是用分号分割的一组名值对,在python中被看成dict if cookie_str: user = yield from cookie2user(cookie_str) # 通过反向解析字符串和与数据库对比获取出user if user: logging.info('set current user: %s' % user.email) request.__user__ = user # user存在则绑定到request上 # if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): # return web.HTTPFound('/signin') # 继续执行下一步 return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: # 服务器拿到客户端的cookie后进行验证 user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) # 将登陆用户绑定到request上,后续的url处理函数能够直接拿到登陆用户 request.__user__ = user if request.path.startswith('/manage/') and (request.__user__ is None or not request.__user__.admin): ''' 检查当前用户是否为管理员 ''' return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): #不需要手动创建 Request实例 - aiohttp.web 会自动创建。 #打印(请求方法,请求路径)日志: logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: #根据COOKIE名解析对应cookie; user = yield from cookie2user(cookie_str) #解析cookie信息不为空则赋值到request.__user__: if user: #打印(设置当前用户信息)日志: logging.info('set current user: %s' % user.email) request.__user__ = user #请求路径以‘/manage/’开头,且cookie用户信息不为空或cookie用户权限是否为管理员权限: if request.path.startswith('/manage/') and (request.__user__ is None or request.__user__.admin): return web.HTTPFound('/signin') return (yield from handler(request))
def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get( COOKIE_NAME) # 从request的cookie中获取名称是COOKIE_NAME的cookie if cookie_str: user = yield from cookie2user(cookie_str) # 从cookie中解析user出来 if user: logging.info( 'set current user: %s' % user.email ) # cookie中保存的当前user,将其放在request的__user__属性中,位之后使用 request.__user__ = user # 将当前user绑定到request上 if request.path.startswith('/manage/') and ( request.__user__ is None or not request.__user__.admin): return web.HTTPFound( '/signin' ) # 若是访问的路径是/manage/,且__user__是空(空的cookie),或者__user__不是admin,则跳转到登录页/signin return (yield from handler(request) ) # handler 验证cookie之后的request,会去自动调用相应path的handler函数
def api_update_blog(): #获取?后的属性 id = request.args.get('id') user = cookie2user() blog = Blog.get(id=id) if request.method == 'POST': blog_info = request.json name = blog_info['name'] summary = blog_info['summary'] content = blog_info['content'] if not name or not name.strip(): raise APIValueError('name', 'name cannot be empty.') if not summary or not summary.strip(): raise APIValueError('summary', 'summary cannot be empty.') if not content or not content.strip(): raise APIValueError('content', 'content cannot be empty.') blog.name = name.strip() blog.summary = summary.strip() blog.content = content.strip() commit() return blog.to_dict() else: return render_template('manage_blog_edit.html', user=user, id = blog.id)