def login():
payload = request.json
try:
email = payload["username"]
password = payload["password"]
user = User.query.filter_by(email=email).first()
if not bcrypt.checkpw(password.encode(), user.password.encode()):
return api_abort(401, "用户名或密码错误")
# 验证通过,生成token
token = gen_token(user, Operations.LOGIN)
response = {
'code': 20000,
'user': {
'user_id': user.id,
'username': user.username,
'email': user.email
},
'token': token
}
current_app.logger.info("用户{}登录成功".format(user.username))
return jsonify(response)
except AttributeError as e:
current_app.logger.error("{}".format(e))
return api_abort(401, "用户名或密码错误")
except Exception as e:
current_app.logger.error("{}".format(e))
return api_abort(401, "登录失败")
def put(self, category_id, name):
"""编辑分类"""
category = Category.query.get_or_404(category_id)
category.name = name
try:
db.session.add(category)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return api_abort(400, "数据保存失败")
return jsonify(category_schema.dump(category))
def post(self, args):
"""
创建新分类
:param args:
:return:
"""
category = Category(name=args['name'])
try:
db.session.add(category)
db.session.commit()
except Exception as e:
db.session.rollback()
current_app.logger.error(e)
return api_abort(400, "数据保存失败")
response = jsonify(category_schema.dump(category))
response.status_code = 201
return response
def put(self, args, post_id):
"""
编辑文章接口
:param args: 请求数据
:param post_id: 文章ID
:return:
"""
doc = Post.query.get_or_404(post_id)
doc.title = args["title"]
doc.category_id = args["category_id"]
doc.body = args["body"]
try:
db.session.add(doc)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return api_abort(400, "数据保存失败")
return jsonify(post_schema.dump(doc))
def post(self, args):
"""
新建文章
:param args:
:return:
"""
doc = Post()
doc.title = args["title"]
doc.category_id = args["category_id"]
doc.body = args["body"]
doc.published = True
try:
db.session.add(doc)
db.session.commit()
except Exception as e:
db.session.rollback()
current_app.logger.error(e)
return api_abort(400, "数据保存失败")
response = jsonify(post_schema.dump(doc))
response.status_code = 201
return response
def wrapper(*args, **kwargs):
token = request.headers.get('X-Token')
# 没有token
if not token:
return api_abort(401, "token缺失")
# 黑名单token
if zexist("token_blacklist", token):
return api_abort(401, "token非法")
# 验证token
try:
data = jwt.decode(token,
current_app.config.get("SECRET_KEY"),
algorithms=['HS256'])
except ExpiredSignatureError as e:
current_app.logger.error("token超时: {}".format(e))
return api_abort(401, "token超时")
except Exception as e:
current_app.logger.error("token非法: {}".format(e))
return api_abort(401, "token非法")
# 验证token类型为LOGIN
if data.get('operation') != Operations.LOGIN:
return api_abort(401, "token非法")
# token验证通过,将当前用户挂载到g变量中
try:
user_id = data.get("user_id", -1)
user = User.query.filter_by(id=user_id).one()
g.user = user
g.token = token
except Exception as e:
current_app.logger.error(e)
return api_abort(401, "token非法")
# 执行视图函数
return view(*args, **kwargs)