def delete_(self): """ 删除群成员信息 """ print('---------------删除群组成员--------------------') print(self.request_data) group_id = self.request_data.get('group_id') to_user_id = self.request_data.get('to_user_id') # 判断参数是否完整 if not all([group_id, to_user_id]): self.result = params_error() # 获取用户在群组信息 group_user_obj = self.check_group_user(self.user_id, group_id) # 获取被删除用户在群组信息 to_group_user_obj = self.check_group_user(to_user_id, group_id) if not to_group_user_obj: return # 判断用户是否拥有删除用户权限 # 用户不为站长,并且用户不在群组中,或者,权限小于目标用户权限 if self.user_obj.type != 0 and ( not group_user_obj or (group_user_obj.type >= to_group_user_obj.type)): self.result = unauth_error(message='无修改权限') return db.session.delete(to_group_user_obj) if self.commit(): self.result = success(message='删除成功')
def delete_news_category(request): pk = request.POST.get('pk') try: NewsCategory.objects.filter(pk=pk).delete() return restful.ok() except: return restful.unauth_error(message="删除的分类不存在!")
def login_view(request): if request.method == 'GET': return render(request, 'login.html') else: #实例化表单对象 form = LoginForm(request.POST) if form.is_valid(): #如果符合表单验证要求 #接收表单提交 telephone = form.cleaned_data.get('telephone') print(telephone) password = form.cleaned_data.get('password') print(password) remember = form.cleaned_data.get('remember') print(remember) #验证用户名和密码 user = authenticate(request, username=telephone, password=password) if user: if user.is_active: #如果用户不是黑名单 login(request, user) if remember: #如果用户点击了记住我 那么让session永不过期 #默认的时间为14天 request.session.set_expiry(None) else: #否则会话结束就过期 request.session.set_expiry(0) return restful.success() else: return restful.unauth_error(message="您的账户被冻结了") else: return restful.params_error(message="手机号或者密码错误") else: errors = form.get_errors() return restful.params_error(message=errors)
def add_(self): """ 添加好友,只有副站长和管理员拥有加人权限,强制添加,不需要同意 """ # 判断用户是否存在,获取用户 user_obj = self.check_user() if not user_obj: return friend_id = self.request_data.get('friend_id') if not friend_id: self.result = params_error() return # 判断被添加用户是否存在 to_user_obj = self.check_user(friend_id) if not to_user_obj: return # 获取群ID group_id = self.request_data.get('group_id') group_user_obj = self.check_group_user(self.user_id, group_id) if user_obj.type in [0, 1] or (group_user_obj and group_user_obj.type in [0, 1]): self.add_handler(self.user_id, friend_id) else: self.result = unauth_error(message='无添加权限')
def get_(self): """ 获取群成员信息 """ group_id = self.request_data.get('group_id') if not all([group_id, self.user_id]): self.result = params_error() return # 获取成员是否在群组中 group_user_obj = self.check_group_user(self.user_id, group_id) # 判断用户是否拥有添加成员权限,判断是否为站长,或者是否为群主或群管理员 if self.user_obj.type != 0 and not group_user_obj: self.result = unauth_error(message='用户无权限') return # 获取成员列表 group_user_query = self.query_(GroupsToUser, {'group_id': group_id}, '群组成员获取异常') if not group_user_query: return data_list = [] for group_user in group_user_query: user = self.check_user(group_user.user_id) if user: data_list.append(user.to_dict()) self.result = success(data=data_list)
def check_login(): """ 检查用户是否登录 :return: """ user_id = session.get('id') print('用户ID:', user_id) if not user_id: return jsonify(unauth_error(message='用户未登录')) user_obj = User.query.filter_by(id=user_id).first() if not user_obj: return jsonify(unauth_error(message='用户不存在')) # 返回已登录状态,和用户数据 return jsonify(success(data=user_obj.to_dict()))
def login_view(request): form = forms.LoginForm(request.POST) if form.is_valid(): telephone = form.cleaned_data.get('telephone') password = form.cleaned_data.get('password') remember = form.cleaned_data.get('remember') user = authenticate(request, telephone=telephone, password=password) if user: if user.is_active: login(request, user) if remember: request.session.set_expiry(None) else: request.session.set_expiry(0) return restful.success() # return JsonResponse({'code': 200, 'message': '', 'data': {}}) else: return restful.unauth_error(message='您的账号已被冻结!') # return JsonResponse({'code': 405, 'message': '您的账号已被冻结!', 'data':{}}) else: return restful.parms_error(message='手机号或密码错误!') # return JsonResponse({'code': 400, 'message': '手机号或密码错误!', 'data':{}}) else: return restful.parms_error(message=form.get_errors()) # return JsonResponse({'code': 400, 'message': '参数输入错误!', 'data': form.get_errors()})
def login_view(request): form = LoginForm(request.POST) if form.is_valid(): telephone = form.cleaned_data.get('telephone') password = form.cleaned_data.get('password') remember = form.cleaned_data.get('remember') user = authenticate(request, username=telephone, password=password) if user: if user.is_active: login(request, user) if remember: request.session.set_expiry(None) else: request.session.set_expiry(0) return restful.ok() else: return restful.unauth_error(message="您的账号已经被冻结") else: return restful.params_error(message="账号或者密码错误") else: errors = form.get_errors() # {"password": ['密码长度不能超过20位!', 'xxx'], "telephone": ['xx', 'xx']} return restful.params_error(message=errors)
def tx_login(request): form = LoginForm(request.POST) if form.is_valid(): telephone = form.cleaned_data.get('telephone') password = form.cleaned_data.get('password') remember = form.cleaned_data.get('remember') user = authenticate(request, username=telephone, password=password) # print('user:%s' % user) if user: if user.is_active: login(request, user) if remember: request.session.set_expiry(None) else: request.session.set_expiry(0) return restful.ok() # JsonResponse({"code":200,"message":"","data":{}}) else: return restful.unauth_error(message="您帐号没有权限访问!") else: return restful.params_error(message="您帐号或密码错误!") else: # 表单验证失败 errors = form.get_error() # {"passwrd":['密码过长','密码果断'],"telephone":['xx','xxxx']} return restful.params_error(message=errors)
def wrapper(request, *args, **kwargs): if request.user.is_authenticated: return func(*args, **kwargs) else: if request.is_ajax(): return restful.unauth_error(message="请先登录") else: redirect('/')
def post(self): parse = reqparse.RequestParser() parse.add_argument('token', type=str) args = parse.parse_args() token = json.loads(args.get('token')).get('data', None) user = FrontUserModel.verify_auth_token(token) if user: return user else: return restful.unauth_error(message='登陆后评论')
def wrapper(*args, **kwargs): if current_user.is_authenticated: return func(*args, **kwargs) else: if request.is_xhr: return restful.unauth_error('请先进行登陆') current_bp = request.blueprint login_view = current_bp + '.login' redirect_url = login_url(url_for(login_view), next_url=request.url) return redirect(redirect_url)
def check_chat(self, chat_id): """ 检查聊天是否存在 """ try: chat_obj = Chat.query.get(chat_id) except Exception as e: current_app.logger.error(e) self.result = server_error(message='聊天信息查询异常') return if not chat_obj: self.result = unauth_error(message='聊天不存在') return chat_obj
def check_user(self, user_id=None): """ 检查用户是否存在 """ user_id = user_id or self.user_id try: user_obj = User.query.get(user_id) except Exception as e: current_app.logger.error(e) self.result = server_error(message='用户查询异常') return if not user_obj: self.result = unauth_error(message='用户不存在') return return user_obj
def check_group_user(self, user_id, group_id): """ 检查用户是否在群组中 """ try: group_user_obj = GroupsToUser.query.filter_by( user_id=user_id, group_id=group_id).first() except Exception as e: current_app.logger.error(e) self.result = server_error(message='群组成员查询异常') return if not group_user_obj: self.result = unauth_error(message='权限异常') return return group_user_obj
def check_group(self, group_id): """ 检查群组是否存在 """ # 获取用户信息 user_obj = self.check_user() if not user_obj: return # 判断用户是否在群组中 group_user = self.check_group_user(self.user_id, group_id) if not group_user and user_obj.type != 0: self.result = unauth_error(message='权限异常') return try: group_obj = Group.query.get(group_id) except Exception as e: current_app.logger.error(e) self.result = server_error(message='群组查询异常') return if not group_obj: self.result = unauth_error(message='群组不存在') return return group_obj
def get_(self): """ 查询用户 """ print('request_data:', self.request_data) username = self.request_data.get('username') # 判断用户是否拥有查询用户权限, 只有站长和副站长拥有查询权限 if self.user_obj.type not in [0, 1]: self.result = unauth_error(message='无操作权限') return user = self.query_(User, {'username': username}, '用户信息获取异常').first() print('username:', username) data = user.to_dict() if user else {} print(data) self.result = success(data=data)
def post(self): form = ResetpwdForm(request.form) if form.validate(): oldpwd = form.oldpwd.data newpwd = form.newpwd.data user = g.eog_user if user.password == oldpwd: user.password = newpwd user.save() NowTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S') change_password_signal.send(operate_time=NowTime, ip=request.remote_addr) return restful.success() else: return restful.params_error('旧密码错误!') else: message = form.get_error() return restful.unauth_error(message=message)
def put_(self): """ 修改群组信息,群组名称,头像 """ group_id = self.request_data.get('group_id') group_logo = self.request_data.get('group_logo') name = self.request_data.get('name') group_info = self.request_data.get('group_info') # 用户ID和群组ID必须存在,并且群组名和群组头像至少存在一项 if not all([group_id, self.user_id ]) or (all([group_id, self.user_id]) and (not group_logo and not name and not group_info)): self.result = params_error() return # 获取群组信息,判断群组是否存在 group_obj = self.check_group(group_id) if not group_obj: return # 获取用户信息,判断用户是否存在 user_obj = self.check_user() if not user_obj: return # 判断用户是否有修改群组权限 group_user_obj = self.check_group_user(self.user_id, group_id) # 用户不在群组中并且用户非站长, 或者用户在群组中非管理员 if user_obj.type != 0 and (not group_user_obj or group_user_obj.type not in [0, 1]): self.result = unauth_error(message='用户无修改群组权限') return # 修改群组信息 if name: group_obj.name = name if group_logo: group_obj.logo = group_logo if group_info: group_obj.info = group_info # 提交修改 if not self.commit('群组名已存在', '群组修改异常'): return self.result = success(message='群组修改成功')
def post(self): form = SignUpForm(request.form) if form.validate(): email = form.email.data user = FrontUser.query.filter_by(email=email).first() if user: return restful.unauth_error('邮箱地址已存在,请换一个邮箱地址!') else: user_message = FrontUser(username=email, tel=get_tel.create_phone(), password=form.password.data, email=form.email.data) db.session.add(user_message) db.session.commit() return restful.success() else: return restful.params_error(message=form.get_error())
def add_(self): """ 添加群成员 """ group_id = self.request_data.get('group_id') member_list = self.request_data.get('member_list') print(member_list) # 判断参数是否完整 if not all([group_id, self.user_id, member_list]): self.result = params_error() return # 获取成员是否在群组中 group_user_obj = self.check_group_user(self.user_id, group_id) # 判断用户是否拥有添加成员权限,判断是否为站长,或者是否为群主或群管理员 if self.user_obj.type != 0 and (not group_user_obj or group_user_obj.type not in [0, 1]): self.result = unauth_error(message='用户无权限') return # 添加群组信息 for user_id in member_list: # 判断添加的用户是否存在 user_obj = self.check_user(user_id) # 不存在跳过 if not user_obj: continue # 判断用户是否已经在群组中 group_user_obj = self.check_group_user(group_id, user_id) # 存在则跳过 if group_user_obj: continue # 存在则添加到群组表中 group_user_obj = GroupsToUser(group_id=group_id, user_id=user_id) db.session.add(group_user_obj) if not self.commit(content2='添加异常'): return self.result = success(message='用户添加成功')
def add_(self): """ 添加聊天信息 """ print('add_chat.', self.request_data) chat_type = self.request_data.get('chat_type') if chat_type == 1: name = self.request_data.get('username') else: name = self.request_data.get('name') chat_obj_id = self.request_data.get('id') logo = self.request_data.get('logo') or '' if not all([name, chat_type, chat_obj_id]) or chat_type not in [1, 2]: self.result = params_error() return if chat_type == 2: chat_obj = self.check_group(chat_obj_id) else: chat_obj = self.check_friend(self.user_id, chat_obj_id) if not chat_obj: self.result = unauth_error('聊天对象不存在') return # 判断聊天对象是否存在 chat = Chat.query.filter_by(user_id=self.user_id, type=chat_type, chat_obj_id=chat_obj_id).first() if chat: self.result = success(data=chat.id) return chat = Chat(name=name, type=chat_type, chat_obj_id=chat_obj_id, user_id=self.user_id, logo=logo) db.session.add(chat) self.commit() self.result = success(message='聊天信息添加成功', data=chat.id)
def delete_(self): chat_id = self.request_data.get('chat_id') if not chat_id: self.result = params_error() return chat_obj = self.check_chat(chat_id) if not chat_obj: return if not self.user_obj: return # 判断当前聊天是否属于该用户 if chat_obj.user_id != self.user_id: self.result = unauth_error('用户无权限') return db.session.delete(chat_obj) if not self.commit(): self.result = server_error('删除异常') self.result = success()
def course_token(request): course_id = request.GET.get('course_id') if not CourseOrder.objects.filter( course_id=course_id, buyer=request.user, status=0).exists(): return restful.unauth_error(message="请先购买课程!") # video:是视频文件的完整链接 file = request.GET.get('video_url') expiration_time = int(time.time()) + 2 * 60 * 60 USER_ID = settings.BAIDU_CLOUD_USER_ID USER_KEY = settings.BAIDU_CLOUD_USER_KEY # file=http://hemvpc6ui1kef2g0dd2.exp.bcevod.com/mda-igjsr8g7z7zqwnav/mda-igjsr8g7z7zqwnav.m3u8 extension = os.path.splitext(file)[1] media_id = file.split('/')[-1].replace(extension, '') # unicode->bytes=unicode.encode('utf-8')bytes key = USER_KEY.encode('utf-8') message = '/{0}/{1}'.format(media_id, expiration_time).encode('utf-8') signature = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest() token = '{0}_{1}_{2}'.format(signature, USER_ID, expiration_time) return restful.result(data={'token': token})
def login_view(request): # 实例化表单对象 form = LoginForm(request.POST) if form.is_valid(): telephone = form.cleaned_data.get('telephone') password = form.cleaned_data.get('password') remember = form.cleaned_data.get('remember') user = authenticate(request, username=telephone, password=password) if user: if user.is_active: login(request, user) if remember: request.session.set_expiry(None) else: request.session.set_expiry(0) return restful else: return restful.unauth_error(message="您的账户被冻结") else: return restful.params_error(message="手机号或者密码错误") else: errors = form.get_errors() return restful.params_error(message=errors)
def login_view(request): form = LoginForm(request.POST) if form.is_valid(): telephone = form.cleaned_data.get('telephone') password = form.cleaned_data.get('password') remember = form.cleaned_data.get('remember') user = authenticate(request, telephone=telephone, password=password) if user: if user.is_active: login(request, user) if remember: request.session.set_expiry(None) else: request.session.set_expiry(0) # 返回200的状态码,就代表的是可以正常访问 return restful.ok() else: # 用户已经被拉黑了,没有权限 return restful.unauth_error(message="您的账号已被冻结") else: return restful.params_error(message="您输入的手机号或密码不正确") else: errors = form.get_errors() return restful.params_error(message=errors)
def add_(self): """ 添加群组信息 """ print(self.request_data) name = self.request_data.get('group_name') if not all([self.user_id, name]): self.result = params_error() return # 获取用户,判断用户类型是否正确 if not self.user_obj or self.user_obj.type not in [0, 1]: self.result = unauth_error(message='用户无权限') return # 设置群组头像,随机从默认图片中选取一张做为头像 group_logo = self.request_data.get('group_logo') if not group_logo: group_logo = random.choice(DEFAULT_IMAGES) # 添加群组 group_info = self.request_data.get('info') # 获取群公告信息 group_obj = Group(name=name, logo=group_logo, group_info=group_info) db.session.add(group_obj) if not self.commit('群组已存在', '群组添加异常'): return print('group_obj...', group_obj.id) # 添加群组成员 group_to_user = GroupsToUser(group_id=group_obj.id, user_id=self.user_id, type=0) db.session.add(group_to_user) if not self.commit(content2='群组添加异常'): return self.result = success(message='群组添加成功')
def login_view(request): forms = LoginForm(request.POST) if forms.is_valid(): telephone = forms.cleaned_data.get('telephone') password = forms.cleaned_data.get('password') remember = forms.cleaned_data.get(('remember')) user = authenticate(request, username=telephone, password=password) if user: if user.is_active: login(request, user) if remember: request.session.set_expiry(None) else: request.session.set_expiry(0) print(JsonResponse({'code': 200, 'message': '', 'data': {}})) print(remember) return restful.ok() else: return restful.unauth_error(message='您的账号已被冻结') else: return restful.params_error(message='手机号码或者密码错误') else: errors = forms.get_errors() return restful.params_error(message=errors)
def put_(self): """ 修改群成员信息 """ group_id = self.request_data.get('group_id') to_user_id = self.request_data.get('to_user_id') remark_name = self.request_data.get('remark_name') group_type = self.request_data.get( 'group_type') # 成员类型,{0: 群主,1: 管理员, 2:成员} # 判断参数是否完整 if not all([group_id, self.user_id, to_user_id]) or (not remark_name or not group_type): self.result = params_error() return # 判断参数类型是否正确 if group_type and group_type not in [1, 2] or not isinstance( remark_name, str): self.result = params_error(message='参数格式不正确') return # 修改用户类型,两个用户不能一致 if group_type and self.user_id == to_user_id: self.result = unauth_error(message='权限错误') return # 检查用户和群组信息是否存在 user_obj = self.check_user() if not user_obj: return group_obj = self.check_group(group_id) if not group_obj: return # 判断目标用户是否存在 if self.user_id != to_user_id: to_user_obj = self.check_user(to_user_id) if not to_user_obj: return # 判断目标用户是否在群组中 to_group_user_obj = self.check_group_user(to_user_id, group_id) if not to_group_user_obj: return # 修改备注名称 if remark_name: # 判断用户是否有修改权限,如果用户ID不一致,则获取操作用户的权限 if self.user_id != to_user_id: group_user_obj = self.check_group_user(self.user_id, group_id) # 用户不为站长,并且用户不在群组中,或者用户不为群主和群管理员 if user_obj.type != 0 and (not group_user_obj or group_user_obj.type not in [0, 1]): self.result = unauth_error(message='用户无修改权限') return # 修改备注名 to_group_user_obj.remark = remark_name # 修改用户权限 else: group_user_obj = self.check_group_user(self.user_id, group_id) # 用户不为站长,并且用户不在群组中,或者用户不为群主,或者被修改用户为群主 if user_obj.type != 0 and (not group_user_obj or group_user_obj.type != 0 or to_group_user_obj.type == 0): self.result = unauth_error(message='用户无修改权限') return # 修改用户权限 to_group_user_obj.type = group_type if not self.commit(content2='群组成员信息修改异常'): return self.result = success(message='修改成功')
def login(): """ 用户登录 用户名、 密码 :return: """ #index_url = url_for('.index', _external=True) #if session.get('id'): # return redirect(index_url) #if request.method == 'GET': # return render_template('login.html') # 获取用户传输数据 request_data = request.json username = request_data.get('username') password = request_data.get('password') if not all([username, password]): #return render_template('login.html', message='缺少必要参数') return jsonify(params_error(message='缺少必要参数')) # 获取用户登录IP user_ip = request.remote_addr try: access_nums = redis_store.get('access_num_%s' % user_ip) except Exception as e: current_app.logger.error(e) else: if access_nums and int(access_nums) >= 5: #return render_template('login.html', message='错误次数过多,请稍后重试') return jsonify(unauth_error(message='错误次数过多,请稍后重试')) # 从数据库查询用户对象 try: user_obj = User.query.filter_by(username=username).first() except Exception as e: current_app.logger.error(e) #return render_template('login.html', message='获取用户信息失败') return jsonify(server_error(message='获取用户信息失败')) # 取出用户密码与数据库密码对比 if not user_obj or not user_obj.check_password(password): # 如果用户不存在或者用户密码不正确,返回错误消息,并记录错误次数 try: # redis的incr可以对字符串类型数据进行加1操作,如果数据开始不存在,则默认设置为1 redis_store.incr('access_num_%s' % user_ip) redis_store.expire('access_num_%s' % user_ip, 600) # 数据保存600秒 except Exception as e: current_app.logger.error(e) #return render_template('login.html', message='用户名或密码错误') return jsonify(unauth_error(message='用户名或密码错误')) # 登录成功 session['username'] = username session['nickname'] = user_obj.nickname session['id'] = user_obj.id # 更改用户在线状态 user_obj.state = 1 try: db.session.commit() except Exception as e: current_app.logger.error(e) #return render_template('login.html', message='登录异常') return jsonify(server_error('登录异常')) #return redirect(index_url) return jsonify(success(data=user_obj.to_dict(), message='用户登录成功'))