async def authenticate(*, email, passwd): """登录操作""" # 验证参数 if not email: raise APIValueError('email', 'Invalid email.') if not passwd: raise APIValueError('passwd', 'Invalid password.') # 从数据库中查询用户信息 users = await User.findAll('email=?', [email]) if len(users) == 0: raise APIValueError('email', 'Email not exist.') user = users[0] # check passwd: sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) if user.passwd != sha1.hexdigest(): raise APIValueError('passwd', 'Invalid password.') # authenticate ok, set cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
async def api_update_blog(*, title, summary, content, blog_id, request): # 更新blog API check_user(request) if not title or not title.strip(): raise APIValueError("title", "title cannot be empty") if not summary or not summary.strip(): raise APIValueError("summary", "summary cannot be empty") if not content or not content.strip(): raise APIValueError("content", "content cannot be empty") blog = await Blog.find_by_pri_key(blog_id) blog.title = title blog.summary = summary blog.content = content await blog.update() return dict(msg='update blog success', blog=blog)
async def api_signin(*, email, password): # 登录API if not email: raise APIValueError('email') if not password: raise APIValueError('password') user = await User.find_all(where='email=?', args=[email]) if len(user) == 0: raise APIValueError('email', 'Email not exists.') user = user[0] sha1_password = hashlib.sha1('{}:{}'.format(user.id, password).encode('utf-8')).hexdigest() if user.password != sha1_password: raise APIValueError('password', 'Wrong password.') user.cookie = user2cookie(user, 86400) user.password = '******' return dict(msg='signin success', user=user)
async def api_create_blog(*, title, summary, content, request): # 创建blog API check_user(request) if not title or not title.strip(): raise APIValueError("title", "title cannot be empty") if not summary or not summary.strip(): raise APIValueError("summary", "summary cannot be empty") if not content or not content.strip(): raise APIValueError("content", "content cannot be empty") blog = Blog( user_id=request.user.id, user_name=request.user.name, user_avatar=request.user.avatar, title=title.strip(), summary=summary.strip(), content=content.strip()) await blog.save() return dict(msg='create blog success', blog=blog)
async def api_register_user(*, email, name, password): # 注册API if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') # if not password or not _RE_SHA1.match(password): if not password: raise APIValueError('password') users = await User.find_count(where='email=?', args=[email]) if users: raise APIError('register:failed', 'email', 'Email already exists.') user_id = next_id() # hexdigest()函数将hash对象转换成16进制表示的字符串 sha1_password = hashlib.sha1('{}:{}'.format(user_id, password).encode('utf-8')).hexdigest() avatar = "http://www.gravatar.com/avatar/{}?d=retro&s=120".format(hashlib.md5(email.encode('utf-8')).hexdigest()) user = User(id=user_id, name=name.strip(), email=email, password=sha1_password, avatar=avatar) await user.save() user.cookie = user2cookie(user, 86400) user.password = '******' return dict(msg='register success', user=user)
async def api_register_user(*, email, name, passwd): """用户注册操作""" # 验证数据 if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not passwd or not _RE_SHA1.match(passwd): raise APIValueError('passwd') # 是否已经注册过 users = await User.findAll('email=?', [email]) if len(users) > 0: raise APIError('register:failed', 'email', 'Email is already in use.') # 保存用户数据 uid = next_id() sha1_passwd = '%s:%s' % (uid, passwd) user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest()) await user.save() # make session cookie: response = web.Response() response.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' response.content_type = 'application/json' response.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return response
async def api_create_comment(*, content, blog_id, request): # 创建某blog评论 API check_user(request) if not content or not content.strip(): raise APIValueError("content", "content cannot be empty") blog = await Blog.find_by_pri_key(blog_id) if blog is None: raise APIResourceNotFoundError("Blog", "No such a blog.") comment = Comment( blog_id=blog.id, user_id=request.user.id, user_name=request.user.name, user_avatar=request.user.avatar, content=content.strip()) await comment.save() return dict(msg='create comment success', comment=comment)