def post(self): args = parser.parse(signup_args, request) if User.objects(username=args['email']): return api_abort(422, "Eamil已注册") elif User.objects(username=args['username']): return api_abort(422, "用户名已存在") try: u = User( email=args["email"].lower(), username=args["username"], # TODO: nginx avatar='http://192.168.1.106:8000/avatar/r{0}.png'.format( random.randint(1, 10))) u.set_password(args["password"]) u.save() if os.getenv('FLASK_ENV') == 'development': # 发送 email uid = User.objects(email=args['email']).first().id send_confirm_email(args['email'], args['username'], generate_token(uid)) return '', 201 except Exception as e: current_app.logger.error(e) return api_abort(500)
def delete(self, post_id): '''删除文章''' try: p = Post.objects(id=post_id) if p is None: return api_abort(404) p.delete() except Exception as e: current_app.logger.errors(e) return api_abort(404) return '', 204
def get(self): ''' variable r Success: {'access_token': '374171064616b9c53adb9149c356954ec3bf4199', 'token_type': 'bearer', 'scope': ''} Exception: {'error': 'bad_verification_code', 'error_description': 'The code passed is incorrect or expired.', 'error_uri': 'https://developer.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code'} ''' code = request.args.get('code', '') if code == '': return api_abort(403, 'Access denied, please try again.') try: request_assess_token_url = f'https://github.com/login/oauth/access_token?client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&code={code}' request_assess_token_headers = {'accept': 'application/json'} print(request_assess_token_url) r = requests.post(request_assess_token_url, headers=request_assess_token_headers).json() print(r) except Exception as e: current_app.logger.error(e) return api_abort(500, 'Requests Github Access Token Error') current_app.logger.info(f'request github access_token: {r}') if not r.get('access_token', None): return api_abort(401, 'The code passed is incorrect or expired.') request_user_info_url = 'https://api.github.com/user' request_user_info_headers = { 'accept': 'application/json', 'Authorization': 'token ' + r['access_token'] } try: user_info = requests.get(request_user_info_url, headers=request_user_info_headers).json() current_app.logger.info(f'requests github user_info: {user_info}') # return user_info except Exception as e: current_app.logger.error(e) return api_abort(400) username = user_info.get('login') # current_app.logger.info(u) u = User.objects(username=username).first() if u: return generate_token(u.id) else: user = User(username=username, email=user_info.get('email', ''), avatar=user_info.get('avatar_url', '')) user.save() uid = User.objects(username=username).first() current_app.logger.info(uid) return generate_token(uid)
def get(self, post_id): '''根据id返回文章内容''' try: post = Post.query_post_by_id(id=post_id) return post except Exception as e: current_app.logger.error(e) return api_abort(404)
def post(self): args = parser.parse(login_args, request) email = args['email'].lower() password = args['password'] try: u = User.objects(email=email).first() if not u: return api_abort(401, 'Email not exist') current_app.logger.info( f'args: {args}\nuid: {str(u.id)}\nusername: {u.username}') if not u.validate_password(password): return api_abort(401, 'Password Unauthorized') return generate_token(str(u.id)) except Exception as e: current_app.logger.error(e) return api_abort(500)
def get(self, token): if not validate_token(token): return api_abort(401) u = User.objects(id=g.uid).first() u.add_permission( [Permission.COMMENT, Permission.ASK, Permission.DELETE]) u.save() return {'confirm_email': True}
def get(self): nickname = request.args.get('nickname') if nickname is None: return api_abort(400, "param nickname missing") user = User.query.filter_by(nickname=nickname).first() if user is None: exit_status = 0 else: exit_status = 1 return {"status": int(exit_status)}
def get(self): tel = request.args.get('tel') if tel is None: return api_abort(400, "param tel missing") user = User.query.filter_by(telephone=tel).first() if user is None: exit_status = 0 else: exit_status = 1 return {"status": int(exit_status)}
def wrapper(*args, **kwargs): token_type, token = get_token() if request.method != "OPTIONS": if token is None: return api_abort(400, 'token missing') if token_type is None or token_type.lower() != "bearer": return api_abort(400, "The token type must be bearer.") result = validate_token(token) if not result: return api_abort(401, "admin 错误") # g.uid = result.get('msg') u = User.objects(id=g.uid).first().has_permission(perm) if not u: return api_abort(401, '莫得权限') return f(*args, **kwargs)
def decorator(*args, **kws): r = redis.Redis(connection_pool=pool) token = request.headers.get('Authorization', None) if token is None: return api_abort(403, 'token missing') try: access_token = token.split(';')[0] refresh_token = token.split(';')[1] except IndexError: access_token = token.split(';')[0] refresh_token = "" if r.sismember(key_access_token, access_token): user = load_user(access_token) if user is None: return api_abort(403, 'bad token') g.current_user = user return f(*args, **kws) if r.sismember(key_refresh_token, refresh_token): user = load_user(refresh_token) if user is None: return api_abort(403, 'bad token') r.srem(key_refresh_token, refresh_token) access_token = generate_token(user, 'access', access_token_expires) refresh_token = generate_token(user, 'refresh', refresh_token_expires) token_info = { "access_token": access_token, "refresh_token": refresh_token, "expires_access": access_token_expires, "expires_refresh": refresh_token_expires } g.current_user = user resp = f(*args, **kws) resp['token'] = token_info return resp return api_abort(403, 'bad token')
def post(self): '''提交评论 Args: content: post_id: 5db17a4f14fc6a9a236c8d63 reply_id: 5db17a4f14fc6a9a236c8d63 or None ''' args = parser.parse(comment_args, request) author = User.objects(id=g.uid).first() post = Post.objects(id=args['post_id']).first() if not post: return api_abort(404) try: c = Comment(author=author, content=args['content'], reply=args.get('reply_id', '') or args['post_id']) post.comments.append(c) post.save() return '', 201 except Exception as e: current_app.logger.error(e) return api_abort(500)
def put(self, post_id): '''更新文章 TODO:''' data = request.get_json() print(data) try: # data = parser.parse(post_args, request) p = Post(id=post_id) Post.objects(id=post_id).update_one(set__title=data['title']) p.reload() return '' except Exception as e: current_app.logger.error(e) return api_abort(500)
def generate_token(user_id, t="login"): user_id = str(user_id) expires_in = 3600 * 24 * 30 if t == 'confirm': expires_in = 3600 * 3 elif t == 'reset': expires_in = 3600 try: data = {"user_id": user_id} s = Serializer(SECRET_KEY, expires_in=expires_in) token = s.dumps(data).decode('ascii') current_app.logger.info(f'user_id: {user_id}\n token:{token}') return token except Exception as e: current_app.logger.error(e) return api_abort(500)
def post(self): '''新建文章''' data = parser.parse(post_args, request) try: p = Post( title=data['title'], content=data['content'], category=data['category'], tags=data['tags'], ) p.save() except Exception as e: current_app.logger.error(e) return api_abort(500) return '', 201
def get(self): token = request.headers.get('Authorization', None) if token is None: return api_abort(403, 'token missing') try: access_token = token.split(';')[0] refresh_token = token.split(';')[1] except IndexError: access_token = token.split(';')[0] refresh_token = "" if r.sismember("token:access", access_token): return make_resp("", message="OK") else: return make_resp("", message="Bad Token")
def decorator(*args, **kws): resource_name_module_map = { "user": User, "course": Course, "task": Task, "discussion": Discussion, "chapter": Chapter, "problem": Problem, "task_answer": TaskAnswer, "comment": Comment, "notice": Notice, "media": Media } module = resource_name_module_map[resource_name] resource_id = find_resource_id(module.id_name) if resource_id is None: return api_abort(400, "{} id is required".format(resource_name)) resource = module.query.get(resource_id) if resource is None: return api_abort(404, "resource {} not found".format(resource_name)) setattr(g, "current_" + resource_name, resource) return f(*args, **kws)
def delete(self, comment_id): '''删除评论''' # step1. 根据 cid 查询评论作者的 id # step2. 判断 g.uid 是否等于作者 id # step2.1. 等于则执行删除操作 # step2.2. 否则返回 422 # author = User.objects(id=g.uid).first() args = parser.parse(delete_comment_args, request) post_id = args['post_id'] try: comment_author_id = Post.objects.get(id=post_id).comments.filter( cid=comment_id).first().author.id except Exception as e: current_app.logger.error(e) return api_abort(404) current_app.logger.info(f'{comment_author_id}, {g.uid}') if str(comment_author_id) == g.uid: Post.objects(id=post_id).update_one(pull__comments__cid=comment_id) return '', 204 else: return api_abort(403)
def get(self): '''返回文章集合''' # print(post.find_all()) try: data = json.loads(Post.objects.all().only('id', 'title', 'category', 'tags').to_json()) if not data: raise Exception('post not found') for i in data: i['id'] = i['_id']['$oid'] del i['_id'] current_app.logger.info(data) return {"posts": data} except Exception as e: current_app.logger.error(e) return api_abort(404)
def get(self, user_id): token_type, token = get_token() u = User.objects(id=user_id).first() if not u: return api_abort(404) user_info = { 'id': str(u.id), 'username': u.username, 'avatar': u.avatar, 'followed': u.followed, 'follower': u.follower, 'question': u.question, } if token != None and validate_token(token) and g.uid == user_id: user_info['emali'] = u.email return user_info else: return user_info
def post(self): reqparser = [pwd_login_reqparser, tel_login_reqparser] auth_user_funcs = [auth_user_by_pwd, auth_user_by_phone] data = login_reqparser.parse_args() method = data['method'] data = reqparser[int(method)].parse_args() user, message = auth_user_funcs[int(method)](data) g.current_user = user if message is not 'succeed' or user is None: return api_abort(401, message) access_token = generate_token(user, 'access', 3600 * 24 * 7) refresh_token = generate_token(user, 'refresh', 3600 * 24 * 30) return make_resp({ 'user_info': user.to_json(detail=True), 'access_token': access_token, 'refresh_token': refresh_token, 'access_expires': 3600 * 24 * 7, 'refresh_expires': 3600 * 24 * 30 })
def decorator(*args, **kws): user = g.current_user course = g.current_course if user not in course.students and not user.is_teacher(course): return api_abort(403, "not the student ot teacher") return f(*args, **kws)