def adduser(self): #对应POST方法,添加用户 user_name=request.json.get('user_name') #redis判断用户是否存在 user=myredis.rs.hget("user_map",user_name) if user is not None: return jsonify(success=False,message='用户名/邮箱/手机号 已存在') #检查用户名的是否符合要求 reg_type=check_username(user_name) if reg_type is False: return jsonify(success=False,message='用户名不符合要求') user_pass=request.json.get('user_pass') user_pass=desEncrypt(bytes(user_pass)) #入库前加密密码 #_user_validate用户验证 默认0 未验证 1 已验证 学生角色的不需要验证 #_user_role 角色 1 学生 2 老师 3……待扩展 user_role=request.json.get('user_role','1') user_validate=1 if user_role=="1" else 0 user_email=user_name if reg_type==2 else "" user_phone=user_name if reg_type==3 else "" #注册成功的时候会直接生成一个token给新用户 access_token=generate_access_token() #使用ORM的情况 if is_use_orm: USER_MAP=self.dh.load("UserMapper","USER_MAP") USER_SYS=self.dh.load("UserMapper", "USER_SYS") #加载user_sys类 new_user=USER_SYS(user_name=user_name, user_email=user_email, user_phone=user_phone, user_pass=user_pass, user_role=user_role, user_validate=user_validate, user_access_token=access_token) self.dh.save(new_user) user_id=new_user.user_id if user_id: new_user_map=USER_MAP(user_name=user_name,user_id=user_id) self.dh.save(new_user_map) USER_LOG=self.dh.load("UserMapper", "USER_LOG") new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=1) self.dh.save(new_log) #使用存储过程 else: cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor) cursor.callproc('sp_user_reg',(user_name, user_email, user_phone, user_pass, user_role, request.remote_addr, access_token)) new_user=cursor.fetchone() cursor.close() self.dh.dbconn.commit() self.dh.dbconn.close() user_id=new_user['user_id'] #更新redis上的用户信息 myredis.rs.hset("user_map",user_name,user_id) myredis.rs.hmset("user:{user_id}".format(user_id=user_id),{"user_id":user_id, "user_name":str(user_name), "user_email":user_email, "user_phone":user_phone, "user_pass":user_pass, "user_role":user_role, "user_validate":user_validate, "user_last_login_ip":request.remote_addr, "user_last_login_time":time.time(), "user_error_times":0 }) myredis.rs.hset("userid_token",user_id,access_token) myredis.rs.hset("token_userid",access_token,user_id) return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message="注册成功")
def userlogin(self): user_name=request.json.get("user_name") user_pass=request.json.get("user_pass") user_pass=desEncrypt(bytes(user_pass)) success=False message='登录成功' access_token=generate_access_token() #先从redis获取用户信息判断用户是否存在 user_id=myredis.rs.hget("user_map",user_name) if user_id is not None: user=myredis.rs.hgetall("user:{user_id}".format(user_id=user_id)) user_error_times=int(user['user_error_times']) user_last_login_time=float(user['user_last_login_time']) if user_error_times==5 : if (time.time()-user_last_login_time)>=86400: user_error_times=0 else: return jsonify(success=False,message="您已经连续登录失败5次,请24小时之后再来") else: return jsonify(success=False,message='用户不存在') if is_use_orm: USER_SYS=self.dh.load("UserMapper", "USER_SYS") USER_LOG=self.dh.load("UserMapper", "USER_LOG") user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).first() if user_pass==user.user_pass: if user.user_validate is True: #登录成功,将登录失败次数归0,同时记录用户登录日志 success=True user_error_times=0 user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_access_token':access_token,'user_error_times':user_error_times}) self.dh.dbsession.commit() new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=1) self.dh.save(new_log) else: new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=0) self.dh.save(new_log) message="用户未验证" else: #登录失败,将登录失败次数加1,同时记录用户登录日志 user_error_times+=1 self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_error_times':user_error_times}) self.dh.dbsession.commit() new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=0) self.dh.save(new_log) message="密码错误" else: cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor) cursor.callproc('sp_user_login',(user_name,user_pass,request.remote_addr,access_token)) #登录成功返回一行用户信息,错误返回相关错误信息 user=cursor.fetchone() cursor.close() self.dh.dbconn.commit() self.dh.dbconn.close() message=user['message'] #登录成功 if user['result']=='success': user_error_times=0 success=True else: user_error_times+=1 #更新redis上的用户信息 myredis.rs.hmset('user:{user_id}'.format(user_id=user_id),{"user_last_login_ip":request.remote_addr, "user_last_login_time":time.time(), "user_error_times":user_error_times }) if success: #删除旧的token old_token=myredis.rs.hget("userid_token",user_id) if old_token: myredis.rs.hdel("token_userid",old_token) #更新token myredis.rs.hset("userid_token",user_id,access_token) myredis.rs.hset("token_userid",access_token,user_id) return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message=message) else: return jsonify(success=False,message=message)