def signin(*, page='1'):
if request.method == 'POST':
user_info = request.json
email = user_info['email']
passwd = user_info['passwd']
if not email:
raise APIValueError('email', 'Invalid email.')
if not passwd:
raise APIValueError('passwd', 'Invalid password.')
with db_session:
users = select(u for u in User if u.email == email)[:]
if len(users) == 0:
raise APIValueError('email', 'Email not exist.')
user = users[0]
#session['username'] = user.name
# check passwd:
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password.')
# authenticate ok, set cookie:
response = make_response(json.dumps({'id': user.id, 'email': user.email, 'passwd': '******',
'admin': user.admin, 'name': user.name,'image': user.image,
'create_at': user.created_at}))
response.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
#response.headers['Content-Type'] = 'application/json'
return response
return render_template('signin.html')
def api_register_user():
data = request.get_json()
email = data.get('email')
name = data.get('name')
passwd = data.get('passwd')
if not name or not name.strip():
e = {'error': 'value:invalid', 'data': 'name', 'message': ''}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
if not email or not _RE_EMAIL.match(email):
e = {'error': 'value:invalid', 'data': 'email', 'message': ''}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
if not passwd or not _RE_SHA1.match(passwd):
e = {'error': 'value:invalid', 'data': 'passwd', 'message': ''}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
users = User.findAll('email=?', [email])
if len(users) > 0:
e = {'error': 'value:invalid', 'data': 'email', 'message': 'Email is already in use'}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
uid = next_id()
sha1_passwd = '%s:%s' % (uid, passwd)
user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(),
image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest())
user.save()
r = make_response(json.dumps(user, ensure_ascii=False).encode('utf-8'))
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
r.content_type = 'application/json'
return r
def api_login(*, user, password):
'''
Do login. Request url: [POST /api/login]
Post data:
user: user name
password: password
'''
users = yield from User.findall(where="name='%s'" % user)
if not users or len(users) == 0:
return dict(retcode=101, message='user %s not eixsts' % user)
user = users[0]
if user.password != hashlib.sha1(password.encode('utf-8')).hexdigest():
return dict(retcode=102, message='incorrect password')
# set cookie
r = web.Response()
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
r.content_type = 'application/json;charset=utf-8'
r.headers['Content-type'] = 'application/json;charset=utf-8'
r.headers['Access-Control-Allow-Origin'] = '*'
r.headers['Access-Control-Allow-Credentials'] = 'true'
d = dict(retcode=0, user=user)
r.body = json.dumps(d, ensure_ascii=True).encode('utf-8')
yield from log_event(logging.INFO, event_user, event_action_login,
'User %s login' % user.name)
return r
async def response(request):
logging.info('Response handler...')
# 结果
r = await handler(request)
if isinstance(r, web.StreamResponse):
return r
if isinstance(r, bytes):
resp = web.Response(body=r)
resp.content_type = 'application/octet-stream'
return resp
if isinstance(r, str):
if r.startswith('redirect:'):
return web.HTTPFound(r[9:])
resp = web.Response(body=r.encode('utf-8'))
resp.content_type = 'text/html;charset=utf-8'
return resp
if isinstance(r, dict):
template = r.get('__template__')
if template is None:
resp = web.Response(body=json.dumps(
r, ensure_ascii=False,
default=lambda o: o.__dict__).encode('utf-8'))
resp.content_type = 'application/json;charset=utf-8'
return resp
elif r.get('__user__'):
resp = web.Response(
body=app['__templating__'].get_template(template).render(
**r).encode('utf-8'))
resp.content_type = 'text/html;charset=utf-8'
resp.set_cookie(COOKIE_NAME,
user2cookie(r.get('__user__'), 86400),
max_age=86400,
httponly=True)
return resp
else:
r['__user__'] = request.__user__
resp = web.Response(
body=app['__templating__'].get_template(template).render(
**r).encode('utf-8'))
resp.content_type = 'text/html;charset=utf-8'
return resp
if isinstance(r, int) and r >= 100 and r < 600:
return web.Response(r)
if isinstance(r, tuple) and len(r) == 2:
t, m = r
if isinstance(t, int) and t >= 100 and t < 600:
return web.Response(t, str(m))
# default:
resp = web.Response(body=str(r).encode('utf-8'))
resp.content_type = 'text/plain;charset=utf-8'
return resp
def register():
if request.method == 'POST':
user_info = request.json
name = user_info['name']
email = user_info['email']
passwd = user_info['passwd']
if not name or not name.strip():
raise APIValueError('name')
if not email or not _RE_EMAIL.match(email):
raise APIValueError('email')
if not passwd or not _RE_SHA1.match(passwd):
raise APIValueError('passwd')
with db_session:
users = select(u for u in User if User.email == email)[:]
if len(users) > 0:
raise APIError('register:failed', 'email', 'Email is already in use.')
uid = next_id()
#密码加密
sha1_passwd = '%s:%s' % (uid, passwd)
with db_session:
User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(),
image='http://www.gravatar.com/avatar/%s?d=mm&s=120'
% hashlib.md5(email.encode('utf-8')).hexdigest(), admin=False)
commit()
with db_session:
user = User.get(id=uid)
#with db_session:
# make session cookie:
#r = Response(json.dumps({'a': 1, 'b': 1}), content_type='application/json')
#r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
response = make_response(json.dumps({'id': user.id, 'email': user.email, 'passwd': '******',
'admin': user.admin, 'name': user.name,'image': user.image,
'create_at': user.created_at}))
#设置Cookie,过期时间一天
response.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
response.headers['Content-Type'] = 'application/json'
return response
return render_template('register.html')
def authenticate():
data = request.get_json()
email = data.get('email')
passwd = data.get('passwd')
if not email:
e = {'error': 'value:invalid', 'data': 'email', 'message': 'Invalid email'}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
if not passwd:
e = {'error': 'value:invalid', 'data': 'passwd', 'message': 'Invalid password'}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
users = User.findAll('email=?', [email])
if len(users) == 0:
e = {'error': 'value:invalid', 'data': 'email', 'message': 'Email not exist'}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
user = users[0]
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
e = {'error': 'value:invalid', 'data': 'passwd', 'message': 'Invalid password'}
r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
return r
user2 = user.copy()
user2['passwd'] = '******'
r = make_response(json.dumps(user2, ensure_ascii=False).encode('utf-8'))
r.headers['Content-Type'] = 'application/json'
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
return r