def _set_auth_info(user: User, res: Response = None, save_user=True): """ 为某用户设置session中的授权信息 并自动修改中的上次登录的信息 :param user: 用户模型 :param save_user: 是否自动执行user.save() :param res: 如果需要自动更新cookie,请传入返回的response """ now = int(time.time()) session['yobot_user'] = user.qqid session['csrf_token'] = rand_string(16) session['last_login_time'] = user.last_login_time session['last_login_ipaddr'] = user.last_login_ipaddr user.last_login_time = now user.last_login_ipaddr = request.headers.get('X-Real-IP', request.remote_addr) if res: new_key = rand_string(32) userlogin = User_login.create( qqid=user.qqid, auth_cookie=_add_salt_and_hash(new_key, user.salt), auth_cookie_expire_time=now + EXPIRED_TIME, ) new_cookie = f'{user.qqid}:{new_key}' res.set_cookie(LOGIN_AUTH_COOKIE_NAME, new_cookie, max_age=EXPIRED_TIME) if save_user: user.save()
async def logout(): jti = jwt.get_raw_jwt().get("jti") async with app.db_pool.acquire() as con: await con.execute( """ INSERT INTO old_tokens ( token ) VALUES ($1); """, jti) app.blacklisted_tokens.add(jti) headers = {"Content-Type": "application/json"} response = Response(json.dumps({ "status": 200, "result": True }), headers=headers) response.set_cookie("access_token_cookie", "", expires=0) response.set_cookie("jwt_csrf_token", "", expires=0) return response
def set_auth_info(user: dict, res: Response = None, save_user=True): now = ue.now() session['yobot_user'] = user['uid'] session['csrf_token'] = rand_string(16) session['last_login_time'] = user['last_login_time'] session['last_login_ipaddr'] = user['last_login_ipaddr'] user['last_login_time'] = now user['last_login_ipaddr'] = request.headers.get('X-Real-IP', request.remote_addr) if res: new_key = rand_string(32) ue.get_wm().add_login(uid=user['uid'], auth_cookie=add_salt_and_hash( new_key, user['salt']), auth_cookie_expire_time=now + EXPIRED_TIME) new_cookie = f"{user['uid']}:{new_key}" res.set_cookie(LOGIN_AUTH_COOKIE_NAME, new_cookie, max_age=EXPIRED_TIME) if save_user: ue.get_wm().mod_user(user)
async def set_cookie(): r = Response("") r.set_cookie(key="my-cookie", value="1234") r.set_cookie(key="my-cookie-2", value="5678") return r
async def set_cookie(request): r = Response("") r.set_cookie("my-cookie", "1234") r.set_cookie("my-cookie-2", "5678") return r
async def login(): try: data = await request.get_json() except Exception: return {"status": 400, "error": "Invalid POST data."}, 400 email = data.get("email") password = data.get("password") if not email: return {"status": 400, "error": "Missing email parameter."}, 400 if not password: return {"status": 400, "error": "Missing password parameter."}, 400 async with app.db_pool.acquire() as con: user = await con.fetchrow( """ SELECT name, password_hash FROM users WHERE LOWER($1) = LOWER(email); """, email) if user["password_hash"] is None: return {"status": 401, "error": "Invalid credentials."}, 401 try: hasher.verify(user["password_hash"], password) except VerifyMismatchError: return {"status": 401, "error": "Invalid credentials."}, 401 if hasher.check_needs_rehash(user["password_hash"]): async with app.db_pool.acquire() as con: await con.execute( """ UPDATE users SET password_hash=$1 WHERE LOWER($2) = LOWER(email); """, hasher.hash(password), email) additional = {"name": user["name"]} access_token = jwt.create_access_token(identity=email.lower(), user_claims=additional) headers = {"Content-Type": "application/json"} async with app.db_pool.acquire() as con: user = await con.fetchrow( """ SELECT id, name, email FROM users WHERE LOWER($1) = LOWER(email); """, email) response = Response(json.dumps({ "status": 200, "result": dict(user) }), headers=headers) response.set_cookie("access_token_cookie", access_token) response.set_cookie("jwt_csrf_token", jwt.get_csrf_token(access_token)) return response
async def register(): existing_jwt = jwt.get_jwt_identity() if existing_jwt: return { "status": 401, "error": "You cannot register for a new account if you are logged in." }, 401 try: data = await request.get_json() except Exception: return {"status": 400, "error": "Invalid POST data."}, 400 email = data.get("email") password = data.get("password") name = data.get("name") if not email: return {"status": 400, "error": "Missing email parameter."}, 400 elif not password: return {"status": 400, "error": "Missing password parameter."}, 400 elif not name: return {"status": 400, "error": "Missing name parameter."}, 400 hash_ = hasher.hash(password) async with app.db_pool.acquire() as con: existing = await con.fetchval( """ SELECT email FROM users WHERE LOWER($1) = LOWER(email); """, email) if existing: return { "status": 400, "error": "User with specified email already exists." }, 400 new_user = await con.fetchrow( """ INSERT INTO users ( email, password_hash, name ) VALUES ($1, $2, $3) RETURNING id::TEXT, email, name; """, email, hash_, name) additional = {"name": name} access_token = jwt.create_access_token(identity=email.lower(), user_claims=additional) headers = {"Content-Type": "application/json"} response = Response(json.dumps({ "status": 200, "result": dict(new_user) }), headers=headers) response.set_cookie("access_token_cookie", access_token) response.set_cookie("jwt_csrf_token", jwt.get_csrf_token(access_token)) return response
async def link(id): resp = Response("All good. You can exit this page now.") resp.set_cookie("id", str(id), max_age=2**31-1) return resp